Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Jan. 8, 2024, 9:35 a.m. | Jan. 8, 2024, 9:37 a.m. |
-
-
31839b57a4f11171d6abc8bbc4451ee4.exe "C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
2644 -
rty25.exe "C:\Users\test22\AppData\Local\Temp\rty25.exe"
2688
-
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.67.53.17 |
i.alie3ksgaa.com | 154.92.15.189 |
Suricata Alerts
Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
file | C:\Users\test22\AppData\Local\Temp\rty25.exe |
file | C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe |
file | C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe |
file | C:\Users\test22\AppData\Local\Temp\rty25.exe |
file | C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe |
section | {u'size_of_data': u'0x004a4200', u'virtual_address': u'0x00002000', u'entropy': 7.947406169101275, u'name': u'.text', u'virtual_size': u'0x004a4024'} | entropy | 7.9474061691 | description | A section with a high entropy has been found | |||||||||
entropy | 0.999579345883 | description | Overall entropy of this PE file is high |
Bkav | W32.AIDetectMalware.CS |
DrWeb | Trojan.MulDropNET.43 |
MicroWorld-eScan | Gen:Variant.MSIL.Krypt.41 |
Skyhigh | BehavesLike.Win32.Generic.rc |
McAfee | GenericRXPI-VQ!3133D3642BFA |
Malwarebytes | Trojan.Crypt.MSIL.Generic |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Ransomware ( 005a8b921 ) |
K7GW | Ransomware ( 005a8b921 ) |
Cybereason | malicious.8da9ad |
Arcabit | Trojan.MSIL.Krypt.41 |
BitDefenderTheta | Gen:NN.ZemsilF.36680.@p0@aqcnYPk |
VirIT | Trojan.Win32.MSIL_Heur.A |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of MSIL/Agent.UZA |
APEX | Malicious |
ClamAV | Win.Packed.Msilzilla-10018301-0 |
Kaspersky | HEUR:Trojan-Downloader.MSIL.ShortLoader.gen |
BitDefender | Gen:Variant.MSIL.Krypt.41 |
Avast | Win32:DropperX-gen [Drp] |
Emsisoft | Gen:Variant.MSIL.Krypt.41 (B) |
F-Secure | Heuristic.HEUR/AGEN.1365025 |
VIPRE | Gen:Variant.MSIL.Krypt.41 |
Sophos | Troj/ILAgent-I |
SentinelOne | Static AI - Malicious PE |
MAX | malware (ai score=85) |
Detected | |
Avira | HEUR/AGEN.1365025 |
Varist | W32/MSIL_Kryptik.FFY.gen!Eldorado |
Kingsoft | malware.kb.c.995 |
Microsoft | Trojan:MSIL/Mokes.B!MTB |
ZoneAlarm | HEUR:Trojan-Downloader.MSIL.ShortLoader.gen |
GData | Gen:Variant.MSIL.Krypt.41 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Malware/Win.Generic.C4478643 |
VBA32 | Trojan.MSIL.Injector.gen |
Cylance | unsafe |
Rising | Trojan.AntiVM!1.CF63 (CLASSIC) |
Ikarus | Trojan.MSIL.Krypt |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | MSIL/GenKryptik.FFMZ!tr |
AVG | Win32:DropperX-gen [Drp] |
DeepInstinct | MALICIOUS |
CrowdStrike | win/malicious_confidence_100% (D) |