Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 12, 2024, 7:31 a.m. | June 12, 2024, 7:35 a.m. |
-
seo_cr1.exe "C:\Users\test22\AppData\Local\Temp\seo_cr1.exe"
2548 -
cmd.exe "c:\windows\system32\cmd.exe" /c wmic ComputerSystem get domain > C:\ProgramData\hafbefc\ebhbafe
2696-
WMIC.exe wmic ComputerSystem get domain
2752
-
Name | Response | Post-Analysis Lookup |
---|---|---|
dr-networks.com | 45.11.59.130 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49209 -> 45.11.59.130:80 | 2052283 | ET MALWARE [ANY.RUN] DarkGate HTTP POST Activity (TA577) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
section | .gfids |
suspicious_features | POST method with no referer header, HTTP version 1.0 used | suspicious_request | POST http://dr-networks.com/ |
request | POST http://dr-networks.com/ |
request | POST http://dr-networks.com/ |
file | c:\st\Autoit3.exe |
cmdline | wmic ComputerSystem get domain |
wmi | SELECT Domain FROM Win32_ComputerSystem |
section | {u'size_of_data': u'0x000f8000', u'virtual_address': u'0x0001f000', u'entropy': 7.43953446175193, u'name': u'.rdata', u'virtual_size': u'0x000f7f0a'} | entropy | 7.43953446175 | description | A section with a high entropy has been found | |||||||||
entropy | 0.254293770828 | description | Overall entropy of this PE file is high |
cmdline | wmic ComputerSystem get domain |
wmi | SELECT Domain FROM Win32_ComputerSystem |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Generic.4!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win32.Lockbit.wm |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/GenKryptik.GYPG |
APEX | Malicious |
McAfee | Artemis!B2D33941295F |
Kaspersky | UDS:DangerousObject.Multi.Generic |
Rising | Trojan.Generic@AI.83 (RDML:mtgATTehqFjXmF2jeIW/eQ) |
McAfeeD | Real Protect-LS!B2D33941295F |
Trapmine | malicious.high.ml.score |
FireEye | Generic.mg.b2d33941295f236b |
Sophos | Mal/Generic-S |
Ikarus | Win32.Outbreak |
Kingsoft | malware.kb.a.979 |
Gridinsoft | Malware.Win32.Gen.tr |
Microsoft | Trojan:Win32/Casdet!rfn |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
BitDefenderTheta | Gen:NN.ZexaF.36806.ZBW@a0DnfThi |
DeepInstinct | MALICIOUS |
SentinelOne | Static AI - Suspicious PE |
Paloalto | generic.ml |
CrowdStrike | win/malicious_confidence_100% (W) |