VCAGENT

Attention: please enable javascript in order to properly view & use this malware analysis service.

Bạn đang xem: Vcagent

This trang web uses cookies khổng lồ enhance your browsing experience. Please cảnh báo that by continuing lớn use this site you consent lớn the terms of our Data Protection Policy.

ACCEPT
Toggle navigation
*

Sandbox Quick Scans Resources Request Info More YARA search String tìm kiếm file Collection search Report tìm kiếm " placeholder="IP, Domain, Hash…">
Threat Score: 100/100 AV Detection: 36% Labeled as: Win64/DriverReviver.A poten... #evasive links Twitter thư điện tử

Xem thêm: Cồn Kế Cách Sử Dụng Và Mua Cồn Kế Ở Đâu Chất Lượng, Nơi Bán Cồn Kế Giá Rẻ, Uy Tín, Chất Lượng Nhất

wzdu50.exe

This report is generated from a file or URL submitted lớn this webservice on February 19th 2020 22:16:56 (UTC) and action script Heavy Anti-EvasionGuest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1 Report generated by Falcon Sandbox v8.30 © Hybrid Analysis


Remote Access Reads terminal service related keys (often RDP related) Ransomware The analysis extracted a known ransomware file Spyware Found a string that may be used as part of an injection method Persistence Spawns a lot of processes Writes data to a remote process Fingerprint Queries kernel debugger information Queries process information Queries sensitive IE security settings Queries the internet cache settings (often used lớn hide footprints in index.dat or internet cache) Reads the active computer name Reads the cryptographic machine GUID Evasive Marks file for deletion Spreading Opens the MountPointManager (often used lớn detect additional infection locations) Network Behavior Contacts 33 domains và 41 hosts. View all details
This report has 39 indicators that were mapped to lớn 23 attack techniques & 9 tactics. View all details
Execution ATT&CK ID Name Tactics description Malicious Indicators Suspicious Indicators Informative Indicators Persistence ATT&CK ID Name Tactics description Malicious Indicators Suspicious Indicators Informative Indicators Privilege Escalation ATT&CK ID Name Tactics description Malicious Indicators Suspicious Indicators Informative Indicators Defense Evasion ATT&CK ID Name Tactics description Malicious Indicators Suspicious Indicators Informative Indicators Credential Access ATT&CK ID Name Tactics mô tả tìm kiếm Malicious Indicators Suspicious Indicators Informative Indicators Discovery ATT&CK ID Name Tactics description Malicious Indicators Suspicious Indicators Informative Indicators Lateral Movement ATT&CK ID Name Tactics description Malicious Indicators Suspicious Indicators Informative Indicators Collection ATT&CK ID Name Tactics mô tả tìm kiếm Malicious Indicators Suspicious Indicators Informative Indicators Command và Control ATT&CK ID Name Tactics description Malicious Indicators Suspicious Indicators Informative Indicators
T1047 Windows Management Instrumentation Execution Windows Management Instrumentation (WMI) is a Windows administration feature that provides a uniform environment for local & remote access lớn Windows system components. Learn more T1168 Local Job Scheduling Execution Persistence On Linux and Apple systems, multiple methods are supported for creating pre-scheduled & periodic background jobs: cron,Die. Learn more 2 confidential indicators T1035 Service Execution Execution Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager. Learn more 2 confidential indicators
T1215 Kernel Modules and Extensions Persistence Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded và unloaded into the kernel upon demand. Learn more T1179 Hooking Credential Access Persistence Privilege Escalation Windows processes often leverage application programming interface (API) functions khổng lồ perform tasks that require reusable system resources. Learn more T1168 Local Job Scheduling Execution Persistence On Linux & Apple systems, multiple methods are supported for creating pre-scheduled and periodic background jobs: cron,Die. Learn more 2 confidential indicators
T1179 Hooking Credential Access Persistence Privilege Escalation Windows processes often leverage application programming interface (API) functions to lớn perform tasks that require reusable system resources. Learn more T1055 Process Injection Defense Evasion Privilege Escalation Process injection is a method of executing arbitrary code in the address space of a separate live process. Learn more 2 confidential indicators
T1116 Code Signing Defense Evasion Code signing provides a cấp độ of authenticity on a binary from the developer & a guarantee that the binary has not been tampered with. Learn more T1107 File Deletion Defense Evasion Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces behind as to what was done within a network và how. Learn more T1055 Process Injection Defense Evasion Privilege Escalation Process injection is a method of executing arbitrary code in the address space of a separate live process. Learn more 2 confidential indicators T1112 Modify Registry Defense Evasion Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques lớn aid in <> and <>. Learn more T1045 Software Packing Defense Evasion Software packing is a method of compressing or encrypting an executable. Learn more
T1179 Hooking Credential Access Persistence Privilege Escalation Windows processes often leverage application programming interface (API) functions to lớn perform tasks that require reusable system resources. Learn more
T1012 Query Registry Discovery Adversaries may interact with the Windows Registry lớn gather information about the system, configuration, & installed software. Learn more 2 confidential indicators T1120 Peripheral Device Discovery Discovery Adversaries may attempt to gather information about attached peripheral devices và components connected lớn a computer system. Learn more T1082 System Information Discovery Discovery An adversary may attempt lớn get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, và architecture. Learn more T1010 Application Window Discovery Discovery Adversaries may attempt lớn get a listing of xuất hiện application windows. Learn more T1124 System Time Discovery Discovery The system time is set & stored by the Windows Time Service within a tên miền to maintain time synchronization between systems & services in an enterprise network. Learn more T1057 Process Discovery Discovery Adversaries may attempt to lớn get information about running processes on a system. Learn more 1 confidential indicators
T1076 Remote Desktop Protocol Lateral Movement Remote desktop is a common feature in operating systems. Learn more
T1114 Email Collection Collection Adversaries may target user thư điện tử to collect sensitive information from a target. Learn more 1 confidential indicators
T1094 Custom Command & Control Protocol Command và Control Adversaries may communicate using a custom command and control protocol instead of using existing <> to lớn encapsulate commands. Learn more