Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 26, 2024, 9:28 a.m. | Aug. 26, 2024, 9:30 a.m. |
-
win.exe "C:\Users\test22\AppData\Local\Temp\win.exe"
2556
Name | Response | Post-Analysis Lookup |
---|---|---|
www.google.com | 142.250.207.100 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49164 -> 154.201.84.201:808 | 2024897 | ET USER_AGENTS Go HTTP Client User-Agent | Misc activity |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.3 192.168.56.101:49161 154.201.84.201:8011 |
None | None | None |
packer | UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser |
file | C:\ProgramData\Microsoft\csrss.exe |
section | {u'size_of_data': u'0x001cd200', u'virtual_address': u'0x0039d000', u'entropy': 7.916870772381234, u'name': u'UPX1', u'virtual_size': u'0x001ce000'} | entropy | 7.91687077238 | description | A section with a high entropy has been found | |||||||||
entropy | 0.999458141425 | description | Overall entropy of this PE file is high |
section | UPX0 | description | Section name indicates UPX | ||||||
section | UPX1 | description | Section name indicates UPX |
host | 154.201.84.201 |
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Administrator | reg_value | C:\ProgramData\Microsoft\csrss.exe |
Bkav | W32.AIDetectMalware |
Elastic | malicious (moderate confidence) |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win32.Generic.tc |
ALYac | Gen:Variant.Fragtor.149252 |
Cylance | Unsafe |
VIPRE | Gen:Variant.Fragtor.149252 |
Sangfor | Trojan.Win32.Save.a |
BitDefender | Gen:Variant.Fragtor.149252 |
Cybereason | malicious.eff897 |
Arcabit | Trojan.Fragtor.D24704 |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of WinGo/Agent.HV |
APEX | Malicious |
McAfee | GenericRXUL-WJ!70CAAF13A416 |
Avast | Win32:Evo-gen [Trj] |
ClamAV | Win.Malware.Lazy-9969515-0 |
Kaspersky | UDS:Trojan.Win32.Chaos |
MicroWorld-eScan | Gen:Variant.Fragtor.149252 |
Rising | Backdoor.Kaiji/Linux!1.E52B (CLASSIC) |
Emsisoft | Gen:Variant.Fragtor.149252 (B) |
F-Secure | Heuristic.HEUR/AGEN.1366851 |
DrWeb | BackDoor.Siggen2.4187 |
McAfeeD | Real Protect-LS!48DFDA3EFF89 |
Trapmine | suspicious.low.ml.score |
FireEye | Gen:Variant.Fragtor.149252 |
Ikarus | Trojan.WinGo.Agent |
Detected | |
Avira | HEUR/AGEN.1366851 |
MAX | malware (ai score=87) |
Antiy-AVL | Trojan/Win32.SGeneric |
Microsoft | Trojan:Win32/Wacatac.B!ml |
ZoneAlarm | VHO:Trojan-Ransom.Win32.Convagent.gen |
GData | Gen:Variant.Fragtor.149252 |
AhnLab-V3 | Trojan/Win.Generic.R657745 |
BitDefenderTheta | Gen:NN.ZexaF.36812.ZnGfa0@5NFpi |
DeepInstinct | MALICIOUS |
VBA32 | TrojanRansom.Chaos |
Malwarebytes | Trojan.Injector.UPX |
Tencent | Trojan-Ransom.Win32.Foreign.ka |
huorong | Backdoor/Chaos.a |
AVG | Win32:Evo-gen [Trj] |
CrowdStrike | win/malicious_confidence_90% (W) |
alibabacloud | Backdoor:Win/Agent.HV |
dead_host | 192.168.56.101:49167 |
dead_host | 192.168.56.1:22 |
dead_host | 192.168.56.103:22 |
dead_host | 192.168.56.101:49268 |