Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Nov. 19, 2021, 10:55 a.m. | Nov. 19, 2021, 11:08 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
www.mountaingirlbbq.com | ||
www.44255.online |
CNAME
thcedf78-u.mfycdn.com
CNAME
2vtrypbc.n.mfycdn.com
|
23.225.171.179 |
www.carlosmorgan.com | 136.0.144.52 | |
www.guizhouhl.top | ||
www.okulsepette.info |
CNAME
okulsepette.info
|
185.106.208.3 |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.carlosmorgan.com/dyh6/?rV0DUb=3ACj/876Iue/e8ON8sSJfhN8fXF1US+ej5D3rGFpnLA4NUaMO9+P0oT861hDlQeA3HJ8xKlg&uZiX=MXEL9 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.44255.online/dyh6/?rV0DUb=j61auN3oPpV+YV1VrFCgAk/5vWcxGznwyRAYsVX/wXCyaXurmtCnvmV0lC7tGgAO0jZoAmJH&uZiX=MXEL9 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.okulsepette.info/dyh6/?rV0DUb=Wm4wBF+rv62DpqAArqorW1ww5+15iMAwZ5JIqX54ionAHScRIdeTf+feE4cws9aQyFP2uR0T&uZiX=MXEL9 |
request | GET http://www.carlosmorgan.com/dyh6/?rV0DUb=3ACj/876Iue/e8ON8sSJfhN8fXF1US+ej5D3rGFpnLA4NUaMO9+P0oT861hDlQeA3HJ8xKlg&uZiX=MXEL9 |
request | GET http://www.44255.online/dyh6/?rV0DUb=j61auN3oPpV+YV1VrFCgAk/5vWcxGznwyRAYsVX/wXCyaXurmtCnvmV0lC7tGgAO0jZoAmJH&uZiX=MXEL9 |
request | GET http://www.okulsepette.info/dyh6/?rV0DUb=Wm4wBF+rv62DpqAArqorW1ww5+15iMAwZ5JIqX54ionAHScRIdeTf+feE4cws9aQyFP2uR0T&uZiX=MXEL9 |
domain | www.guizhouhl.top | description | Generic top level domain TLD |
file | C:\Users\test22\AppData\Local\Temp\nspE7E0.tmp\qnzohkyqwni.dll |
file | C:\Users\test22\AppData\Local\Temp\nspE7E0.tmp\qnzohkyqwni.dll |
DrWeb | Trojan.Siggen15.43261 |
MicroWorld-eScan | Trojan.GenericKD.47419753 |
FireEye | Trojan.GenericKD.47419753 |
ALYac | Trojan.GenericKD.47419753 |
Malwarebytes | Trojan.Injector |
Sangfor | Trojan.Win32.Injector.EQOG |
K7AntiVirus | Trojan ( 0058a7df1 ) |
Alibaba | TrojanSpy:Win32/Injector.a732afc0 |
K7GW | Trojan ( 0058a7df1 ) |
Cybereason | malicious.eb5e9f |
Cyren | W32/Injector.APR.gen!Eldorado |
Symantec | Packed.Generic.606 |
ESET-NOD32 | a variant of Win32/Injector.EQOG |
TrendMicro-HouseCall | TROJ_FRS.VSNTKH21 |
Paloalto | generic.ml |
Kaspersky | HEUR:Trojan-Spy.Win32.Noon.gen |
BitDefender | Trojan.GenericKD.47419753 |
Avast | Win32:PWSX-gen [Trj] |
Ad-Aware | Trojan.GenericKD.47419753 |
Emsisoft | Trojan.GenericKD.47419753 (B) |
Comodo | TrojWare.Win32.UMal.cvmty@0 |
TrendMicro | TROJ_FRS.VSNTKH21 |
McAfee-GW-Edition | RDN/Generic.cf |
Sophos | Mal/Generic-S |
SentinelOne | Static AI - Suspicious PE |
Webroot | W32.Trojan.Tnega |
Avira | TR/Injector.mqxhe |
Kingsoft | Win32.Troj.Undef.(kcloud) |
Microsoft | Trojan:Win32/Tnega!ml |
GData | Win32.Trojan-Stealer.FormBook.3N8TVB |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win.Generic.C4774724 |
McAfee | RDN/Generic.cf |
MAX | malware (ai score=88) |
APEX | Malicious |
Ikarus | Trojan.Win32.Injector |
Fortinet | W32/Injector.APR!tr |
AVG | Win32:PWSX-gen [Trj] |
Panda | Trj/CI.A |