Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 8, 2021, 9:29 a.m. | Sept. 8, 2021, 9:31 a.m. |
-
PAYMENT.exe "C:\Users\test22\AppData\Local\Temp\PAYMENT.exe"
2368
Name | Response | Post-Analysis Lookup |
---|---|---|
img.neko.airforce | 167.172.239.151 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49165 -> 167.172.239.151:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49167 -> 167.172.239.151:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 167.172.239.151:443 -> 192.168.56.103:49168 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Elastic | malicious (high confidence) |
FireEye | Generic.mg.d16088a5dce52983 |
Cylance | Unsafe |
Sangfor | Suspicious.Win32.Save.a |
Cybereason | malicious.8f9c55 |
ESET-NOD32 | a variant of Win32/TrojanDownloader.Agent.FVU |
APEX | Malicious |
Paloalto | generic.ml |
Kaspersky | UDS:Trojan.Win64.Injects |
Avast | Win32:MalwareX-gen [Trj] |
Rising | Trojan.Generic@ML.90 (RDML:QitSBVLx5WW+JL7snoY5eA) |
VIPRE | Lookslike.Win32.Sirefef.c!ag (v) |
SentinelOne | Static AI - Malicious PE |
Microsoft | Trojan:Win32/Woreflint.A!cl |
BitDefenderTheta | Gen:NN.ZexaF.34126.auW@aOt23Bhi |
MaxSecure | Trojan.Malware.300983.susgen |
AVG | Win32:MalwareX-gen [Trj] |
CrowdStrike | win/malicious_confidence_70% (D) |