Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 25, 2021, 5:54 p.m. | June 25, 2021, 5:56 p.m. |
-
-
doc75843.exe "C:\Users\test22\AppData\Local\Temp\doc75843.exe"
4864
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.stainedglasshockessinde.com |
CNAME
s.multiscreensite.com
|
100.24.208.97 |
www.pemeroth.com | 172.67.152.124 | |
www.platinumortho.net |
CNAME
platinumortho.net
|
162.241.24.164 |
www.employeerelationships.com | 3.223.115.185 | |
www.festeringuncle.com | 74.220.199.6 |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.pemeroth.com/bk2s/?GvIHh=GDb36sDDKEmkr/XzzySS2pulrkx4ABgigOxBbij1Vs0CF/tMuPSs7pKiKX8WQ2ZP9TLrDc99&TjPx=DVld22s0z | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.festeringuncle.com/bk2s/?GvIHh=Qb5HWBMFA6UFKvja9tJUNmX2XizwcVqb3HYLuqbhAVeW9x/0+FsX1qcgjPTJOQT3x8z1BApP&TjPx=DVld22s0z | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.platinumortho.net/bk2s/?GvIHh=P45cDY/oIgPiwv30dNsxlanwSnM83F/c7OYaOeP9n45pqzpfYSS6dxpapG9dw9/YEFt+/uf6&TjPx=DVld22s0z | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.stainedglasshockessinde.com/bk2s/?GvIHh=cxiJxLkjyWZsbOBww6KRXkK88nBaN4xk1ZFGxJ6Yim0FRHKSsyrEsX1S0KwTxsxMQ32yo6Wi&TjPx=DVld22s0z | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.employeerelationships.com/bk2s/?GvIHh=dcjCEh6U4DG05TmrBIpig/weXqoRmmYqraj/720r9rrJCymvS/GI53YTvStHeY5pPKbLU/RG&TjPx=DVld22s0z |
request | GET http://www.pemeroth.com/bk2s/?GvIHh=GDb36sDDKEmkr/XzzySS2pulrkx4ABgigOxBbij1Vs0CF/tMuPSs7pKiKX8WQ2ZP9TLrDc99&TjPx=DVld22s0z |
request | GET http://www.festeringuncle.com/bk2s/?GvIHh=Qb5HWBMFA6UFKvja9tJUNmX2XizwcVqb3HYLuqbhAVeW9x/0+FsX1qcgjPTJOQT3x8z1BApP&TjPx=DVld22s0z |
request | GET http://www.platinumortho.net/bk2s/?GvIHh=P45cDY/oIgPiwv30dNsxlanwSnM83F/c7OYaOeP9n45pqzpfYSS6dxpapG9dw9/YEFt+/uf6&TjPx=DVld22s0z |
request | GET http://www.stainedglasshockessinde.com/bk2s/?GvIHh=cxiJxLkjyWZsbOBww6KRXkK88nBaN4xk1ZFGxJ6Yim0FRHKSsyrEsX1S0KwTxsxMQ32yo6Wi&TjPx=DVld22s0z |
request | GET http://www.employeerelationships.com/bk2s/?GvIHh=dcjCEh6U4DG05TmrBIpig/weXqoRmmYqraj/720r9rrJCymvS/GI53YTvStHeY5pPKbLU/RG&TjPx=DVld22s0z |
file | C:\Users\test22\AppData\Local\Temp\nscFF98.tmp\System.dll |
file | C:\Users\test22\AppData\Local\Temp\nscFF98.tmp\System.dll |
host | 172.217.25.14 |
Cylance | Unsafe |
K7GW | Riskware ( 0040eff71 ) |
Cybereason | malicious.57ddec |
Cyren | W32/Ninjector.J.gen!Camelot |
Symantec | Trojan.Gen.2 |
APEX | Malicious |
Paloalto | generic.ml |
Kaspersky | UDS:Trojan-Spy.Win32.Noon.gen |
Avast | FileRepMalware |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.dc |
FireEye | Generic.mg.765b1bb3690c9bac |
Sophos | Generic ML PUA (PUA) |
Gridinsoft | Risk.Win32.CoinMiner.sd!s1 |
Microsoft | TrojanSpy:Win32/Swotter.A!bit |
Cynet | Malicious (score: 100) |
McAfee | Artemis!765B1BB3690C |
TrendMicro-HouseCall | TROJ_GEN.F0D1C00FP21 |
SentinelOne | Static AI - Malicious PE |
Fortinet | W32/Kryptik.J!tr |
AVG | FileRepMalware |