Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | July 8, 2021, 9:17 a.m. | July 8, 2021, 9:32 a.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DfcidmAgqxxIybvoovbd
912-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DfcidmAgqxxIybvoovbd
2016
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DllGetClassObject
3028-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DllGetClassObject
2820
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DllRegisterServer
2396-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DllRegisterServer
2780
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,FbyouxodmaAmblxtzonyr
256-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,FbyouxodmaAmblxtzonyr
1812
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,GhjrgreaggXyoydphfea
1496-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,GhjrgreaggXyoydphfea
1212
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,NrmqrpckejMlzraxTtfncwsvfmhs
2740-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,NrmqrpckejMlzraxTtfncwsvfmhs
2732
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,PluginInit
2468-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,PluginInit
3068
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,
2136
Name | Response | Post-Analysis Lookup |
---|---|---|
revedanstvy.bid | 104.21.1.144 | |
aws.amazon.com | 54.230.166.70 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://revedanstvy.bid/ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://aws.amazon.com/ |
request | GET http://revedanstvy.bid/ |
request | GET https://aws.amazon.com/ |
description | rundll32.exe tried to sleep 536 seconds, actually delayed analysis time by 536 seconds |
host | 104.21.19.200 |
DrWeb | Trojan.PWS.Stealer.30701 |
CrowdStrike | win/malicious_confidence_60% (W) |
ESET-NOD32 | a variant of Win64/Agent.AQO |
Avast | Win64:DangerousSig [Trj] |
Emsisoft | MalCert-S.KV (A) |
Sophos | Troj/IcedID-Z |
Avira | HEUR/AGEN.1143234 |
Microsoft | TrojanSpy:Win32/Stelega.STA |
Cynet | Malicious (score: 99) |
AVG | Win64:DangerousSig [Trj] |