Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 11, 2021, 1:37 p.m. | June 11, 2021, 1:39 p.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
injuryless.com | 193.178.169.243 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49805 -> 193.178.169.243:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49805 193.178.169.243:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=injuryless.com | 14:b8:52:b9:ac:92:22:d5:8e:3d:d2:3f:a1:cf:d0:8e:d6:63:e3:44 |
suspicious_features | POST method with no referer header | suspicious_request | POST https://injuryless.com/?id=test22-PC_94DE278C3274 |
request | POST https://injuryless.com/?id=test22-PC_94DE278C3274 |
request | GET https://injuryless.com/?id=test22-PC_94DE278C3274 |
request | POST https://injuryless.com/?id=test22-PC_94DE278C3274 |
host | 172.217.25.14 |
Bkav | W32.AIDetect.malware1 |
Elastic | malicious (high confidence) |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
Cybereason | malicious.23f4b8 |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Paloalto | generic.ml |
Cynet | Malicious (score: 100) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
McAfee-GW-Edition | Artemis!Trojan |
FireEye | Generic.mg.526d56017ef51052 |
Sophos | Generic ML PUA (PUA) |
Webroot | W32.Trojan.Gen |
Kingsoft | Win32.Troj.Generic_a.a.(kcloud) |
AegisLab | Trojan.Win32.Malicious.4!c |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
Microsoft | Trojan:Win32/Caynamer.A!ml |
McAfee | Artemis!526D56017EF5 |
VBA32 | BScope.Trojan.Agent |
Malwarebytes | Malware.AI.4050342259 |
SentinelOne | Static AI - Malicious PE |
Fortinet | W32/Kryptik.HLHG!tr |
BitDefenderTheta | Gen:NN.ZexaF.34738.FyZ@aSLBqwnk |
CrowdStrike | win/malicious_confidence_100% (W) |