77c43f7e_rd1.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | May 29, 2023, 1:42 p.m. | May 29, 2023, 1:44 p.m. |
-
77c43f7e_rd1.exe "C:\Users\test22\AppData\Local\Temp\77c43f7e_rd1.exe"
2548
| IP Address | Status | Action |
|---|---|---|
| 121.254.136.27 | Active | Moloch |
| 142.250.204.106 | Active | Moloch |
| 142.250.206.195 | Active | Moloch |
| 142.250.66.68 | Active | Moloch |
| 142.250.66.99 | Active | Moloch |
| 142.251.130.10 | Active | Moloch |
| 142.251.220.35 | Active | Moloch |
| 142.251.220.36 | Active | Moloch |
| 142.251.222.195 | Active | Moloch |
| 151.101.1.91 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 172.217.24.78 | Active | Moloch |
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.101:49167 142.251.220.36:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 48:e3:15:66:fc:ea:15:bf:d2:34:c1:dd:60:d4:23:a3:63:57:89:8d |
|
TLS 1.2 192.168.56.101:49164 151.101.1.91:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=curl.se | c4:67:83:02:bd:d2:15:48:6a:86:15:b8:4a:9e:48:fa:81:8c:00:02 |
|
TLS 1.2 192.168.56.101:49174 172.217.24.78:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.apis.google.com | 4f:ff:c8:c8:21:72:d7:61:54:72:75:ea:84:95:ad:f2:71:2f:c6:33 |
|
TLS 1.2 192.168.56.101:49168 142.251.130.10:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=upload.video.google.com | 5f:ac:74:e6:97:66:cd:d0:f1:ea:0d:01:37:89:65:2e:98:22:84:6c |
|
TLS 1.2 192.168.56.101:49169 142.251.220.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
|
TLS 1.2 192.168.56.101:49163 142.251.222.195:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=upload.video.google.com | 5f:ac:74:e6:97:66:cd:d0:f1:ea:0d:01:37:89:65:2e:98:22:84:6c |
|
TLS 1.2 192.168.56.101:49162 142.250.204.106:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=upload.video.google.com | 5f:ac:74:e6:97:66:cd:d0:f1:ea:0d:01:37:89:65:2e:98:22:84:6c |
|
TLS 1.2 192.168.56.101:49171 142.251.220.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
|
TLS 1.2 192.168.56.101:49170 142.251.220.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
|
TLS 1.2 192.168.56.101:49178 142.250.66.99:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
|
TLS 1.2 192.168.56.101:49173 142.250.206.195:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
|
TLS 1.2 192.168.56.101:49175 142.251.220.36:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 48:e3:15:66:fc:ea:15:bf:d2:34:c1:dd:60:d4:23:a3:63:57:89:8d |
|
UNDETERMINED 192.168.56.101:49165 142.250.66.68:443 |
None | None | None |
| request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
| section | {u'size_of_data': u'0x0001ee00', u'virtual_address': u'0x00009000', u'entropy': 7.998646535071096, u'name': u'.rdata', u'virtual_size': u'0x0001ec20'} | entropy | 7.99864653507 | description | A section with a high entropy has been found | |||||||||
| section | {u'size_of_data': u'0x00064a00', u'virtual_address': u'0x00028000', u'entropy': 7.999589144053842, u'name': u'.data', u'virtual_size': u'0x00064808'} | entropy | 7.99958914405 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.940966010733 | description | Overall entropy of this PE file is high | |||||||||||
| Bkav | W32.AIDetectMalware |
| Cynet | Malicious (score: 100) |
| McAfee | Artemis!EA9775ECA677 |
| Cylance | unsafe |
| Sangfor | Trojan.Win32.Agent.V1b7 |
| Alibaba | Trojan:Win32/Generic.9865167e |
| Cybereason | malicious.ca677e |
| Symantec | ML.Attribute.HighConfidence |
| Elastic | malicious (high confidence) |
| ESET-NOD32 | a variant of Win32/Agent.AEZA |
| APEX | Malicious |
| Kaspersky | UDS:DangerousObject.Multi.Generic |
| BitDefender | Gen:Heur.Mint.Zard.25 |
| NANO-Antivirus | Virus.Win32.Gen.ccmw |
| MicroWorld-eScan | Gen:Heur.Mint.Zard.25 |
| Avast | Win32:Malware-gen |
| Rising | Trojan.Generic@AI.100 (RDML:raC6JRBQRtuW9mfbEJObGg) |
| Emsisoft | Gen:Heur.Mint.Zard.25 (B) |
| F-Secure | Heuristic.HEUR/AGEN.1352833 |
| VIPRE | Gen:Heur.Mint.Zard.25 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.hc |
| Trapmine | malicious.high.ml.score |
| FireEye | Generic.mg.ea9775eca677ed8d |
| Sophos | Mal/Generic-S |
| GData | Gen:Heur.Mint.Zard.25 |
| Avira | HEUR/AGEN.1352833 |
| Antiy-AVL | Trojan[Banker]/Win32.Emotet |
| Arcabit | Trojan.Mint.Zard.25 |
| ZoneAlarm | UDS:DangerousObject.Multi.Generic |
| Microsoft | Trojan:Win32/Casdet!rfn |
| Acronis | suspicious |
| BitDefenderTheta | Gen:NN.ZexaF.36196.JqW@ay@Ksdg |
| ALYac | Gen:Heur.Mint.Zard.25 |
| MAX | malware (ai score=86) |
| Malwarebytes | Malware.AI.4236652816 |
| TrendMicro-HouseCall | TROJ_GEN.R014C0PES23 |
| Tencent | Win32.Trojan.Agen.Jflw |
| SentinelOne | Static AI - Suspicious PE |
| MaxSecure | Trojan.Malware.300983.susgen |
| AVG | Win32:Malware-gen |
| DeepInstinct | MALICIOUS |
| CrowdStrike | win/malicious_confidence_100% (W) |