Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | April 29, 2021, 9:59 a.m. | April 29, 2021, 10:01 a.m. |
-
-
cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /pid 260 & erase C:\Users\test22\AppData\Local\Temp\FLP_5012_306_171.exe & RD /S /Q C:\\ProgramData\\017072222443986\\* & exit
2948-
taskkill.exe taskkill /pid 260
1852
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1848
Name | Response | Post-Analysis Lookup |
---|---|---|
5azc.xyz | 45.144.225.201 |
Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://5azc.xyz/6.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://5azc.xyz/1.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://5azc.xyz/2.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://5azc.xyz/3.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://5azc.xyz/4.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://5azc.xyz/5.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://5azc.xyz/7.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://5azc.xyz/main.php | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://5azc.xyz/ |
request | POST http://5azc.xyz/6.jpg |
request | POST http://5azc.xyz/1.jpg |
request | POST http://5azc.xyz/2.jpg |
request | POST http://5azc.xyz/3.jpg |
request | POST http://5azc.xyz/4.jpg |
request | POST http://5azc.xyz/5.jpg |
request | POST http://5azc.xyz/7.jpg |
request | POST http://5azc.xyz/main.php |
request | POST http://5azc.xyz/ |
request | POST http://5azc.xyz/6.jpg |
request | POST http://5azc.xyz/1.jpg |
request | POST http://5azc.xyz/2.jpg |
request | POST http://5azc.xyz/3.jpg |
request | POST http://5azc.xyz/4.jpg |
request | POST http://5azc.xyz/5.jpg |
request | POST http://5azc.xyz/7.jpg |
request | POST http://5azc.xyz/main.php |
request | POST http://5azc.xyz/ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State |
file | C:\Users\test22\AppData\Local\Chromium\User Data\Local State |
file | C:\Users\test22\AppData\Local\Nichrome\User Data\Local State |
file | C:\ProgramData\sqlite3.dll |
file | C:\ProgramData\freebl3.dll |
file | C:\ProgramData\msvcp140.dll |
file | C:\ProgramData\nss3.dll |
file | C:\ProgramData\vcruntime140.dll |
file | C:\ProgramData\mozglue.dll |
file | C:\ProgramData\softokn3.dll |
cmdline | "C:\Windows\System32\cmd.exe" /c taskkill /pid 260 & erase C:\Users\test22\AppData\Local\Temp\FLP_5012_306_171.exe & RD /S /Q C:\\ProgramData\\017072222443986\\* & exit |
cmdline | cmd.exe /c taskkill /pid 260 & erase C:\Users\test22\AppData\Local\Temp\FLP_5012_306_171.exe & RD /S /Q C:\\ProgramData\\017072222443986\\* & exit |
file | C:\Users\test22\AppData\Local\Temp\FLP_5012_306_171.exe |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( ProcessId = 260) |