Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 16, 2024, 9:56 a.m. | June 16, 2024, 10:34 a.m. |
-
x86_0929_2.exe "C:\Users\test22\AppData\Local\Temp\x86_0929_2.exe"
2544
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
149.129.37.78 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
pdb_path | C:\Users\Clive\source\repos\x86_driver\Release\x86.pdb |
resource name | SYS |
name | SYS | language | LANG_CHINESE | filetype | PE32+ executable (native) x86-64, for MS Windows | sublanguage | SUBLANG_CHINESE_TRADITIONAL | offset | 0x17e190b0 | size | 0x00028a50 |
host | 149.129.37.78 |
reg_key | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EvilDriver\ImagePath | reg_value | \??\C:\Driver2030.sys |
Bkav | W32.AIDetectMalware |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win32.Generic.bh |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
McAfee | Artemis!DBE26EC226D4 |
Avast | TrojanX-gen [Trj] |
Kaspersky | UDS:DangerousObject.Multi.Generic |
Rising | Trojan.MalCert!1.F15F (CLASSIC) |
McAfeeD | Real Protect-LS!DBE26EC226D4 |
FireEye | Generic.mg.dbe26ec226d4e383 |
Sophos | Generic Reputation PUA (PUA) |
Microsoft | Program:Win32/Wacapew.C!ml |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
DeepInstinct | MALICIOUS |
VBA32 | suspected of Trojan.Downloader.gen |
Malwarebytes | Malware.AI.2420482668 |
Panda | Trj/Chgt.AD |
SentinelOne | Static AI - Malicious PE |
MaxSecure | Win.MxResIcn.Heur.Gen |
Fortinet | W32/PossibleThreat |
AVG | TrojanX-gen [Trj] |
Paloalto | generic.ml |
CrowdStrike | win/malicious_confidence_70% (W) |
service | EvilDriver (regkey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EvilDriver\Start) |
dead_host | 192.168.56.101:49161 |
dead_host | 149.129.37.78:22556 |