Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | March 31, 2021, 6:12 p.m. | March 31, 2021, 6:15 p.m. |
-
-
svchost.exe "C:\Users\test22\AppData\Local\Temp\svchost.exe"
3500
-
IP Address | Status | Action |
---|---|---|
107.186.80.174 | Active | Moloch |
143.92.63.154 | Active | Moloch |
154.196.151.57 | Active | Moloch |
162.246.16.67 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.25.14 | Active | Moloch |
172.67.212.23 | Active | Moloch |
208.91.197.39 | Active | Moloch |
23.227.38.74 | Active | Moloch |
3.223.115.185 | Active | Moloch |
34.102.136.180 | Active | Moloch |
49.156.179.238 | Active | Moloch |
66.96.162.131 | Active | Moloch |
75.126.101.233 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.profoundai.net/c22b/?Jt7=rpIKAznr1hng9gfpyj+TGZo0GkcVk4hvDSWWXjOtP4H3/wQKhlpkZGtGvKv1ucHK/49yEoe8&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.tristatecandlesupply.net/c22b/?Jt7=ZPP+6NG7hPa7D/pRAKk67SZaGJDlQmsZpFTbUnYLokSY+Ybe+KFNg0JkYx22dzPtZZRZC25L&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.orangeecho.com/c22b/?Jt7=+cS1hFhSUMgyG1XN7zyQVeYAofXfv2Z1IU4Y/A1kGAEunj/iTCBG8iVSwWWrUROHiSDiynRD&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.saturnkorp.net/c22b/?Jt7=IngE1hDOfz/xrXd/zwheuQ4ABgAGAsEfCrLp9X1ReoJC4M60t2KVtLLFuR7A8Nl9D4jCWR6d&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.nature-powered.com/c22b/?Jt7=gMZS0DD6saKYnOXE9oC51+LMkZmn/HCE0RAFxOnjkyqRcA4ApUTvt68+inf9jJsnGfrLr2QV&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.tmancar.com/c22b/?Jt7=4DQakw3/6Y/oDZFQxHc+stiRF7o2U51IWvS9VXwI8Vcn9Xf+bYhXI6vIEN3XsIiQX5YN3Cg6&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.simdikikitap.com/c22b/?Jt7=qlj1ixcflcSMJJ9EbUYz+Kn8XJoESHItc42hAyfnx6G/0yYdUNJKpoBqekkYgGUIhkLrWJCW&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.aitelco.net/c22b/?Jt7=MmZJZq9q+xJYPFqeponmrUnmxEzzaDQVFJWC+mtFgK7A9v4vK+wH3saSO9aPWXW1FSrJ/2JR&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.dajiangzhibo12.com/c22b/?Jt7=5+EjqSxzxtGBBZoADJIwjNuki1nPzn2WfNsPkl3d3zU9JCc0jeLXkeCWxL7UoSHXsUI9o64f&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.pwjol.com/c22b/?Jt7=AvT2B13g0NJGY5xNZu+Y2n5h298IzrYCwz5NrXvIG52q8e0Se/MhnW0iroyWZwVe/95PdulL&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.xhvai.com/c22b/?Jt7=KO+I5REz4KHWFF4dyzMfPgQ6ZkspKQO64wMfyAVBbvLNsOXMR1+bc+SMpfDfUe0UiLC56F/z&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.vtz6whu5254xb1.xyz/c22b/?Jt7=5ho6ncVGowFaKf09k831vYHCH4/kodbR9mX0cGETo5GgSiIuBxvpdfPQGnveXBDesg/Ru56I&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.whowetrust.com/c22b/?Jt7=dnLo5ZxmWKpoAqgPLJJrqzqSek5xAfJXWr0PXCs066Jmf7qySmX9VdnTqRl50cTti5X/7bHI&BvI=BR-0AR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.abolishlawinforcement.com/c22b/?Jt7=1dQaaDtJ1/83k2VxDhM80GCvP8/I8CX19DsvhDwOSzSN5xUeyntRckuxQrpD65eTgEHCcTKy&BvI=BR-0AR |
request | POST http://www.profoundai.net/c22b/ |
request | GET http://www.profoundai.net/c22b/?Jt7=rpIKAznr1hng9gfpyj+TGZo0GkcVk4hvDSWWXjOtP4H3/wQKhlpkZGtGvKv1ucHK/49yEoe8&BvI=BR-0AR |
request | POST http://www.tristatecandlesupply.net/c22b/ |
request | GET http://www.tristatecandlesupply.net/c22b/?Jt7=ZPP+6NG7hPa7D/pRAKk67SZaGJDlQmsZpFTbUnYLokSY+Ybe+KFNg0JkYx22dzPtZZRZC25L&BvI=BR-0AR |
request | POST http://www.orangeecho.com/c22b/ |
request | GET http://www.orangeecho.com/c22b/?Jt7=+cS1hFhSUMgyG1XN7zyQVeYAofXfv2Z1IU4Y/A1kGAEunj/iTCBG8iVSwWWrUROHiSDiynRD&BvI=BR-0AR |
request | POST http://www.saturnkorp.net/c22b/ |
request | GET http://www.saturnkorp.net/c22b/?Jt7=IngE1hDOfz/xrXd/zwheuQ4ABgAGAsEfCrLp9X1ReoJC4M60t2KVtLLFuR7A8Nl9D4jCWR6d&BvI=BR-0AR |
request | POST http://www.nature-powered.com/c22b/ |
request | GET http://www.nature-powered.com/c22b/?Jt7=gMZS0DD6saKYnOXE9oC51+LMkZmn/HCE0RAFxOnjkyqRcA4ApUTvt68+inf9jJsnGfrLr2QV&BvI=BR-0AR |
request | POST http://www.tmancar.com/c22b/ |
request | GET http://www.tmancar.com/c22b/?Jt7=4DQakw3/6Y/oDZFQxHc+stiRF7o2U51IWvS9VXwI8Vcn9Xf+bYhXI6vIEN3XsIiQX5YN3Cg6&BvI=BR-0AR |
request | POST http://www.simdikikitap.com/c22b/ |
request | GET http://www.simdikikitap.com/c22b/?Jt7=qlj1ixcflcSMJJ9EbUYz+Kn8XJoESHItc42hAyfnx6G/0yYdUNJKpoBqekkYgGUIhkLrWJCW&BvI=BR-0AR |
request | POST http://www.aitelco.net/c22b/ |
request | GET http://www.aitelco.net/c22b/?Jt7=MmZJZq9q+xJYPFqeponmrUnmxEzzaDQVFJWC+mtFgK7A9v4vK+wH3saSO9aPWXW1FSrJ/2JR&BvI=BR-0AR |
request | POST http://www.dajiangzhibo12.com/c22b/ |
request | GET http://www.dajiangzhibo12.com/c22b/?Jt7=5+EjqSxzxtGBBZoADJIwjNuki1nPzn2WfNsPkl3d3zU9JCc0jeLXkeCWxL7UoSHXsUI9o64f&BvI=BR-0AR |
request | POST http://www.pwjol.com/c22b/ |
request | GET http://www.pwjol.com/c22b/?Jt7=AvT2B13g0NJGY5xNZu+Y2n5h298IzrYCwz5NrXvIG52q8e0Se/MhnW0iroyWZwVe/95PdulL&BvI=BR-0AR |
request | GET http://www.xhvai.com/c22b/?Jt7=KO+I5REz4KHWFF4dyzMfPgQ6ZkspKQO64wMfyAVBbvLNsOXMR1+bc+SMpfDfUe0UiLC56F/z&BvI=BR-0AR |
request | POST http://www.vtz6whu5254xb1.xyz/c22b/ |
request | GET http://www.vtz6whu5254xb1.xyz/c22b/?Jt7=5ho6ncVGowFaKf09k831vYHCH4/kodbR9mX0cGETo5GgSiIuBxvpdfPQGnveXBDesg/Ru56I&BvI=BR-0AR |
request | POST http://www.whowetrust.com/c22b/ |
request | GET http://www.whowetrust.com/c22b/?Jt7=dnLo5ZxmWKpoAqgPLJJrqzqSek5xAfJXWr0PXCs066Jmf7qySmX9VdnTqRl50cTti5X/7bHI&BvI=BR-0AR |
request | POST http://www.abolishlawinforcement.com/c22b/ |
request | GET http://www.abolishlawinforcement.com/c22b/?Jt7=1dQaaDtJ1/83k2VxDhM80GCvP8/I8CX19DsvhDwOSzSN5xUeyntRckuxQrpD65eTgEHCcTKy&BvI=BR-0AR |
request | POST http://www.profoundai.net/c22b/ |
request | POST http://www.tristatecandlesupply.net/c22b/ |
request | POST http://www.orangeecho.com/c22b/ |
request | POST http://www.saturnkorp.net/c22b/ |
request | POST http://www.nature-powered.com/c22b/ |
request | POST http://www.tmancar.com/c22b/ |
request | POST http://www.simdikikitap.com/c22b/ |
request | POST http://www.aitelco.net/c22b/ |
request | POST http://www.dajiangzhibo12.com/c22b/ |
request | POST http://www.pwjol.com/c22b/ |
request | POST http://www.vtz6whu5254xb1.xyz/c22b/ |
request | POST http://www.whowetrust.com/c22b/ |
request | POST http://www.abolishlawinforcement.com/c22b/ |
file | C:\Users\test22\AppData\Local\Temp\nsi1F9.tmp\kxxpjqdo92e33.dll |
cmdline | "C:\Users\test22\AppData\Local\Temp\svchost.exe" |
file | C:\Users\test22\AppData\Local\Temp\nsi1F9.tmp\kxxpjqdo92e33.dll |
host | 172.217.25.14 |
MicroWorld-eScan | Gen:Variant.Jaik.44831 |
FireEye | Gen:Variant.Jaik.44831 |
Sangfor | Trojan.Win32.Save.a |
Cyren | W32/Wacatac.CU.gen!Eldorado |
ESET-NOD32 | a variant of Win32/Injector.EOZZ |
APEX | Malicious |
Avast | Win32:TrojanX-gen [Trj] |
ClamAV | Win.Trojan.Generic-9848208-0 |
Kaspersky | HEUR:Trojan-Spy.Win32.Noon.gen |
Tencent | Win32.Trojan.Inject.Auto |
Ad-Aware | Gen:Variant.Jaik.44831 |
DrWeb | Trojan.Packed2.42989 |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.dc |
Microsoft | Trojan:Win32/SpyNoon!ml |
GData | Gen:Variant.Jaik.44831 |
AhnLab-V3 | Trojan/Win.Generic.R374864 |
Rising | Trojan.Injector!8.C4 (TFE:dGZlOgVTT9Cxl3PltA) |
Ikarus | Trojan.NSIS.Agent |
Fortinet | W32/Injector.EOLV!tr |
AVG | Win32:TrojanX-gen [Trj] |