Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 25, 2021, 2:34 p.m. | June 25, 2021, 2:39 p.m. |
-
-
-
PING.EXE ping -n 2 127.1
2256
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
s5_rep.listw.top | 8.135.96.89 | |
s5_down.listw.top | 120.79.176.83 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:62329 -> 114.114.114.114:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
packer | Armadillo v1.71 |
resource name | FILE |
name | FILE | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0004da50 | size | 0x00048380 | ||||||||||||||||||
name | FILE | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0004da50 | size | 0x00048380 | ||||||||||||||||||
name | RT_DIALOG | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000052c0 | size | 0x000000e8 | ||||||||||||||||||
name | RT_DIALOG | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000052c0 | size | 0x000000e8 | ||||||||||||||||||
name | RT_STRING | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000961f0 | size | 0x0000003c | ||||||||||||||||||
name | RT_VERSION | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000053a8 | size | 0x00000324 | ||||||||||||||||||
name | RT_MANIFEST | language | LANG_CHINESE | filetype | XML 1.0 document, ASCII text, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00095dd0 | size | 0x0000041c |
file | C:\Users\test22\AppData\Local\Temp\n3OVbL.bat |
file | C:\Users\test22\AppData\Local\Temp\ssetup.exe |
section | {u'size_of_data': u'0x00092000', u'virtual_address': u'0x00005000', u'entropy': 7.9794487394775695, u'name': u'.rsrc', u'virtual_size': u'0x00091230'} | entropy | 7.97944873948 | description | A section with a high entropy has been found | |||||||||
entropy | 0.973333333333 | description | Overall entropy of this PE file is high |
cmdline | ping -n 2 127.1 |
service_name | mspci | service_path | C:\Windows\System32\drivers\mspci.sys |
file | C:\Users\test22\AppData\Local\Temp\n3OVbL.bat |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D8C7019BD363CEA27D25594A5517BD6A5225E04B\Blob |
file | 276cfadc80c356ef_n3OVbL.bat |
Bkav | W32.AIDetect.malware2 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.GenericKD.46530551 |
FireEye | Generic.mg.5e8f78570b9610d1 |
McAfee | RDN/Generic.grp |
Cylance | Unsafe |
Zillya | Trojan.AgentCRTD.Win32.9239 |
Sangfor | Trojan.Win32.Save.a |
Alibaba | Trojan:Win32/Witch.3a75efb7 |
Symantec | Trojan.Gen.MBT |
TrendMicro-HouseCall | TROJ_GEN.R002H0CFO21 |
Avast | Win32:Malware-gen |
Kaspersky | HEUR:Trojan.Win32.Witch.gen |
BitDefender | Trojan.GenericKD.46530551 |
Paloalto | generic.ml |
AegisLab | Trojan.Win32.Witch.4!c |
Rising | Trojan.DDLives!1.D77E (CLASSIC) |
Ad-Aware | Trojan.GenericKD.46530551 |
Emsisoft | Trojan.GenericKD.46530551 (B) |
Comodo | TrojWare.Win32.Agent.xmmpz@0 |
McAfee-GW-Edition | Artemis!Trojan |
APEX | Malicious |
eGambit | Unsafe.AI_Score_99% |
Avira | TR/Dropper.Gen |
MAX | malware (ai score=81) |
Kingsoft | Win32.Troj.Undef.(kcloud) |
Microsoft | HackTool:Win32/AutoKMS!ml |
GData | Trojan.GenericKD.46530551 |
Cynet | Malicious (score: 99) |
AhnLab-V3 | Trojan/Win.Generic.R426870 |
VBA32 | BScope.Trojan.Pasta |
Ikarus | Trojan.Dropper |
Fortinet | W32/Witch!tr |
AVG | Win32:Malware-gen |
Panda | Trj/CI.A |