DownYGX.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Aug. 19, 2024, 2:18 p.m. | Aug. 19, 2024, 2:35 p.m. |
-
-
7z.exe C:\Users\test22\AppData\Local\Temp\7z.exe x -y D:\Standard_x64_2021.8.15.15832.zip -od:\Standard_x64_2021.8.15.15832
2720
-
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| static.yungengxin.com | 36.249.92.207 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49161 -> 42.177.83.87:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49161 42.177.83.87:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust CN RSA CA G1 | C=CN, ST=四川省, L=成都市, O=成都领之锋网络技术有限公司, CN=*.yungengxin.com | 39:d9:ec:57:64:47:82:41:72:6d:92:36:f6:32:4b:96:27:d3:35:24 |
| packer | UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser |
| request | GET https://static.yungengxin.com/Soft/Download/Standard_x64_2021.8.15.15832.zip |
| file | C:\Users\test22\AppData\Local\Temp\7z.dll |
| file | C:\Users\test22\AppData\Local\Temp\7z.exe |
| file | C:\Users\test22\AppData\Local\Temp\7z.dll |
| file | C:\Users\test22\AppData\Local\Temp\7z.exe |
| section | {u'size_of_data': u'0x0004aa00', u'virtual_address': u'0x0007d000', u'entropy': 7.940965856094214, u'name': u'UPX1', u'virtual_size': u'0x0004b000'} | entropy | 7.94096585609 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.911450381679 | description | Overall entropy of this PE file is high | |||||||||||
| section | UPX0 | description | Section name indicates UPX | ||||||
| section | UPX1 | description | Section name indicates UPX | ||||||
| file | C:\Users\test22\AppData\Local\Temp\7z.exe |
| Bkav | W32.AIDetectMalware |
| Lionic | Trojan.Win32.Generic.lNoD |
| Elastic | malicious (moderate confidence) |
| Cynet | Malicious (score: 100) |
| Skyhigh | BehavesLike.Win32.Injector.tc |
| ALYac | Trojan.GenericKD.64429940 |
| Malwarebytes | Generic.Malware.AI.DDS |
| VIPRE | Trojan.GenericKD.64429940 |
| Sangfor | Trojan.Win32.Packed.V63a |
| K7AntiVirus | Trojan ( 005631b11 ) |
| BitDefender | Trojan.GenericKD.64429940 |
| K7GW | Trojan ( 005631b11 ) |
| Cybereason | malicious.cdf6f3 |
| Arcabit | Trojan.Generic.D3D71F74 |
| VirIT | Trojan.Win32.Generic.XTX |
| ESET-NOD32 | a variant of Win32/Packed.Autoit.NBT suspicious |
| APEX | Malicious |
| McAfee | Artemis!36F62B7CDF6F |
| Avast | Win32:Evo-gen [Trj] |
| ClamAV | Win.Malware.Generic-6651791-0 |
| Alibaba | Packed:Win32/Generic.cfb6afc7 |
| MicroWorld-eScan | Trojan.GenericKD.64429940 |
| Emsisoft | Trojan.GenericKD.64429940 (B) |
| DrWeb | Trojan.Siggen5.59949 |
| Zillya | Trojan.AutoIT.Win32.175005 |
| McAfeeD | ti!203AE82CAF5A |
| Trapmine | malicious.high.ml.score |
| FireEye | Generic.mg.36f62b7cdf6f360b |
| Sophos | Mal/Generic-S (PUA) |
| Ikarus | PUA.Autoit |
| Webroot | W32.Malware.gen |
| Detected | |
| MAX | malware (ai score=82) |
| Antiy-AVL | Trojan[Packed]/Win32.Autoit |
| Gridinsoft | Trojan.Win32.CoinMiner.dd!s2 |
| Xcitium | TrojWare.Win32.Hider.REXR@5364l6 |
| Microsoft | Program:Win32/Wacapew.C!ml |
| ViRobot | Trojan.Win32.A.Agent.690283[UPX] |
| GData | Win32.Trojan.PSE.R2WKDE |
| Varist | W32/Trojan.IJBN-1595 |
| DeepInstinct | MALICIOUS |
| VBA32 | IMWorm.Sohanad |
| TrendMicro-HouseCall | TROJ_GEN.R002H09ET24 |
| Fortinet | Riskware/Application |
| AVG | Win32:Evo-gen [Trj] |
| Paloalto | generic.ml |
| CrowdStrike | win/malicious_confidence_100% (W) |
| alibabacloud | Trojan:Win/Packed.Autoit.NKB |