Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | July 6, 2024, 6:22 p.m. | July 6, 2024, 6:24 p.m. |
-
CryptoWall.exe "C:\Users\test22\AppData\Local\Temp\CryptoWall.exe"
2552
Name | Response | Post-Analysis Lookup |
---|---|---|
myexternalip.com | 34.117.118.44 | |
ip-addr.es | 188.165.164.184 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 185.172.128.90:80 -> 192.168.56.101:49163 | 2400032 | ET DROP Spamhaus DROP Listed Traffic Inbound group 33 | Misc Attack |
TCP 192.168.56.101:49163 -> 188.165.164.184:80 | 2020105 | ET INFO HTTP Request for External IP Check (ip-addr .es) | Device Retrieving External IP Address Detected |
TCP 192.168.56.101:49171 -> 188.165.164.184:80 | 2020105 | ET INFO HTTP Request for External IP Check (ip-addr .es) | Device Retrieving External IP Address Detected |
TCP 192.168.56.101:49164 -> 34.117.118.44:80 | 2019980 | ET POLICY External IP Check myexternalip.com | Device Retrieving External IP Address Detected |
TCP 192.168.56.101:49172 -> 34.117.118.44:80 | 2019980 | ET POLICY External IP Check myexternalip.com | Device Retrieving External IP Address Detected |
Suricata TLS
No Suricata TLS
request | GET http://ip-addr.es/ |
request | GET http://myexternalip.com/raw |
domain | ip-addr.es |
domain | myexternalip.com |
section | {u'size_of_data': u'0x00009400', u'virtual_address': u'0x00019000', u'entropy': 7.586665796448093, u'name': u'.data', u'virtual_size': u'0x0000a500'} | entropy | 7.58666579645 | description | A section with a high entropy has been found | |||||||||
entropy | 0.2890625 | description | Overall entropy of this PE file is high |
description | Take ScreenShot | rule | ScreenShot | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | Run a KeyLogger | rule | KeyLogger |
buffer | Buffer with sha1: 246422be21276cf15ba6f4b7af31b49d62773914 |
host | 185.172.128.90 | |||
host | 209.148.85.151 | |||
host | 91.121.12.127 | |||
host | 94.247.28.156 | |||
host | 94.247.28.26 | |||
host | 94.247.31.19 |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Cryptodef.tqGM |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Variant.Ransom.CryptoWall.77 |
CAT-QuickHeal | Ransom.Crowti.16508 |
ALYac | Gen:Variant.Ransom.CryptoWall.77 |
Cylance | Unsafe |
VIPRE | Gen:Variant.Ransom.CryptoWall.77 |
K7AntiVirus | Trojan ( 00498ab51 ) |
Alibaba | TrojanDropper:Win32/dropper.ali1003001 |
K7GW | Trojan ( 00498ab51 ) |
Cybereason | malicious.8efb96 |
VirIT | Trojan.Win32.FileCryptor.UR |
Symantec | ML.Attribute.HighConfidence |
tehtris | Generic.Malware |
ESET-NOD32 | a variant of Win32/Filecoder.CryptoWall.A |
APEX | Malicious |
Paloalto | generic.ml |
Cynet | Malicious (score: 100) |
Kaspersky | Trojan-Ransom.Win32.Cryptodef.cbs |
BitDefender | Gen:Variant.Ransom.CryptoWall.77 |
NANO-Antivirus | Trojan.Win32.YOTD2256.dncaot |
Rising | Ransom.Crowti!8.37D (TFE:2:jCQ8i3u36MH) |
Emsisoft | Gen:Variant.Ransom.CryptoWall.77 (B) |
F-Secure | Trojan.TR/Crypt.XPACK.Gen |
DrWeb | Trojan.Encoder.514 |
Zillya | Trojan.FileCoder.Win32.7 |
TrendMicro | TROJ_CRYPWALL.SMJC |
McAfeeD | Real Protect-LS!919034C8EFB9 |
Trapmine | malicious.high.ml.score |
FireEye | Generic.mg.919034c8efb9678f |
Sophos | Troj/Ransom-AGU |
Ikarus | Trojan-Ransom.Crowti |
Jiangmin | Trojan.Cryptodef.jf |
Webroot | W32.Trojan.TR.Crypt.XPACK |
Detected | |
Avira | TR/Crypt.XPACK.Gen |
MAX | malware (ai score=100) |
Antiy-AVL | Trojan[Ransom]/Win32.Cryptodef |
Kingsoft | Win32.Trojan-Ransom.Cryptodef.cbs |
Gridinsoft | Malware.Win32.GenericMC.cc |
Xcitium | Malware@#1gyh86oymb1d1 |
Arcabit | Trojan.Ransom.CryptoWall.77 |
ViRobot | Trojan.Win32.Z.Crowti.135168 |
ZoneAlarm | Trojan-Ransom.Win32.Cryptodef.cbs |
GData | Gen:Variant.Ransom.CryptoWall.77 |
Varist | W32/Cryptowall.B.gen!Eldorado |
AhnLab-V3 | Trojan/Win32.CryptoWall.R135312 |
BitDefenderTheta | Gen:NN.ZexaF.36808.iqX@a8QE4fp |
DeepInstinct | MALICIOUS |
dead_host | 94.247.31.19:8080 |
dead_host | 209.148.85.151:8080 |
dead_host | 94.247.28.156:8081 |
dead_host | 91.121.12.127:4141 |
dead_host | 94.247.28.26:2525 |