Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | March 31, 2021, 6:11 p.m. | March 31, 2021, 6:25 p.m. |
-
-
regasm.exe "C:\Users\test22\AppData\Local\Temp\regasm.exe"
3500
-
IP Address | Status | Action |
---|---|---|
142.250.34.2 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.25.14 | Active | Moloch |
192.161.85.138 | Active | Moloch |
209.99.64.55 | Active | Moloch |
34.102.136.180 | Active | Moloch |
35.208.100.7 | Active | Moloch |
35.209.116.220 | Active | Moloch |
51.79.19.180 | Active | Moloch |
54.246.199.25 | Active | Moloch |
89.252.184.211 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.yewanfuli.com/jzvu/?FdC0=IEU8I0/tC6F/KCdEy+3/+7TFP6YUv7z1v1o/e0OOy/mVFqBoYKwLag6wZyS58s3EZzGxSPgy&Bj=9r4L1 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.mehmederdas.com/jzvu/?FdC0=eS033VqPyoDF1zl9RuFOGLLaI3YhNk5+wD8xuEKzccVT7RWN/GB5mzOJ4PQDJsdZB3hWq1Hx&Bj=9r4L1 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.itsukayamamura.com/jzvu/?FdC0=tXKXxSCKjoInrmbVUNYn4wBm5+rRDXtUTNx6DO+yunu9lqQxuOQDcGa4mcfxTJOlXXG65LJj&Bj=9r4L1 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.fountainhead410.com/jzvu/?FdC0=gPJmkLd5Iumt7+/kXloFFkASjT6JhxFOIwMVszm/38cgqTBuSKrIjhSH0WtLGx7FJukKw9E+&Bj=9r4L1 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.thekeycrewshop.com/jzvu/?FdC0=WyqCxff5WYuDUI3l9SqtE/vqx1o9agmUmA0/6uOuL0r1THlvHyo6aOjySaUbyyuDkZGnIHS8&Bj=9r4L1 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.hippopotames-consultants.com/jzvu/?FdC0=boZgPmLpFlFruuJbAFnB0agXJz3TKQ2lWJ53yKL54RNh00xL8F6K364TN2s9+osNSchaCIqx&Bj=9r4L1 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.theoneandonlytattoostudio.com/jzvu/?FdC0=j2v8V70Ofxp4tvniEIa0jhRWZtem+iS9b/3BksfFj+bGaZSgxqBisQW1hEAQPC+xRThK68Z9&Bj=9r4L1 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.maxicreamheladeriafruteria.com/jzvu/?FdC0=xbv2RQqqOaEgJ4A3qLW2S3SVCDfKq7jP/K9ZMoRCkZfjCxPnch7MeD0Q3EOjQvWoRnx5agTa&Bj=9r4L1 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.amarisworstell.com/jzvu/?FdC0=dswBW2wHvZfOAOH0mnQD6UmhvD38CbU2VkWxxFHWQjFgaxhGJnyTAXuLwfnW9ywlE8zP3Qih&Bj=9r4L1 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.standingrockcellars.com/jzvu/?FdC0=wsn9Q3qXtDODN5Y82e8sp90wlLBhDD+MWEMyCKCB+Re0ld07vmM6+0vxuCG3AIjCnPE7bSPi&Bj=9r4L1 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2?cup2key=10:2761306227&cup2hreq=8d2177a275c6a2ed31370f3125f657a4cd2ced7eedb1fda03dd4d7426fce0edd | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2 |
request | POST http://www.yewanfuli.com/jzvu/ |
request | GET http://www.yewanfuli.com/jzvu/?FdC0=IEU8I0/tC6F/KCdEy+3/+7TFP6YUv7z1v1o/e0OOy/mVFqBoYKwLag6wZyS58s3EZzGxSPgy&Bj=9r4L1 |
request | POST http://www.mehmederdas.com/jzvu/ |
request | GET http://www.mehmederdas.com/jzvu/?FdC0=eS033VqPyoDF1zl9RuFOGLLaI3YhNk5+wD8xuEKzccVT7RWN/GB5mzOJ4PQDJsdZB3hWq1Hx&Bj=9r4L1 |
request | POST http://www.itsukayamamura.com/jzvu/ |
request | GET http://www.itsukayamamura.com/jzvu/?FdC0=tXKXxSCKjoInrmbVUNYn4wBm5+rRDXtUTNx6DO+yunu9lqQxuOQDcGa4mcfxTJOlXXG65LJj&Bj=9r4L1 |
request | HEAD http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe |
request | GET http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe |
request | POST http://www.fountainhead410.com/jzvu/ |
request | GET http://www.fountainhead410.com/jzvu/?FdC0=gPJmkLd5Iumt7+/kXloFFkASjT6JhxFOIwMVszm/38cgqTBuSKrIjhSH0WtLGx7FJukKw9E+&Bj=9r4L1 |
request | POST http://www.thekeycrewshop.com/jzvu/ |
request | GET http://www.thekeycrewshop.com/jzvu/?FdC0=WyqCxff5WYuDUI3l9SqtE/vqx1o9agmUmA0/6uOuL0r1THlvHyo6aOjySaUbyyuDkZGnIHS8&Bj=9r4L1 |
request | POST http://www.hippopotames-consultants.com/jzvu/ |
request | GET http://www.hippopotames-consultants.com/jzvu/?FdC0=boZgPmLpFlFruuJbAFnB0agXJz3TKQ2lWJ53yKL54RNh00xL8F6K364TN2s9+osNSchaCIqx&Bj=9r4L1 |
request | POST http://www.theoneandonlytattoostudio.com/jzvu/ |
request | GET http://www.theoneandonlytattoostudio.com/jzvu/?FdC0=j2v8V70Ofxp4tvniEIa0jhRWZtem+iS9b/3BksfFj+bGaZSgxqBisQW1hEAQPC+xRThK68Z9&Bj=9r4L1 |
request | POST http://www.maxicreamheladeriafruteria.com/jzvu/ |
request | GET http://www.maxicreamheladeriafruteria.com/jzvu/?FdC0=xbv2RQqqOaEgJ4A3qLW2S3SVCDfKq7jP/K9ZMoRCkZfjCxPnch7MeD0Q3EOjQvWoRnx5agTa&Bj=9r4L1 |
request | POST http://www.amarisworstell.com/jzvu/ |
request | GET http://www.amarisworstell.com/jzvu/?FdC0=dswBW2wHvZfOAOH0mnQD6UmhvD38CbU2VkWxxFHWQjFgaxhGJnyTAXuLwfnW9ywlE8zP3Qih&Bj=9r4L1 |
request | POST http://www.standingrockcellars.com/jzvu/ |
request | GET http://www.standingrockcellars.com/jzvu/?FdC0=wsn9Q3qXtDODN5Y82e8sp90wlLBhDD+MWEMyCKCB+Re0ld07vmM6+0vxuCG3AIjCnPE7bSPi&Bj=9r4L1 |
request | POST https://update.googleapis.com/service/update2?cup2key=10:2761306227&cup2hreq=8d2177a275c6a2ed31370f3125f657a4cd2ced7eedb1fda03dd4d7426fce0edd |
request | POST https://update.googleapis.com/service/update2 |
request | POST http://www.yewanfuli.com/jzvu/ |
request | POST http://www.mehmederdas.com/jzvu/ |
request | POST http://www.itsukayamamura.com/jzvu/ |
request | POST http://www.fountainhead410.com/jzvu/ |
request | POST http://www.thekeycrewshop.com/jzvu/ |
request | POST http://www.hippopotames-consultants.com/jzvu/ |
request | POST http://www.theoneandonlytattoostudio.com/jzvu/ |
request | POST http://www.maxicreamheladeriafruteria.com/jzvu/ |
request | POST http://www.amarisworstell.com/jzvu/ |
request | POST http://www.standingrockcellars.com/jzvu/ |
request | POST https://update.googleapis.com/service/update2?cup2key=10:2761306227&cup2hreq=8d2177a275c6a2ed31370f3125f657a4cd2ced7eedb1fda03dd4d7426fce0edd |
request | POST https://update.googleapis.com/service/update2 |
file | C:\Users\test22\AppData\Local\Temp\nspC0.tmp\zi91tc7njdwau6u.dll |
file | C:\Users\test22\AppData\Local\Temp\nspC0.tmp\zi91tc7njdwau6u.dll |
host | 172.217.25.14 |
MicroWorld-eScan | Gen:Variant.Jaik.44831 |
FireEye | Gen:Variant.Jaik.44831 |
Sangfor | Trojan.Win32.Save.a |
Arcabit | Trojan.Jaik.DAF1F |
Cyren | W32/Agent.CMD.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Kaspersky | UDS:Trojan-Spy.Win32.Noon.gen |
BitDefender | Gen:Variant.Jaik.44831 |
Paloalto | generic.ml |
Ad-Aware | Gen:Variant.Jaik.44831 |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.dc |
Microsoft | Trojan:Win32/Wacatac.B!ml |
GData | Gen:Variant.Jaik.44831 |
Ikarus | Trojan.NSIS.Agent |
Fortinet | W32/Injector.EOLV!tr |