Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | May 6, 2024, 4:49 p.m. | May 6, 2024, 4:56 p.m. |
-
win.exe "C:\Users\test22\AppData\Local\Temp\win.exe"
1460
Name | Response | Post-Analysis Lookup |
---|---|---|
www.google.com | 142.250.76.132 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49165 -> 199.195.254.188:808 | 2024897 | ET USER_AGENTS Go HTTP Client User-Agent | Misc activity |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.3 192.168.56.103:49162 199.195.254.188:785 |
None | None | None |
packer | UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser |
file | C:\ProgramData\Microsoft\csrss.exe |
section | {u'size_of_data': u'0x001cd000', u'virtual_address': u'0x0039d000', u'entropy': 7.917154806448342, u'name': u'UPX1', u'virtual_size': u'0x001cd000'} | entropy | 7.91715480645 | description | A section with a high entropy has been found | |||||||||
entropy | 0.99945799458 | description | Overall entropy of this PE file is high |
section | UPX0 | description | Section name indicates UPX | ||||||
section | UPX1 | description | Section name indicates UPX |
host | 199.195.254.188 |
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Administrator | reg_value | C:\ProgramData\Microsoft\csrss.exe |
Bkav | W32.AIDetectMalware |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win32.Generic.tc |
ALYac | Gen:Variant.Fragtor.149252 |
VIPRE | Gen:Variant.Fragtor.149252 |
Sangfor | Trojan.Win32.Save.a |
BitDefender | Gen:Variant.Fragtor.149252 |
Arcabit | Trojan.Fragtor.D24704 |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (moderate confidence) |
ESET-NOD32 | a variant of WinGo/Agent.HV |
APEX | Malicious |
McAfee | GenericRXAA-AA!8A2A16720871 |
Avast | Win32:Evo-gen [Trj] |
ClamAV | Win.Malware.Lazy-9969515-0 |
Kaspersky | UDS:DangerousObject.Multi.Generic |
MicroWorld-eScan | Gen:Variant.Fragtor.149252 |
Rising | Backdoor.Kaiji/Linux!1.E52B (CLOUD) |
Emsisoft | Gen:Variant.Fragtor.149252 (B) |
F-Secure | Heuristic.HEUR/AGEN.1366851 |
DrWeb | BackDoor.Siggen2.4187 |
Trapmine | suspicious.low.ml.score |
FireEye | Gen:Variant.Fragtor.149252 |
Ikarus | Trojan.WinGo.Agent |
Detected | |
Avira | HEUR/AGEN.1366851 |
Antiy-AVL | Trojan/Win32.SGeneric |
Kingsoft | Win32.Troj.Undef.a |
Microsoft | Trojan:Win32/Wacatac.A!ml |
ZoneAlarm | VHO:Trojan-Ransom.Win32.Convagent.gen |
GData | Gen:Variant.Fragtor.149252 |
AhnLab-V3 | Trojan/Win.Generic.R531897 |
BitDefenderTheta | Gen:NN.ZexaF.36804.ZnGfae4hZUbi |
DeepInstinct | MALICIOUS |
VBA32 | TrojanRansom.Chaos |
Malwarebytes | Trojan.Injector.UPX |
Tencent | Trojan-Ransom.Win32.Foreign.ka |
MAX | malware (ai score=86) |
MaxSecure | Trojan.Malware.300983.susgen |
AVG | Win32:Evo-gen [Trj] |
alibabacloud | Trojan:Multi/Fragtor.Gen |
dead_host | 192.168.56.103:49266 |
dead_host | 192.168.56.1:22 |
dead_host | 192.168.56.101:22 |
dead_host | 192.168.56.103:49169 |