205.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6403_us | Nov. 7, 2021, 5:17 p.m. | Nov. 7, 2021, 5:19 p.m. |
-
205.exe "C:\Users\test22\AppData\Local\Temp\205.exe"
2348
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| No hosts contacted. | ||
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| pdb_path | wextract.pdb |
| resource name | AVI |
| section | {u'size_of_data': u'0x00146e00', u'virtual_address': u'0x0000d000', u'entropy': 7.97231578033446, u'name': u'.rsrc', u'virtual_size': u'0x00146ddc'} | entropy | 7.97231578033 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.970675575353 | description | Overall entropy of this PE file is high | |||||||||||
| cmdline | at.exe |
| reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 | reg_value | rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\" | ||||||
| McAfee | Artemis!64F0B1471C1D |
| Cylance | Unsafe |
| Symantec | ML.Attribute.HighConfidence |
| APEX | Malicious |
| Paloalto | generic.ml |
| Kaspersky | UDS:DangerousObject.Multi.Generic |
| DrWeb | Trojan.Siggen15.36155 |
| McAfee-GW-Edition | BehavesLike.Win32.Dropper.tc |
| Sophos | Mal/Generic-S |
| Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
| Cynet | Malicious (score: 100) |
| SentinelOne | Static AI - Suspicious PE |
| eGambit | Unsafe.AI_Score_99% |
| Fortinet | JS/Agent.PGK!tr |
| Cybereason | malicious.048ff2 |
| MaxSecure | Trojan.Malware.300983.susgen |