Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 13, 2021, 9:58 a.m. | April 13, 2021, 10:28 a.m. |
IP Address | Status | Action |
---|---|---|
103.86.176.10 | Active | Moloch |
137.117.64.85 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.25.14 | Active | Moloch |
172.67.210.123 | Active | Moloch |
184.168.131.241 | Active | Moloch |
23.227.38.74 | Active | Moloch |
34.102.136.180 | Active | Moloch |
45.34.238.253 | Active | Moloch |
91.236.136.12 | Active | Moloch |
59.18.44.14 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.formula-kuhni.com/hx3a/?kfL4bD=caEAE6TMNpstNWNzBS8nf+GDaIfP+W5I+AjwjXTPkb+IEfM7tlcs+MNsJ0nLlfwLg5GA5aWf&jBZx=D8b0b | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.freeworldsin.com/hx3a/?kfL4bD=3DLg49gztkEwDEpIhVA6GAYr4+4EzSmtPlay4vrQXwYdcq0BUm/96tiO2YO0ZgN2rKAOBP6W&jBZx=D8b0b | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.stkify.com/hx3a/?kfL4bD=BjXYzYy3Wwi6aFrEgM1HjT0aBbEvvpOSUIS/nNRAIJdaTtvHKKMsj+M6Q3I+cHJNNRrjAE2C&jBZx=D8b0b | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.aksharnewtown.com/hx3a/?kfL4bD=UKCdSLR8412vaMHIP2MhlUsk7yfSGMFZEuzAx2SZAjE0ZNyfcYSEyp6nktJEVuEc4C6Qs51w&jBZx=D8b0b | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.roughcuttavernorder.com/hx3a/?kfL4bD=SZwlqd8Hzn3rpaEWsCajdeS5oRp1CcdbOIkzozoaJWcxcB0oMm0zINyb01h8HBqPBgXJWi1M&jBZx=D8b0b | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.recovatek.com/hx3a/?kfL4bD=fCmUcBRjRsJN2niul11B/xiypSW2fUD8cUjfy08rELK4cGFPgnyxy4j4Y+fYFi5gkgSESZTn&jBZx=D8b0b | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.sellingdealsinheels.com/hx3a/?kfL4bD=ZQONasgLaIqJtl+Y9ynHdAMgHGG3yPHQMSSB3SdTownDFaJtrUUp853ISMl3zW6kC1fHv0WQ&jBZx=D8b0b | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.bookbeachchairs.com/hx3a/?kfL4bD=EBC1Cs7uqSFNwkQnGgLKPc+2rIVZ9PU/AWUwkk97HGSV6MybJ9/jFS+r7M72vm+mHjcr9wDF&jBZx=D8b0b | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.sxqyws.net/hx3a/?kfL4bD=T9MXgcgL1KL8QuajaJKCENDo6nNTCJSWQpkqYg4zOpZsIFxlmDBTIA+IF+ioP0h6JnMBeNuT&jBZx=D8b0b |
request | POST http://www.formula-kuhni.com/hx3a/ |
request | GET http://www.formula-kuhni.com/hx3a/?kfL4bD=caEAE6TMNpstNWNzBS8nf+GDaIfP+W5I+AjwjXTPkb+IEfM7tlcs+MNsJ0nLlfwLg5GA5aWf&jBZx=D8b0b |
request | POST http://www.freeworldsin.com/hx3a/ |
request | GET http://www.freeworldsin.com/hx3a/?kfL4bD=3DLg49gztkEwDEpIhVA6GAYr4+4EzSmtPlay4vrQXwYdcq0BUm/96tiO2YO0ZgN2rKAOBP6W&jBZx=D8b0b |
request | POST http://www.stkify.com/hx3a/ |
request | GET http://www.stkify.com/hx3a/?kfL4bD=BjXYzYy3Wwi6aFrEgM1HjT0aBbEvvpOSUIS/nNRAIJdaTtvHKKMsj+M6Q3I+cHJNNRrjAE2C&jBZx=D8b0b |
request | POST http://www.aksharnewtown.com/hx3a/ |
request | GET http://www.aksharnewtown.com/hx3a/?kfL4bD=UKCdSLR8412vaMHIP2MhlUsk7yfSGMFZEuzAx2SZAjE0ZNyfcYSEyp6nktJEVuEc4C6Qs51w&jBZx=D8b0b |
request | POST http://www.roughcuttavernorder.com/hx3a/ |
request | GET http://www.roughcuttavernorder.com/hx3a/?kfL4bD=SZwlqd8Hzn3rpaEWsCajdeS5oRp1CcdbOIkzozoaJWcxcB0oMm0zINyb01h8HBqPBgXJWi1M&jBZx=D8b0b |
request | POST http://www.recovatek.com/hx3a/ |
request | GET http://www.recovatek.com/hx3a/?kfL4bD=fCmUcBRjRsJN2niul11B/xiypSW2fUD8cUjfy08rELK4cGFPgnyxy4j4Y+fYFi5gkgSESZTn&jBZx=D8b0b |
request | POST http://www.sellingdealsinheels.com/hx3a/ |
request | GET http://www.sellingdealsinheels.com/hx3a/?kfL4bD=ZQONasgLaIqJtl+Y9ynHdAMgHGG3yPHQMSSB3SdTownDFaJtrUUp853ISMl3zW6kC1fHv0WQ&jBZx=D8b0b |
request | POST http://www.bookbeachchairs.com/hx3a/ |
request | GET http://www.bookbeachchairs.com/hx3a/?kfL4bD=EBC1Cs7uqSFNwkQnGgLKPc+2rIVZ9PU/AWUwkk97HGSV6MybJ9/jFS+r7M72vm+mHjcr9wDF&jBZx=D8b0b |
request | POST http://www.sxqyws.net/hx3a/ |
request | GET http://www.sxqyws.net/hx3a/?kfL4bD=T9MXgcgL1KL8QuajaJKCENDo6nNTCJSWQpkqYg4zOpZsIFxlmDBTIA+IF+ioP0h6JnMBeNuT&jBZx=D8b0b |
request | POST http://www.formula-kuhni.com/hx3a/ |
request | POST http://www.freeworldsin.com/hx3a/ |
request | POST http://www.stkify.com/hx3a/ |
request | POST http://www.aksharnewtown.com/hx3a/ |
request | POST http://www.roughcuttavernorder.com/hx3a/ |
request | POST http://www.recovatek.com/hx3a/ |
request | POST http://www.sellingdealsinheels.com/hx3a/ |
request | POST http://www.bookbeachchairs.com/hx3a/ |
request | POST http://www.sxqyws.net/hx3a/ |
file | C:\Users\test22\AppData\Local\Temp\nse53.tmp\h336ss.dll |
file | C:\Users\test22\AppData\Local\Temp\nse53.tmp\h336ss.dll |
host | 172.217.25.14 | |||
host | 59.18.44.14 |
MicroWorld-eScan | Gen:Variant.Jaik.45088 |
FireEye | Generic.mg.b2e46b8ad3081ee9 |
McAfee | Artemis!B2E46B8AD308 |
Cybereason | malicious.fb1209 |
Cyren | W32/Injector.AGZ.gen!Eldorado |
ESET-NOD32 | a variant of Win32/Injector.EPCK |
APEX | Malicious |
Kaspersky | HEUR:Trojan-Spy.Win32.Noon.gen |
BitDefender | Gen:Variant.Jaik.45088 |
Ad-Aware | Gen:Variant.Jaik.45088 |
Emsisoft | Gen:Variant.Jaik.45088 (B) |
McAfee-GW-Edition | Artemis!Trojan |
SentinelOne | Static AI - Suspicious PE |
MAX | malware (ai score=85) |
Microsoft | Program:Win32/Wacapew.C!ml |
GData | Gen:Variant.Jaik.45088 |
Cynet | Malicious (score: 100) |
BitDefenderTheta | Gen:NN.ZedlaF.34670.au4@a0Gz9mai |
ALYac | Gen:Variant.Jaik.45088 |
Ikarus | Trojan.NSIS.Agent |
Fortinet | W32/Injector.EPAI!tr |
Qihoo-360 | QVM42.0.Malware.Gen |