Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | July 9, 2021, 9:33 a.m. | July 9, 2021, 9:36 a.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DllGetClassObject
2516-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DllGetClassObject
2908
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DllRegisterServer
2608-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DllRegisterServer
2112
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,FbyouxodmaAmblxtzonyr
2700-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,FbyouxodmaAmblxtzonyr
2396
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DfcidmAgqxxIybvoovbd
2412-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,DfcidmAgqxxIybvoovbd
3032
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,GhjrgreaggXyoydphfea
2792-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,GhjrgreaggXyoydphfea
2268
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,NrmqrpckejMlzraxTtfncwsvfmhs
2884-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,NrmqrpckejMlzraxTtfncwsvfmhs
2632
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,PluginInit
3020-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,PluginInit
2696
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\crv.dll,
2272
Name | Response | Post-Analysis Lookup |
---|---|---|
revedanstvy.bid | 54.197.173.238 | |
aws.amazon.com | 13.225.123.73 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://revedanstvy.bid/ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://aws.amazon.com/ |
request | GET http://revedanstvy.bid/ |
request | GET https://aws.amazon.com/ |
description | rundll32.exe tried to sleep 533 seconds, actually delayed analysis time by 533 seconds |
ALYac | Trojan.IcedID.gen |
Cylance | Unsafe |
CrowdStrike | win/malicious_confidence_60% (W) |
Alibaba | TrojanSpy:Win32/Stelega.487dce7a |
K7GW | Trojan ( 0057f1221 ) |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | a variant of Win64/Agent.AQO |
Cynet | Malicious (score: 99) |
Kaspersky | UDS:Trojan.Win64.Agent.a |
Avast | Win64:DangerousSig [Trj] |
Sophos | Mal/Generic-R + Troj/IcedID-Z |
F-Secure | Heuristic.HEUR/AGEN.1143234 |
DrWeb | Trojan.PWS.Stealer.30701 |
TrendMicro | TROJ_FRS.0NA104G721 |
McAfee-GW-Edition | Artemis!Trojan |
Emsisoft | MalCert-S.KV (A) |
GData | Win32.Trojan-Downloader.IcedID.GUABX6 |
Avira | HEUR/AGEN.1143234 |
Kingsoft | Win32.Troj.Undef.(kcloud) |
ViRobot | Trojan.Win64.S.Agent.63880 |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
Microsoft | TrojanSpy:Win32/Stelega.STA |
McAfee | Artemis!3DDEEA156606 |
MAX | malware (ai score=82) |
Malwarebytes | Spyware.PasswordStealer |
TrendMicro-HouseCall | TROJ_FRS.0NA104G721 |
Ikarus | Trojan.Win64.Agent |
Fortinet | W32/Agent.AQO!tr |
AVG | Win64:DangerousSig [Trj] |
Qihoo-360 | Win64/Trojan.Generic.HggASX8A |