Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 13, 2021, 9:59 a.m. | April 13, 2021, 10:14 a.m. |
-
-
regasm.exe "C:\Users\test22\AppData\Local\Temp\regasm.exe"
3388
-
IP Address | Status | Action |
---|---|---|
107.160.118.15 | Active | Moloch |
107.180.58.51 | Active | Moloch |
159.25.16.226 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.25.14 | Active | Moloch |
185.179.157.0 | Active | Moloch |
192.185.0.218 | Active | Moloch |
198.49.23.145 | Active | Moloch |
198.54.117.197 | Active | Moloch |
198.54.117.198 | Active | Moloch |
204.11.56.48 | Active | Moloch |
34.102.136.180 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.cashforhoustonhomes.com/svh9/?GzuD=WBjTZrPXs&_ZOx46=Z+2KIbireQ1N7FnKwLUmOBJgZshI3Ou6JZzTQOj9ZzGKN8aedgfhiB5hJ5s24i6+PaavtCZ9 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.miucce.com/svh9/?_ZOx46=wImYdmeU9tMtg/ybNGHTf7iC39Zd9KaNnEwv//3GJN/5pEvSh61uDhX8FRs12IefCIEjTat4&GzuD=WBjTZrPXs | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.daaprank.com/svh9/?GzuD=WBjTZrPXs&_ZOx46=pOyVBkpmjBl4UQ+st/zSPGZd3EmnGMA7ZuEPueNaeaG7OVKWgRfShdYn3SUkBQvyKRSGQXDu | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.dookietime.com/svh9/?_ZOx46=E6nAtqyEn1iF0QlYxoLq2xWmaAW9lfylABBStkBhUOqiY1kqa+UcTjKQEuubYbEJPTnOF0eV&GzuD=WBjTZrPXs | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.liuhanbao.com/svh9/?GzuD=WBjTZrPXs&_ZOx46=Wl3B3sBelUB4cX692W6XSN4h6pr274pQJPb9Dw6eyNKsSWZYCCPq26JR2eTyLHRPHDGEFeiL | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.nearbygetaway.com/svh9/?_ZOx46=XkjUSRgusg5V481eiV1JDOqrMhhip3CDqkn8d3DGL0KYgs5OKfgRuUtNTmUiqmPQKS9U0CoI&GzuD=WBjTZrPXs | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.aldlan-studio.com/svh9/?GzuD=WBjTZrPXs&_ZOx46=iUgadD8mG99znoInhcIeLrQXBXKqEwA1IwwA4YgT2BCb1zuBx9MX2SxVDgkG52FkHnGec8p3 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.cultbehaviour.net/svh9/?GzuD=WBjTZrPXs&_ZOx46=j9Pk+tYvJJbsnCvnCx2gDll+Thl/DV2CEZ3yRX1xT3TJXASdxPEvuE+xFnWuRQ+KItuqSuNK | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.orangepensiontrust.com/svh9/?_ZOx46=yVIJ+1ekb4x5Nt1sGTaSINqEVreOhkPwJg2QoK71/KoVrHRHPpEFie4loXw5vtKsgDWOW1Kt&GzuD=WBjTZrPXs |
request | POST http://www.cashforhoustonhomes.com/svh9/ |
request | GET http://www.cashforhoustonhomes.com/svh9/?GzuD=WBjTZrPXs&_ZOx46=Z+2KIbireQ1N7FnKwLUmOBJgZshI3Ou6JZzTQOj9ZzGKN8aedgfhiB5hJ5s24i6+PaavtCZ9 |
request | POST http://www.miucce.com/svh9/ |
request | GET http://www.miucce.com/svh9/?_ZOx46=wImYdmeU9tMtg/ybNGHTf7iC39Zd9KaNnEwv//3GJN/5pEvSh61uDhX8FRs12IefCIEjTat4&GzuD=WBjTZrPXs |
request | POST http://www.daaprank.com/svh9/ |
request | GET http://www.daaprank.com/svh9/?GzuD=WBjTZrPXs&_ZOx46=pOyVBkpmjBl4UQ+st/zSPGZd3EmnGMA7ZuEPueNaeaG7OVKWgRfShdYn3SUkBQvyKRSGQXDu |
request | POST http://www.dookietime.com/svh9/ |
request | GET http://www.dookietime.com/svh9/?_ZOx46=E6nAtqyEn1iF0QlYxoLq2xWmaAW9lfylABBStkBhUOqiY1kqa+UcTjKQEuubYbEJPTnOF0eV&GzuD=WBjTZrPXs |
request | POST http://www.liuhanbao.com/svh9/ |
request | GET http://www.liuhanbao.com/svh9/?GzuD=WBjTZrPXs&_ZOx46=Wl3B3sBelUB4cX692W6XSN4h6pr274pQJPb9Dw6eyNKsSWZYCCPq26JR2eTyLHRPHDGEFeiL |
request | POST http://www.nearbygetaway.com/svh9/ |
request | GET http://www.nearbygetaway.com/svh9/?_ZOx46=XkjUSRgusg5V481eiV1JDOqrMhhip3CDqkn8d3DGL0KYgs5OKfgRuUtNTmUiqmPQKS9U0CoI&GzuD=WBjTZrPXs |
request | POST http://www.aldlan-studio.com/svh9/ |
request | GET http://www.aldlan-studio.com/svh9/?GzuD=WBjTZrPXs&_ZOx46=iUgadD8mG99znoInhcIeLrQXBXKqEwA1IwwA4YgT2BCb1zuBx9MX2SxVDgkG52FkHnGec8p3 |
request | POST http://www.cultbehaviour.net/svh9/ |
request | GET http://www.cultbehaviour.net/svh9/?GzuD=WBjTZrPXs&_ZOx46=j9Pk+tYvJJbsnCvnCx2gDll+Thl/DV2CEZ3yRX1xT3TJXASdxPEvuE+xFnWuRQ+KItuqSuNK |
request | POST http://www.orangepensiontrust.com/svh9/ |
request | GET http://www.orangepensiontrust.com/svh9/?_ZOx46=yVIJ+1ekb4x5Nt1sGTaSINqEVreOhkPwJg2QoK71/KoVrHRHPpEFie4loXw5vtKsgDWOW1Kt&GzuD=WBjTZrPXs |
request | POST http://www.cashforhoustonhomes.com/svh9/ |
request | POST http://www.miucce.com/svh9/ |
request | POST http://www.daaprank.com/svh9/ |
request | POST http://www.dookietime.com/svh9/ |
request | POST http://www.liuhanbao.com/svh9/ |
request | POST http://www.nearbygetaway.com/svh9/ |
request | POST http://www.aldlan-studio.com/svh9/ |
request | POST http://www.cultbehaviour.net/svh9/ |
request | POST http://www.orangepensiontrust.com/svh9/ |
file | C:\Users\test22\AppData\Local\Temp\nsd8590.tmp\lp2q5fglra.dll |
file | C:\Users\test22\AppData\Local\Temp\nsd8590.tmp\lp2q5fglra.dll |
FireEye | Generic.mg.dc8a2259a6b20756 |
Kaspersky | HEUR:Trojan.Win32.Zenpak.gen |
VIPRE | Trojan.Win32.Generic!BT |
Sophos | Generic ML PUA (PUA) |
APEX | Malicious |
Microsoft | Trojan:Win32/Wacatac.B!ml |
AhnLab-V3 | Trojan/Win.Generic.R415229 |
Qihoo-360 | HEUR/QVM42.0.8C2F.Malware.Gen |
host | 172.217.25.14 |
dead_host | 198.54.117.198:80 |
dead_host | 198.54.117.197:80 |