Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 15, 2024, 11:05 a.m. | Aug. 15, 2024, 11:11 a.m. |
-
a.exe "C:\Users\test22\AppData\Local\Temp\a.exe"
2548
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
120.79.211.9 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49162 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49167 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49170 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49168 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49172 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49166 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49169 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49177 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49174 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49171 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49179 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49165 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49173 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49175 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49176 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
TLSv1 192.168.56.101:49178 120.79.211.9:8919 |
C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | C=CN, ST=CA, L=BeiJing, O=Slack Technologies Inc, OU=DigiCert Inc, CN=www.bilibili.com | 83:e4:15:ea:3f:9e:86:7f:a1:3a:e8:00:38:83:74:0a:4d:bb:8d:36 |
host | 120.79.211.9 |
process | a.exe | useragent | |||||||
process | a.exe | useragent | Microsoft-CryptoAPI/10.0 |
Bkav | W64.AIDetectMalware |
Elastic | malicious (high confidence) |
VIPRE | Gen:Heur.Whisperer.1.0000000400 |
BitDefender | Gen:Heur.Whisperer.1.0000000400 |
Cybereason | malicious.d59dde |
Arcabit | Trojan.Whisperer.1.0000000400 |
APEX | Malicious |
ClamAV | Win.Trojan.CobaltStrike-9044898-1 |
Kaspersky | HEUR:Trojan.Win64.CobaltStrike.gen |
MicroWorld-eScan | Gen:Heur.Whisperer.1.0000000400 |
Emsisoft | Gen:Heur.Whisperer.1.0000000400 (B) |
FireEye | Gen:Heur.Whisperer.1.0000000400 |
SentinelOne | Static AI - Suspicious PE |
Detected | |
MAX | malware (ai score=80) |
Microsoft | Trojan:Win64/CobaltStrike.BL!MTB |
ZoneAlarm | HEUR:Trojan.Win64.CobaltStrike.gen |
GData | Gen:Heur.Whisperer.1.0000000400 |
Acronis | suspicious |
DeepInstinct | MALICIOUS |
Ikarus | Trojan.Win64.Cobaltstrike |
Tencent | Trojan.Win32.CobaltStrike.16001072 |
CrowdStrike | win/malicious_confidence_100% (D) |