Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Nov. 13, 2021, 1 p.m. | Nov. 13, 2021, 1:07 p.m. |
-
-
-
-
cmd.exe /c del "C:\Users\test22\AppData\Local\Temp\loader2.exe"
2612
-
-
-
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.modularscleanroom.com/yao3/?-Z1dnl=IIyhjFh4SG7Uw4Uhh2YtXVVOzEcvrVZdRjb0WDI293OUsHKTq93rx4d1LR/r+8q8Dj/h5Cjk&2d3=oneha | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.expansionsound.com/yao3/?-Z1dnl=q99EJLW1r1s7p6MH8wi+X/Yze9wL3RhCKM8rPSo10Y1QbU063na87NbqXeAJq8VscFzhiapO&2d3=oneha | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.uewb.net/yao3/?-Z1dnl=Yo8SHF+0eK7x5mXwht3X2wJ4x/UaoJLF2T7s2/ZKGpmAn1Fo1l2hmtgtadKtuRBwyXmVdlRC&2d3=oneha | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.stocksellingevent100.com/yao3/?-Z1dnl=BGuMCVlr1/SjT1z1AAzUUtLKDyYsXWUO0Ads+mHXzt+060+ddi/rRJfvKPC7GEH2yK42rxRF&2d3=oneha | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.strainpsterling.com/yao3/?-Z1dnl=hhgLd90lT5x8wIZrMj7YuyXENJreDYauqRly+J6en/E4gum1n3yZpFGI6buVCRbu11Elk2Q4&2d3=oneha | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.cidufetal.com/yao3/?-Z1dnl=PgD1La7e3VbxpopY+hNhawMocaOHF3kYA0v7KyWJLMyw7ZvUGCVfCw+P8wVtSLZcEZKYgifg&2d3=oneha | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.dariushbordbar.com/yao3/?-Z1dnl=ugOQ1tTSiCrhyhBEVpHPwUaoK7it8NBZmXhBsi2HgeUC9jMMuZAJ0FSd6IrHg6mGql3d3ox7&2d3=oneha |
request | GET http://www.modularscleanroom.com/yao3/?-Z1dnl=IIyhjFh4SG7Uw4Uhh2YtXVVOzEcvrVZdRjb0WDI293OUsHKTq93rx4d1LR/r+8q8Dj/h5Cjk&2d3=oneha |
request | GET http://www.expansionsound.com/yao3/?-Z1dnl=q99EJLW1r1s7p6MH8wi+X/Yze9wL3RhCKM8rPSo10Y1QbU063na87NbqXeAJq8VscFzhiapO&2d3=oneha |
request | GET http://www.uewb.net/yao3/?-Z1dnl=Yo8SHF+0eK7x5mXwht3X2wJ4x/UaoJLF2T7s2/ZKGpmAn1Fo1l2hmtgtadKtuRBwyXmVdlRC&2d3=oneha |
request | GET http://www.stocksellingevent100.com/yao3/?-Z1dnl=BGuMCVlr1/SjT1z1AAzUUtLKDyYsXWUO0Ads+mHXzt+060+ddi/rRJfvKPC7GEH2yK42rxRF&2d3=oneha |
request | GET http://www.strainpsterling.com/yao3/?-Z1dnl=hhgLd90lT5x8wIZrMj7YuyXENJreDYauqRly+J6en/E4gum1n3yZpFGI6buVCRbu11Elk2Q4&2d3=oneha |
request | GET http://www.cidufetal.com/yao3/?-Z1dnl=PgD1La7e3VbxpopY+hNhawMocaOHF3kYA0v7KyWJLMyw7ZvUGCVfCw+P8wVtSLZcEZKYgifg&2d3=oneha |
request | GET http://www.dariushbordbar.com/yao3/?-Z1dnl=ugOQ1tTSiCrhyhBEVpHPwUaoK7it8NBZmXhBsi2HgeUC9jMMuZAJ0FSd6IrHg6mGql3d3ox7&2d3=oneha |
file | C:\Users\test22\AppData\Local\Temp\nsq8BD5.tmp\wlwdgnhzk.dll |
file | C:\Users\test22\AppData\Local\Temp\loader2.exe |
file | C:\Users\test22\AppData\Local\Temp\loader2.exe |
file | C:\Users\test22\AppData\Local\Temp\nsq8BD5.tmp\wlwdgnhzk.dll |
cmdline | /c del "C:\Users\test22\AppData\Local\Temp\loader2.exe" |
MicroWorld-eScan | Zum.Androm.1 |
FireEye | Zum.Androm.1 |
McAfee | Artemis!CFECAAFFB48E |
Cybereason | malicious.fb48e1 |
Cyren | W32/Injector.APR.gen!Eldorado |
Symantec | Trojan.Gen.MBT |
Paloalto | generic.ml |
Kaspersky | UDS:Trojan.Win32.Inject |
BitDefender | Zum.Androm.1 |
Emsisoft | Zum.Androm.1 (B) |
McAfee-GW-Edition | BehavesLike.Win32.BadFile.dc |
SentinelOne | Static AI - Suspicious PE |
Ikarus | Trojan.NSIS.Agent.S |
Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
Arcabit | Zum.Androm.1 |
GData | Zum.Androm.1 |
APEX | Malicious |
MAX | malware (ai score=87) |
Fortinet | W32/Injector.APR!tr |
dead_host | 192.168.0.113:80 |