Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 3, 2021, 4:45 p.m. | May 3, 2021, 4:57 p.m. |
-
-
prosperx.exe "C:\Users\test22\AppData\Local\Temp\prosperx.exe"
2384
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.crystalwiththecrystalz.com | 151.101.193.211 | |
www.amarak-uniform.com | ||
www.print12580.com | 23.81.96.159 | |
www.mamapacho.com |
CNAME
mamapacho.com
|
34.102.136.180 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.crystalwiththecrystalz.com/xcl/?mJExMd=22pQot5QhP0reu3QutJgiv1bb8fa3vwFu9urOUpD05nkspV5DBFZiUUJP7Fmb0DNUG1du7Kn&_joT_=Zfdl70hxJB | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.mamapacho.com/xcl/?mJExMd=rRF6wUI3ZhpfbZgF2Y+3InukcIVyWBz1vsPJWbFlIMo0SBfoPh+8CYvjkPbPIFulITKe8rBE&_joT_=Zfdl70hxJB | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.print12580.com/xcl/?mJExMd=5aEa/bF6qdarcChzQR50qpWbd544aitgDS9a2klJHHN/Qgk1YZlctc871lRMm/sbN3yYYw6h&_joT_=Zfdl70hxJB |
request | GET http://www.crystalwiththecrystalz.com/xcl/?mJExMd=22pQot5QhP0reu3QutJgiv1bb8fa3vwFu9urOUpD05nkspV5DBFZiUUJP7Fmb0DNUG1du7Kn&_joT_=Zfdl70hxJB |
request | GET http://www.mamapacho.com/xcl/?mJExMd=rRF6wUI3ZhpfbZgF2Y+3InukcIVyWBz1vsPJWbFlIMo0SBfoPh+8CYvjkPbPIFulITKe8rBE&_joT_=Zfdl70hxJB |
request | GET http://www.print12580.com/xcl/?mJExMd=5aEa/bF6qdarcChzQR50qpWbd544aitgDS9a2klJHHN/Qgk1YZlctc871lRMm/sbN3yYYw6h&_joT_=Zfdl70hxJB |
file | C:\Users\test22\AppData\Local\Temp\nsn62EB.tmp\ghvea31n0uw.dll |
file | C:\Users\test22\AppData\Local\Temp\nsn62EB.tmp\ghvea31n0uw.dll |
Bkav | W32.AIDetect.malware2 |
Elastic | malicious (high confidence) |
FireEye | Generic.mg.aa6168d4e41ced20 |
Cybereason | malicious.270fe2 |
Symantec | Packed.Generic.606 |
APEX | Malicious |
Cynet | Malicious (score: 100) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
McAfee-GW-Edition | BehavesLike.Win32.Vopak.dc |
Sophos | ML/PE-A |
Ikarus | Trojan-Ransom.Cerber |
Malwarebytes | Trojan.Injector.DL |
SentinelOne | Static AI - Malicious PE |