Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | July 4, 2024, 4:55 p.m. | July 4, 2024, 5:03 p.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\UtilityR.dll,DllMain
2136-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\UtilityR.dll,DllMain
2408
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\UtilityR.dll,DllGetClassObject
1000-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\UtilityR.dll,DllGetClassObject
2504
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\UtilityR.dll,DllUnregisterServer
2320-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\UtilityR.dll,DllUnregisterServer
2604
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\UtilityR.dll,DllRegisterServer
2228-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\UtilityR.dll,DllRegisterServer
2652
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\UtilityR.dll,StartW
2448-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\UtilityR.dll,StartW
2664
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\UtilityR.dll,
2592
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
89.197.154.116 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
description | rundll32.exe tried to sleep 121 seconds, actually delayed analysis time by 121 seconds |
section | {u'size_of_data': u'0x0004be00', u'virtual_address': u'0x00003000', u'entropy': 7.250608120184135, u'name': u'.data', u'virtual_size': u'0x0004bcc0'} | entropy | 7.25060812018 | description | A section with a high entropy has been found | |||||||||
entropy | 0.949921752739 | description | Overall entropy of this PE file is high |
host | 89.197.154.116 |
Bkav | W64.AIDetectMalware |
Elastic | Windows.Trojan.CobaltStrike |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win64.Trojan.fc |
ALYac | Gen:Variant.Zusy.476921 |
Cylance | Unsafe |
VIPRE | Gen:Variant.Zusy.476921 |
Sangfor | Trojan.Win32.CobaltStrike |
BitDefender | Gen:Variant.Zusy.476921 |
Arcabit | Trojan.Zusy.D746F9 |
Symantec | Backdoor.Cobalt |
ESET-NOD32 | a variant of Win64/CobaltStrike.Artifact.A |
APEX | Malicious |
McAfee | Injector-FEY.c!09A621243E24 |
Avast | Win64:Evo-gen [Trj] |
ClamAV | Win.Trojan.CobaltStrike-9044898-1 |
Kaspersky | HEUR:Trojan.Win64.CobaltStrike.gen |
MicroWorld-eScan | Gen:Variant.Zusy.476921 |
Rising | Backdoor.CobaltStrike/x64!1.E382 (CLASSIC) |
Emsisoft | Gen:Variant.Zusy.476921 (B) |
F-Secure | Heuristic.HEUR/AGEN.1362273 |
TrendMicro | Backdoor.Win64.COBEACON.SMA |
McAfeeD | ti!CF6676B304DC |
FireEye | Generic.mg.09a621243e242bc7 |
Sophos | ATK/Cobalt-W |
Ikarus | Trojan.Win64.Cobaltstrike |
Jiangmin | Trojan.CobaltStrike.tu |
Detected | |
Avira | HEUR/AGEN.1362273 |
MAX | malware (ai score=80) |
Antiy-AVL | RiskWare/Win64.Artifact.a |
Microsoft | Backdoor:Win64/CobaltStrike.NP!dha |
ZoneAlarm | HEUR:Trojan.Win64.CobaltStrike.gen |
GData | Gen:Variant.Zusy.476921 |
Varist | W64/CobaltStrike.X.gen!Eldorado |
AhnLab-V3 | Malware/Win.Generic.R374111 |
Acronis | suspicious |
TACHYON | Trojan/W64.CobaltStrike.328192 |
DeepInstinct | MALICIOUS |
Malwarebytes | Trojan.CobaltStrike.Generic |
Panda | Trj/GdSda.A |
TrendMicro-HouseCall | Backdoor.Win64.COBEACON.SMA |
Tencent | Trojan.Win32.CobaltStrike.16001072 |
SentinelOne | Static AI - Malicious PE |
MaxSecure | Trojan.Malware.121218.susgen |
Fortinet | W64/CobaltStrike_Artifact.A!tr |
AVG | Win64:Evo-gen [Trj] |
CrowdStrike | win/malicious_confidence_100% (D) |
alibabacloud | Backdoor:Win/Cobaltstrike |
dead_host | 192.168.56.103:49172 |
dead_host | 89.197.154.116:7810 |
dead_host | 192.168.56.103:49174 |