Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Aug. 5, 2024, 10:33 a.m. | Aug. 5, 2024, 11:01 a.m. |
-
-
cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\BE59.tmp\2.bat" "C:\Users\test22\AppData\Local\Temp\cvekil.exe""
2088-
lodctr.exe lodctr /s:"C:\Users\test22\AppData\Local\Temp\perf.tmp"
2172 -
cmd.exe C:\Windows\system32\cmd.exe /c find "230=" "C:\Users\test22\AppData\Local\Temp\perf.tmp" | findstr /brc:"230="
2548-
find.exe find "230=" "C:\Users\test22\AppData\Local\Temp\perf.tmp"
2592 -
findstr.exe findstr /brc:"230="
2632
-
-
cmd.exe C:\Windows\system32\cmd.exe /c find "684=" "C:\Users\test22\AppData\Local\Temp\perf.tmp" | findstr /brc:"684="
2680-
find.exe find "684=" "C:\Users\test22\AppData\Local\Temp\perf.tmp"
2724 -
findstr.exe findstr /brc:"684="
2764
-
-
cmd.exe C:\Windows\system32\cmd.exe /c typeperf "\Process(cve)\Elapsed Time" -sc 1 | findstr /rc:":"
2812-
typeperf.exe typeperf "\Process(cve)\Elapsed Time" -sc 1
2856 -
findstr.exe findstr /rc:":"
2896
-
-
timeout.exe TIMEOUT /T 30 /NOBREAK
3004 -
lodctr.exe lodctr /s:"C:\Users\test22\AppData\Local\Temp\perf.tmp"
2132 -
cmd.exe C:\Windows\system32\cmd.exe /c find "230=" "C:\Users\test22\AppData\Local\Temp\perf.tmp" | findstr /brc:"230="
2340-
find.exe find "230=" "C:\Users\test22\AppData\Local\Temp\perf.tmp"
536 -
findstr.exe findstr /brc:"230="
296
-
-
cmd.exe C:\Windows\system32\cmd.exe /c find "684=" "C:\Users\test22\AppData\Local\Temp\perf.tmp" | findstr /brc:"684="
2568-
find.exe find "684=" "C:\Users\test22\AppData\Local\Temp\perf.tmp"
2644 -
findstr.exe findstr /brc:"684="
2700
-
-
cmd.exe C:\Windows\system32\cmd.exe /c typeperf "\Process(process has not been found)\Elapsed Time" -sc 1 | findstr /rc:":"
2796-
typeperf.exe typeperf "\Process(process has not been found)\Elapsed Time" -sc 1
2844 -
findstr.exe findstr /rc:":"
2908
-
-
timeout.exe TIMEOUT /T 30 /NOBREAK
3016 -
lodctr.exe lodctr /s:"C:\Users\test22\AppData\Local\Temp\perf.tmp"
3044
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Users\test22\AppData\Local\Temp\BE59.tmp\2.bat |
file | C:\Users\test22\AppData\Local\Temp\BE59.tmp\99.cmd |
cmdline | C:\Windows\system32\cmd.exe /c find "684=" "C:\Users\test22\AppData\Local\Temp\perf.tmp" | findstr /brc:"684=" |
cmdline | C:\Windows\system32\cmd.exe /c typeperf "\Process(process has not been found)\Elapsed Time" -sc 1 | findstr /rc:":" |
cmdline | C:\Windows\system32\cmd.exe /c typeperf "\Process(cve)\Elapsed Time" -sc 1 | findstr /rc:":" |
cmdline | C:\Windows\system32\cmd.exe /c find "230=" "C:\Users\test22\AppData\Local\Temp\perf.tmp" | findstr /brc:"230=" |
section | {u'size_of_data': u'0x00008c00', u'virtual_address': u'0x00011000', u'entropy': 7.954622287365347, u'name': u'UPX1', u'virtual_size': u'0x00009000'} | entropy | 7.95462228737 | description | A section with a high entropy has been found | |||||||||
entropy | 0.945945945946 | description | Overall entropy of this PE file is high |
section | UPX0 | description | Section name indicates UPX | ||||||
section | UPX1 | description | Section name indicates UPX |
cmdline | typeperf "\Process(cve)\Elapsed Time" -sc 1 |
cmdline | C:\Windows\system32\cmd.exe /c typeperf "\Process(process has not been found)\Elapsed Time" -sc 1 | findstr /rc:":" |
cmdline | C:\Windows\system32\cmd.exe /c typeperf "\Process(cve)\Elapsed Time" -sc 1 | findstr /rc:":" |
cmdline | typeperf "\Process(process has not been found)\Elapsed Time" -sc 1 |
file | C:\Users\test22\AppData\Local\Temp\BE59.tmp\call:findlocalestr |
file | C:\Users\test22\AppData\Local\Temp\BE59.tmp\call:err |
file | C:\Users\test22\AppData\Local\Temp\perf.tmp |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win32.Convagent.4!c |
Elastic | malicious (moderate confidence) |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win64.Generic.nc |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Agent.Vpl1 |
Symantec | ML.Attribute.HighConfidence |
tehtris | Generic.Malware |
APEX | Malicious |
McAfee | Artemis!B61F420FBF37 |
Avast | Win64:Malware-gen |
Alibaba | Trojan:Win64/Genric.bb431c3d |
Rising | Trojan.Convagent!8.12323 (CLOUD) |
Emsisoft | Trojan.Agent (A) |
DrWeb | BAT.Siggen.70 |
Zillya | Trojan.Convagent.Win32.12513 |
TrendMicro | TROJ_FRS.VSNTJQ23 |
McAfeeD | Real Protect-LS!B61F420FBF37 |
FireEye | Generic.mg.b61f420fbf37cc18 |
Ikarus | BAT.Siggen |
Jiangmin | Trojan.Scar.ej |
Detected | |
Antiy-AVL | Trojan/Win32.Agent |
Microsoft | Trojan:Win32/Casdet!rfn |
Varist | W64/ABRisk.TJAQ-1141 |
TACHYON | Trojan/W32.SchoolGirl.76288 |
DeepInstinct | MALICIOUS |
Malwarebytes | Malware.AI.2189428007 |
Panda | PUP/Hacktool |
TrendMicro-HouseCall | TROJ_FRS.VSNTJQ23 |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | W32/PossibleThreat |
AVG | Win64:Malware-gen |
CrowdStrike | win/malicious_confidence_70% (W) |
alibabacloud | Suspicious |