Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | March 23, 2021, 6:22 p.m. | March 23, 2021, 6:24 p.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\158.dll,DllRegisterServer1
1016-
wermgr.exe C:\Windows\system32\wermgr.exe
2760
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\158.dll,
1756
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49204 73.103.36.158:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | f8:68:0a:74:96:dc:19:0a:62:fa:35:3d:ca:ef:06:ff:20:bd:f4:c8 |
TLSv1 192.168.56.101:49206 70.119.149.64:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | f8:68:0a:74:96:dc:19:0a:62:fa:35:3d:ca:ef:06:ff:20:bd:f4:c8 |
TLSv1 192.168.56.101:49207 50.197.243.125:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02 |
TLSv1 192.168.56.101:49205 71.66.92.190:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | f8:68:0a:74:96:dc:19:0a:62:fa:35:3d:ca:ef:06:ff:20:bd:f4:c8 |
resource name | None |
suspicious_features | Connection to IP address | suspicious_request | GET https://73.103.36.158/mon158/TEST22-PC_W617601.1FB16BB3437BB05277DA11D380BB37F9/5/file/ | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET https://71.66.92.190/mon158/TEST22-PC_W617601.1FB16BB3437BB05277DA11D380BB37F9/5/file/ | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET https://70.119.149.64/mon158/TEST22-PC_W617601.1FB16BB3437BB05277DA11D380BB37F9/5/file/ | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET https://50.197.243.125/mon158/TEST22-PC_W617601.1FB16BB3437BB05277DA11D380BB37F9/5/file/ |
request | GET https://73.103.36.158/mon158/TEST22-PC_W617601.1FB16BB3437BB05277DA11D380BB37F9/5/file/ |
request | GET https://71.66.92.190/mon158/TEST22-PC_W617601.1FB16BB3437BB05277DA11D380BB37F9/5/file/ |
request | GET https://70.119.149.64/mon158/TEST22-PC_W617601.1FB16BB3437BB05277DA11D380BB37F9/5/file/ |
request | GET https://50.197.243.125/mon158/TEST22-PC_W617601.1FB16BB3437BB05277DA11D380BB37F9/5/file/ |
name | RT_MANIFEST | language | LANG_CHINESE | filetype | XML 1.0 document, ASCII text, with very long lines, with no line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00055020 | size | 0x00000217 |
cmdline | C:\Windows\system32\cmd.exe |
Bkav | W32.AIDetect.malware2 |
FireEye | Generic.mg.022e2c948003e421 |
APEX | Malicious |
Kaspersky | HEUR:Trojan.Win32.Trickpak.gen |
Cynet | Malicious (score: 100) |
ESET-NOD32 | a variant of Win32/GenKryptik.FDFG |
Rising | Trojan.Trickpak!8.122C7 (TFE:dGZlOgZ9RHOveNaXyg) |
section | {u'size_of_data': u'0x0004e000', u'virtual_address': u'0x00054000', u'entropy': 7.210964476740652, u'name': u'.rsrc', u'virtual_size': u'0x0004d1f8'} | entropy | 7.21096447674 | description | A section with a high entropy has been found | |||||||||
entropy | 0.461538461538 | description | Overall entropy of this PE file is high |
host | 50.197.243.125 | |||
host | 70.119.149.64 | |||
host | 71.66.92.190 | |||
host | 73.103.36.158 |