Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 6, 2023, 7:39 a.m. | Sept. 6, 2023, 7:41 a.m. |
-
SndVol.exe C:\Windows\System32\SndVol.exe
2412
Name | Response | Post-Analysis Lookup |
---|---|---|
wsvdyhrgebwhevawe.ydns.eu | 81.161.229.9 | |
tornado.ydns.eu | 193.42.32.61 | |
orifak.ydns.eu | 193.42.32.61 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49166 -> 193.42.32.61:1972 | 2036594 | ET JA3 Hash - Remcos 3.x TLS Connection | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49165 -> 193.42.32.61:1972 | 2036594 | ET JA3 Hash - Remcos 3.x TLS Connection | Malware Command and Control Activity Detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.3 192.168.56.103:49166 193.42.32.61:1972 |
None | None | None |
TLS 1.3 192.168.56.103:49165 193.42.32.61:1972 |
None | None | None |
section | .itext |
packer | BobSoft Mini Delphi -> BoB / BobSoft |
request | GET http://wsvdyhrgebwhevawe.ydns.eu/goofeeewsvd/Fnvtdhenaps |
description | SndVol.exe tried to sleep 289 seconds, actually delayed analysis time by 289 seconds |
Bkav | W32.AIDetectMalware |
FireEye | Generic.mg.cffe529403460c6a |
McAfee | Artemis!CFFE52940346 |
Cybereason | malicious.f87c2c |
Cyren | W32/Trojan.EBVR-7686 |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | Win32/TrojanDownloader.ModiLoader.VX |
APEX | Malicious |
Kaspersky | HEUR:Backdoor.Win32.Remcos.gen |
Avast | FileRepMalware [Trj] |
Sophos | Mal/Generic-S |
McAfee-GW-Edition | BehavesLike.Win32.Infected.th |
Ikarus | Win32.Outbreak |
Webroot | W32.Malware.Gen |
Antiy-AVL | Trojan/Win32.Wacatac |
Gridinsoft | Trojan.Win32.Gen.bot |
Microsoft | Trojan:Win32/Generic |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
Detected | |
BitDefenderTheta | Gen:NN.ZelphiF.36662.lLW@amsC8Rpi |
VBA32 | BScope.Backdoor.Remcos |
Cylance | unsafe |
Panda | Trj/Chgt.AD |
TrendMicro-HouseCall | TROJ_GEN.R002H0DI523 |
Rising | Downloader.ModiLoader!8.17B13 (TFE:5:xJYR0O63t) |
SentinelOne | Static AI - Suspicious PE |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | W32/Injector.ESCX!tr |
AVG | FileRepMalware [Trj] |
DeepInstinct | MALICIOUS |
CrowdStrike | win/malicious_confidence_100% (W) |