wmiexec.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6403_us | Aug. 5, 2024, 10:35 a.m. | Aug. 5, 2024, 10:40 a.m. |
-
-
wmiexec.exe "C:\Users\test22\AppData\Local\Temp\wmiexec.exe"
2180
-
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| No hosts contacted. | ||
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| section | _RDATA |
| file | C:\Users\test22\AppData\Local\Temp\_MEI16642\python310.dll |
| file | C:\Users\test22\AppData\Local\Temp\_MEI16642\VCRUNTIME140.dll |
| file | C:\Users\test22\AppData\Local\Temp\_MEI16642\libcrypto-1_1.dll |
| file | C:\Users\test22\AppData\Local\Temp\_MEI16642\libssl-1_1.dll |
| file | C:\Users\test22\AppData\Local\Temp\_MEI16642\libffi-7.dll |
| section | {u'size_of_data': u'0x0000f200', u'virtual_address': u'0x00052000', u'entropy': 7.356255504376821, u'name': u'.rsrc', u'virtual_size': u'0x0000f008'} | entropy | 7.35625550438 | description | A section with a high entropy has been found | |||||||||
| Bkav | W64.AIDetectMalware |
| Lionic | Trojan.Win32.Tiny.tsdM |
| Cylance | Unsafe |
| Sangfor | Riskware.Python.Impacket.Velz |
| Symantec | Trojan.Gen.MBT |
| ESET-NOD32 | Python/Riskware.WMIExec.B |
| APEX | Malicious |
| McAfee | Artemis!E3E29CE5E9AF |
| Avast | Python:Agent-RT [Trj] |
| Kaspersky | HEUR:HackTool.Python.Impacket.gen |
| Alibaba | HackTool:Application/Impacket.2981a292 |
| McAfeeD | ti!68CA7BCFB1CE |
| Sophos | Mal/Generic-S |
| Detected | |
| Kingsoft | Win32.Troj.Unknown.a |
| ZoneAlarm | HEUR:HackTool.Python.Impacket.gen |
| Varist | W64/ABApplication.WYJN-1131 |
| DeepInstinct | MALICIOUS |
| Panda | Trj/CI.A |
| Tencent | Win32.Hacktool.Impacket.Ugil |
| MaxSecure | Trojan.Malware.184314475.susgen |
| Fortinet | Riskware/WMIEXEC |
| AVG | Python:Agent-RT [Trj] |
| Paloalto | generic.ml |
| CrowdStrike | win/malicious_confidence_100% (W) |
| alibabacloud | Exploit:Win/MS17-010.E |