Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Aug. 15, 2024, 3:17 p.m. | Aug. 15, 2024, 3:19 p.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\b.dll,DllGetClassObject
1932-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\b.dll,DllGetClassObject
2332
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\b.dll,DllRegisterServer
2148-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\b.dll,DllRegisterServer
2420
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\b.dll,DllMain
2056-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\b.dll,DllMain
2444
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\b.dll,DllUnregisterServer
2240-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\b.dll,DllUnregisterServer
2552
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\b.dll,StartW
2368-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\b.dll,StartW
2636
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\b.dll,
2592
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
41.216.183.157 | Active | Moloch |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 41.216.183.157:18099 -> 192.168.56.103:49172 | 2400002 | ET DROP Spamhaus DROP Listed Traffic Inbound group 3 | Misc Attack |
TCP 192.168.56.103:49172 -> 41.216.183.157:18099 | 2033713 | ET MALWARE Cobalt Strike Beacon Observed | Targeted Malicious Activity was Detected |
TCP 192.168.56.103:49174 -> 41.216.183.157:18099 | 2033713 | ET MALWARE Cobalt Strike Beacon Observed | Targeted Malicious Activity was Detected |
Suricata TLS
No Suricata TLS
description | rundll32.exe tried to sleep 121 seconds, actually delayed analysis time by 121 seconds |
section | {u'size_of_data': u'0x00043e00', u'virtual_address': u'0x00003000', u'entropy': 7.08667788165207, u'name': u'.data', u'virtual_size': u'0x00043cc0'} | entropy | 7.08667788165 | description | A section with a high entropy has been found | |||||||||
entropy | 0.944347826087 | description | Overall entropy of this PE file is high |
host | 41.216.183.157 |
Bkav | W64.AIDetectMalware |
Elastic | Windows.Trojan.CobaltStrike |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win64.Trojan.dc |
ALYac | Dump:Generic.Beacon.Marte.B.9458FA82 |
Cylance | Unsafe |
VIPRE | Dump:Generic.Beacon.Marte.B.9458FA82 |
Sangfor | Trojan.Win32.CobaltStrike |
BitDefender | Dump:Generic.Beacon.Marte.B.9458FA82 |
Arcabit | Trojan.Zusy.D746F9 |
Symantec | Backdoor.Cobalt |
ESET-NOD32 | a variant of Win64/CobaltStrike.Artifact.A |
APEX | Malicious |
McAfee | Injector-FEY.c!E744A3EE4380 |
Avast | Win64:Evo-gen [Trj] |
ClamAV | Win.Trojan.CobaltStrike-9044898-1 |
Kaspersky | HEUR:Trojan.Win32.CobaltStrike.gen |
MicroWorld-eScan | Dump:Generic.Beacon.Marte.B.9458FA82 |
Rising | Backdoor.CobaltStrike/x64!1.E382 (CLASSIC) |
Emsisoft | Dump:Generic.Beacon.Marte.B.9458FA82 (B) |
F-Secure | Heuristic.HEUR/AGEN.1362273 |
TrendMicro | Backdoor.Win64.COBEACON.SMA |
McAfeeD | ti!28635585AE47 |
FireEye | Generic.mg.e744a3ee4380bc4e |
Sophos | ATK/Cobalt-W |
SentinelOne | Static AI - Malicious PE |
Jiangmin | Trojan.CobaltStrike.io |
Detected | |
Avira | HEUR/AGEN.1362273 |
MAX | malware (ai score=84) |
Antiy-AVL | RiskWare/Win64.Artifact.a |
Microsoft | Backdoor:Win64/CobaltStrike.NP!dha |
ZoneAlarm | HEUR:Trojan.Win32.CobaltStrike.gen |
GData | Dump:Generic.Beacon.Marte.B.9458FA82 |
Varist | W64/Beacon.A |
AhnLab-V3 | Malware/Win.Generic.R374111 |
Acronis | suspicious |
TACHYON | Trojan/W64.CobaltStrike.295424 |
DeepInstinct | MALICIOUS |
Malwarebytes | Generic.Malware.AI.DDS |
Ikarus | Trojan.Win64.Cobaltstrike |
Panda | Trj/GdSda.A |
TrendMicro-HouseCall | Backdoor.Win64.COBEACON.SMA |
Tencent | Trojan.Win32.CobaltStrike.16001072 |
huorong | Backdoor/CobaltStrike.d |
MaxSecure | Trojan.Malware.121218.susgen |
Fortinet | W64/CobaltStrike_Artifact.A!tr |
AVG | Win64:Evo-gen [Trj] |
CrowdStrike | win/malicious_confidence_100% (W) |
alibabacloud | Backdoor:Win/Cobaltstrike.d603e567 |