Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | April 13, 2021, 11:31 a.m. | April 13, 2021, 11:33 a.m. |
-
-
-
-
cmd.exe /c del "C:\Users\test22\AppData\Local\Temp\vbc.exe"
2532
-
-
-
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
172.255.24.80 | Active | Moloch |
172.67.171.149 | Active | Moloch |
172.67.189.247 | Active | Moloch |
182.50.132.242 | Active | Moloch |
192.0.78.24 | Active | Moloch |
198.185.159.144 | Active | Moloch |
213.239.211.36 | Active | Moloch |
34.102.136.180 | Active | Moloch |
52.0.217.44 | Active | Moloch |
8.210.22.196 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .fipuh |
section | .wuta |
section | .new |
resource name | None |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.vinegret.com/nnmd/?GFQL=vSTcV67Wsym0gjaMHw+BLsLDF404VwtlM2ZL2+kS2oryP3sG0sNRMddYy5XCOzyR+w1r1rN4&Rl=VtX4M | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.israeldigitalblog.net/nnmd/?GFQL=RhKwvNZRq71Tr7FYOMJQyYr9uwiqQ6gfx1wpRXHKZy0OdMvbN5VELlZYmhSRX7q9d8bqmLsF&Rl=VtX4M | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.acernoxsas.com/nnmd/?GFQL=RIRhBHcBnpQFpzVEdm9Qn3YrBBK1OZbcUKpQDD4XzYml+x0kk9G8REWbCSESFdmiGdYULLFI&Rl=VtX4M | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.yetbor.com/nnmd/?GFQL=yFTKtd1luZIo7wvqEcSXbkRM0Fu9DXTErvPZ/33h4h9ltL5T5vX0h6V8ouFS6Gain5PLz56o&Rl=VtX4M | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.regalparkllc.com/nnmd/?GFQL=tTl8v8g2q+7FzdYz1UQNVvYPTgelaUE7gW7tW0qfdn51WjA1prpQnhugYZXHkQH8F1WTaXCY&Rl=VtX4M | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.scott-re.online/nnmd/?GFQL=YoDjfv9GFAPxmC/m/YrXEnPJINgN/ZGcUJt6czxWwkNRV1BAm2Kb0tXyCx+SX/c+MMPjJ8db&Rl=VtX4M | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.valid8.network/nnmd/?GFQL=CGq8FpRO0AiTL86OI7qyWUGcdnK3uFmp3WOqNHKk+zAOrlhHiWtpg/dTztC/+VOwDx9e6LJ8&Rl=VtX4M | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.samanthataylordesigns.com/nnmd/?GFQL=sVCsP3nYsNXlW4I2EqS3kB52HqjY7ZxXgFnkWYmWMO+p6LFBhhCa6Vg5Ah+KszLMV8i2Kccl&Rl=VtX4M | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.nevertraveled.com/nnmd/?GFQL=SYHpgW1+yTc6qOKF4v10dIdNZgCXdFrWPz9etZYqQDofpKwnSaEEWXbh+jQacXfWTKEwdu6J&Rl=VtX4M | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.verochfotografa.com/nnmd/?GFQL=5OXGp+Ye6mLmJS8fiP7moOjeBKd2VER7UUKnbPVzr25Ffc+7XnMrSBGyQLkDJ090wwdXjBMo&Rl=VtX4M |
request | POST http://www.vinegret.com/nnmd/ |
request | GET http://www.vinegret.com/nnmd/?GFQL=vSTcV67Wsym0gjaMHw+BLsLDF404VwtlM2ZL2+kS2oryP3sG0sNRMddYy5XCOzyR+w1r1rN4&Rl=VtX4M |
request | POST http://www.israeldigitalblog.net/nnmd/ |
request | GET http://www.israeldigitalblog.net/nnmd/?GFQL=RhKwvNZRq71Tr7FYOMJQyYr9uwiqQ6gfx1wpRXHKZy0OdMvbN5VELlZYmhSRX7q9d8bqmLsF&Rl=VtX4M |
request | POST http://www.acernoxsas.com/nnmd/ |
request | GET http://www.acernoxsas.com/nnmd/?GFQL=RIRhBHcBnpQFpzVEdm9Qn3YrBBK1OZbcUKpQDD4XzYml+x0kk9G8REWbCSESFdmiGdYULLFI&Rl=VtX4M |
request | POST http://www.yetbor.com/nnmd/ |
request | GET http://www.yetbor.com/nnmd/?GFQL=yFTKtd1luZIo7wvqEcSXbkRM0Fu9DXTErvPZ/33h4h9ltL5T5vX0h6V8ouFS6Gain5PLz56o&Rl=VtX4M |
request | POST http://www.regalparkllc.com/nnmd/ |
request | GET http://www.regalparkllc.com/nnmd/?GFQL=tTl8v8g2q+7FzdYz1UQNVvYPTgelaUE7gW7tW0qfdn51WjA1prpQnhugYZXHkQH8F1WTaXCY&Rl=VtX4M |
request | POST http://www.scott-re.online/nnmd/ |
request | GET http://www.scott-re.online/nnmd/?GFQL=YoDjfv9GFAPxmC/m/YrXEnPJINgN/ZGcUJt6czxWwkNRV1BAm2Kb0tXyCx+SX/c+MMPjJ8db&Rl=VtX4M |
request | POST http://www.valid8.network/nnmd/ |
request | GET http://www.valid8.network/nnmd/?GFQL=CGq8FpRO0AiTL86OI7qyWUGcdnK3uFmp3WOqNHKk+zAOrlhHiWtpg/dTztC/+VOwDx9e6LJ8&Rl=VtX4M |
request | POST http://www.samanthataylordesigns.com/nnmd/ |
request | GET http://www.samanthataylordesigns.com/nnmd/?GFQL=sVCsP3nYsNXlW4I2EqS3kB52HqjY7ZxXgFnkWYmWMO+p6LFBhhCa6Vg5Ah+KszLMV8i2Kccl&Rl=VtX4M |
request | POST http://www.nevertraveled.com/nnmd/ |
request | GET http://www.nevertraveled.com/nnmd/?GFQL=SYHpgW1+yTc6qOKF4v10dIdNZgCXdFrWPz9etZYqQDofpKwnSaEEWXbh+jQacXfWTKEwdu6J&Rl=VtX4M |
request | POST http://www.verochfotografa.com/nnmd/ |
request | GET http://www.verochfotografa.com/nnmd/?GFQL=5OXGp+Ye6mLmJS8fiP7moOjeBKd2VER7UUKnbPVzr25Ffc+7XnMrSBGyQLkDJ090wwdXjBMo&Rl=VtX4M |
request | POST http://www.vinegret.com/nnmd/ |
request | POST http://www.israeldigitalblog.net/nnmd/ |
request | POST http://www.acernoxsas.com/nnmd/ |
request | POST http://www.yetbor.com/nnmd/ |
request | POST http://www.regalparkllc.com/nnmd/ |
request | POST http://www.scott-re.online/nnmd/ |
request | POST http://www.valid8.network/nnmd/ |
request | POST http://www.samanthataylordesigns.com/nnmd/ |
request | POST http://www.nevertraveled.com/nnmd/ |
request | POST http://www.verochfotografa.com/nnmd/ |
file | C:\Users\test22\AppData\Local\Temp\vbc.exe |
file | C:\Users\test22\AppData\Local\Temp\vbc.exe |
section | {u'size_of_data': u'0x0004ae00', u'virtual_address': u'0x00001000', u'entropy': 7.494906807445011, u'name': u'.text', u'virtual_size': u'0x0004ac63'} | entropy | 7.49490680745 | description | A section with a high entropy has been found | |||||||||
entropy | 0.795484727756 | description | Overall entropy of this PE file is high |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Bypass DEP | rule | disable_dep |
cmdline | /c del "C:\Users\test22\AppData\Local\Temp\vbc.exe" |