Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 11, 2024, 10:08 a.m. | Sept. 11, 2024, 10:14 a.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\svchost.dll,debug
2560-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\svchost.dll,debug
2704
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\svchost.dll,
2644
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
93.113.171.225 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://93.113.171.225/service |
request | GET http://93.113.171.225/service |
cmdline | "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\svchost.dll,debug |
host | 93.113.171.225 |
process | rundll32.exe | useragent | |||||||
process | rundll32.exe | useragent | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB) |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win32.Cobalt Strike.4!c |
Cynet | Malicious (score: 100) |
Sangfor | Trojan.Win32.Agent.Vdte |
Elastic | malicious (moderate confidence) |
APEX | Malicious |
Avast | Win64:Evo-gen [Trj] |
Kaspersky | Trojan.Win32.Cobalt.uft |
Rising | Trojan.Cobalt!8.C4EF (CLOUD) |
F-Secure | Heuristic.HEUR/AGEN.1301964 |
McAfeeD | ti!BF37D4E2861B |
FireEye | Generic.mg.758efd58932dd319 |
Avira | HEUR/AGEN.1301964 |
Kingsoft | Win32.Trojan.Cobalt.uft |
ZoneAlarm | Trojan.Win32.Cobalt.uft |
GData | Win64.Trojan.Agent.QMRUFF |
McAfee | Artemis!758EFD58932D |
DeepInstinct | MALICIOUS |
Tencent | Win32.Trojan.Cobalt.Ssmw |
Fortinet | W32/PossibleThreat |
AVG | Win64:Evo-gen [Trj] |
Paloalto | generic.ml |
alibabacloud | Trojan:Win/Cobalt.upl |