Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Jan. 13, 2024, 6:59 p.m. | Jan. 13, 2024, 7:04 p.m. |
-
rty31.exe "C:\Users\test22\AppData\Local\Temp\rty31.exe"
524
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.67.53.27 |
i.alie3ksgaa.com | 154.92.15.189 |
Suricata Alerts
Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
pdb_path | msinfo32.pdb |
resource name | MUI |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
section | {u'size_of_data': u'0x00024800', u'virtual_address': u'0x0003e000', u'entropy': 7.2518540818869015, u'name': u'.rsrc', u'virtual_size': u'0x00025000'} | entropy | 7.25185408189 | description | A section with a high entropy has been found | |||||||||
entropy | 0.396739130435 | description | Overall entropy of this PE file is high |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win32.Generic.4!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win64.Fabookie.fh |
Cylance | unsafe |
Sangfor | Trojan.Win32.Agent.Vvs1 |
VirIT | Trojan.Win64.Agent.BCD |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win64/GenKryptik.GMIU |
APEX | Malicious |
McAfee | RDN/genericuh |
Avast | FileRepMalware [Misc] |
Kaspersky | Trojan-Downloader.Win32.Agent.xycfth |
Rising | Trojan.Kryptik!8.8 (CLOUD) |
DrWeb | Trojan.PWS.Stealer.26476 |
Sophos | Mal/Generic-S |
Avira | TR/AD.Swrort.rwrbz |
Kingsoft | Win32.Troj.Unknown.a |
Gridinsoft | Trojan.Win64.Gen.tr |
Microsoft | Trojan:Win32/Znyonm |
ZoneAlarm | Trojan-Downloader.Win32.Agent.xycfth |
AhnLab-V3 | Malware/Win.Generic.C5462723 |
DeepInstinct | MALICIOUS |
Malwarebytes | Generic.Malware/Suspicious |
AVG | FileRepMalware [Misc] |
CrowdStrike | win/malicious_confidence_60% (D) |