W32/Agent.IIC!tr.bdr
Analysis
- _win32__wans_um__
- _win32__wans_sm__
- __win32__wans_sdm__
- HTTP
- dep2.mvl0{Removed}.com
- undefinedSYSTEMundefined\wans.exe
- key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- value: undefinedSYSTEMundefined\wans.exe
- data: undefinedSYSTEMundefined\wans.exe:*:Enabled:Windows Automated Network Service
- key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- value: Windows Automated Network Service
- data: undefinedSYSTEMundefined\wans.exe
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- value: Windows Automated Network Service
- data: undefinedSYSTEMundefined\wans.exe
- key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
- value: StartupPrograms
- data: undefinedSYSTEMundefined\wans.exe
- key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- value: Userinit
- data: undefinedSYSTEMundefined\wans.exe
- key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
- value: load
- data: undefinedSYSTEMundefined\wans.exe
- DisplayName :Windows Automated Network Service
- ServiceName: WANS
- BinaryPathName: undefinedSYSTEMundefined\wans.exe
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |