Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | March 22, 2021, 11:38 a.m. | March 22, 2021, 11:39 a.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\22.dll,DllRegisterServer
2948 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\22.dll,
204
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
pdb_path | c:\BelieveMetal\WingBad\FootIn\GladRoot\WhoseCrowd\Chance.pdb |
description | Code injection with CreateRemoteThread in a remote process | rule | inject_thread | ||||||
description | Create a windows service | rule | create_service | ||||||
description | Create a COM server | rule | create_com_service | ||||||
description | Communications over UDP network | rule | network_udp_sock | ||||||
description | Listen for incoming communication | rule | network_tcp_listen | ||||||
description | Communications over P2P network | rule | network_p2p_win | ||||||
description | Communications over HTTP | rule | network_http | ||||||
description | File downloader/dropper | rule | network_dropper | ||||||
description | Communications over FTP | rule | network_ftp | ||||||
description | Communications over RAW socket | rule | network_tcp_socket | ||||||
description | Communications use DNS | rule | network_dns | ||||||
description | Communication using dga | rule | network_dga | ||||||
description | Escalade priviledges | rule | escalate_priv | ||||||
description | Take screenshot | rule | screenshot | ||||||
description | Run a keylogger | rule | keylogger | ||||||
description | Steal credential | rule | cred_local | ||||||
description | Record Audio | rule | sniff_audio | ||||||
description | APC queue tasks migration | rule | migrate_apc | ||||||
description | Malware can spread east-west file | rule | spreading_file | ||||||
description | Malware can spread east-west using share drive | rule | spreading_share | ||||||
description | Create or check mutex | rule | win_mutex | ||||||
description | Affect system registries | rule | win_registry | ||||||
description | Affect system token | rule | win_token | ||||||
description | Affect private profile | rule | win_private_profile | ||||||
description | Affect private profile | rule | win_files_operation | ||||||
description | Match Winsock 2 API library declaration | rule | Str_Win32_Winsock2_Library | ||||||
description | Match Windows Inet API library declaration | rule | Str_Win32_Wininet_Library | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.GenericKD.36433685 |
FireEye | Generic.mg.649b5c913739cea1 |
CAT-QuickHeal | Trojan.Cridex |
McAfee | Trojan-FRGC!649B5C913739 |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Cridex.gen |
K7AntiVirus | Spyware ( 00552cf91 ) |
Alibaba | TrojanSpy:Win32/Ursnif.32410193 |
K7GW | Spyware ( 00552cf91 ) |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.Generic.D22BEF15 |
Cyren | W32/Trojan.QCNZ-3867 |
Symantec | Trojan.Gen.2 |
Avast | Win32:Malware-gen |
Kaspersky | HEUR:Trojan-Banker.Win32.Cridex.gen |
BitDefender | Trojan.GenericKD.36433685 |
NANO-Antivirus | Trojan.Win32.Cridex.intjhn |
Paloalto | generic.ml |
ViRobot | Trojan.Win32.Z.Wacatac.389632 |
Rising | Spyware.Ursnif!8.1DEF (CLOUD) |
Ad-Aware | Trojan.GenericKD.36433685 |
Sophos | Mal/Generic-S |
Comodo | Malware@#n9lfuh33p7k8 |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | TROJ_FRS.VSNTC221 |
McAfee-GW-Edition | Trojan-FRGC!649B5C913739 |
Emsisoft | Trojan.GenericKD.36433685 (B) |
Ikarus | Trojan-Banker.UrSnif |
Antiy-AVL | Trojan[Banker]/Win32.Cridex |
Kingsoft | Win32.Troj.Generic_a.a.(kcloud) |
Gridinsoft | Trojan.Win32.Banker.oa |
Microsoft | Trojan:Win32/Ursnif.SS!MTB |
AegisLab | Trojan.Win32.Cridex.7!c |
ZoneAlarm | HEUR:Trojan-Banker.Win32.Cridex.gen |
GData | Trojan.GenericKD.36433685 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Malware/Win32.Generic.C4349328 |
ALYac | Spyware.Ursnif |
MAX | malware (ai score=87) |
Malwarebytes | Trojan.Crypt |
ESET-NOD32 | Win32/Spy.Ursnif.CT |
TrendMicro-HouseCall | TROJ_FRS.VSNTC221 |
Tencent | Win32.Trojan-banker.Cridex.Woqd |
eGambit | Unsafe.AI_Score_89% |
Fortinet | PossibleThreat.MU |
MaxSecure | Trojan.Malware.74474672.susgen |
AVG | Win32:Malware-gen |
Panda | Trj/GdSda.A |
Qihoo-360 | Win32/Trojan.Dridex.HgkASQIA |