Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 21, 2021, 10:06 a.m. | April 21, 2021, 10:11 a.m. |
-
-
prosperx.exe "C:\Users\test22\AppData\Local\Temp\prosperx.exe"
3172
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.topgradetutors.net |
CNAME
topgradetutors.net
|
151.101.194.159 |
www.20190606.com |
CNAME
8kpj.jiasubook.com
|
103.101.188.119 |
www.sophieberiault.com |
CNAME
sophieberiault.com
|
166.62.108.196 |
www.milehighcitygames.com |
CNAME
milehighcitygames.com
|
34.102.136.180 |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.milehighcitygames.com/xcl/?Tj=fTgN0Et6e/d09dZDxyMRrypPZrJHAeTvzEoww+MZoNOHJJv+5czzLYqto9iAljufQKJX/SVl&SX=dn98bVV0hxJ4 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.sophieberiault.com/xcl/?Tj=a/FLMe0ya/9YtTuUYok1B7vp/5Gr9at0LM/5wBD76A+xTQCdjVAZGPVTPrI0zw+67MuX3Fmg&SX=dn98bVV0hxJ4 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.topgradetutors.net/xcl/?Tj=Iac5W1wUqDosYJk6LxlBM2b783u0YGGNexhKQMJrvkzTaDAxSdLOMJq38mi9FvZlS0tSXUVd&SX=dn98bVV0hxJ4 |
request | GET http://www.milehighcitygames.com/xcl/?Tj=fTgN0Et6e/d09dZDxyMRrypPZrJHAeTvzEoww+MZoNOHJJv+5czzLYqto9iAljufQKJX/SVl&SX=dn98bVV0hxJ4 |
request | GET http://www.sophieberiault.com/xcl/?Tj=a/FLMe0ya/9YtTuUYok1B7vp/5Gr9at0LM/5wBD76A+xTQCdjVAZGPVTPrI0zw+67MuX3Fmg&SX=dn98bVV0hxJ4 |
request | GET http://www.topgradetutors.net/xcl/?Tj=Iac5W1wUqDosYJk6LxlBM2b783u0YGGNexhKQMJrvkzTaDAxSdLOMJq38mi9FvZlS0tSXUVd&SX=dn98bVV0hxJ4 |
file | C:\Users\test22\AppData\Local\Temp\nsj63.tmp\8yuqrvh.dll |
file | C:\Users\test22\AppData\Local\Temp\nsj63.tmp\8yuqrvh.dll |
host | 172.217.25.14 |
Bkav | W32.AIDetect.malware1 |
Elastic | malicious (high confidence) |
McAfee | Artemis!7F3FC7D08644 |
Cylance | Unsafe |
K7AntiVirus | Trojan ( 005772cf1 ) |
K7GW | Trojan ( 005772cf1 ) |
Cybereason | malicious.8a776b |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Kaspersky | VHO:Trojan-Spy.Win32.Noon.gen |
NANO-Antivirus | Trojan.Win32.Androm.ikbioz |
Sophos | Generic ML PUA (PUA) |
McAfee-GW-Edition | BehavesLike.Win32.Vopak.dc |
FireEye | Generic.mg.7f3fc7d086447a7e |
SentinelOne | Static AI - Malicious PE |
Avira | HEUR/AGEN.1140854 |
Gridinsoft | Adware.Win32.Linkury.oa!s1 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Malware/Gen.RL_Reputation.R364385 |
Ikarus | Trojan.NSIS.Agent |
Fortinet | NSIS/Injector.EOYT!tr |
CrowdStrike | win/malicious_confidence_80% (D) |
dead_host | 103.101.188.123:80 |