Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 13, 2022, 1:31 p.m. | April 13, 2022, 1:34 p.m. |
-
EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" C:\Users\test22\AppData\Local\Temp\new.xlsm
1792 -
wscript.exe wscript C:\Users\Public\killlll.js
2316 -
ddond.com C:\ProgramData\ddond.com https://www.mediafire.com/file/p3ay4it08j1s7hp/0main.htm/file
1660
Name | Response | Post-Analysis Lookup |
---|---|---|
download2284.mediafire.com | 199.91.155.25 | |
www.mediafire.com | 104.16.203.237 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49166 -> 199.91.155.25:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49167 -> 199.91.155.25:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 199.91.155.25:443 -> 192.168.56.102:49168 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 192.168.56.102:49165 -> 104.16.202.237:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49165 104.16.202.237:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA | C=US, ST=Texas, O=MediaFire, OU=IT, CN=*.mediafire.com | 49:b6:4e:74:94:f0:7e:32:2b:c5:39:18:d0:a5:1e:69:4d:65:8f:b6 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
request | GET https://www.mediafire.com/file/p3ay4it08j1s7hp/0main.htm/file |
file | C:\Users\test22\AppData\Local\Temp\~$new.xlsm |
file | C:\Users\Public\killlll.js |
Lionic | Trojan.Script.Generic.4!c |
MicroWorld-eScan | Trojan.GenericKD.39468879 |
FireEye | Trojan.GenericKD.39468879 |
ALYac | Trojan.Downloader.XLS.Gen |
Alibaba | Trojan:Win32/MalDoc.ali1000158 |
Symantec | CL.Downloader!gen87 |
ESET-NOD32 | VBA/TrojanDropper.Agent.CNI |
Avast | Other:Malware-gen [Trj] |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Trojan.GenericKD.39468879 |
Ad-Aware | Trojan.GenericKD.39468879 |
Emsisoft | Trojan.GenericKD.39468879 (B) |
McAfee-GW-Edition | RDN/Powdow |
GData | Trojan.GenericKD.39468879 |
Avira | VBS/Drop.Agent.jcaqi |
MAX | malware (ai score=86) |
Antiy-AVL | Trojan/Generic.ASMacro.30C16 |
Microsoft | TrojanDownloader:O97M/EncDoc.JRSM!MTB |
Arcabit | Trojan.Generic.D25A3F4F |
ViRobot | XLS.Z.Agent.16198 |
Cynet | Malicious (score: 99) |
McAfee | RDN/Powdow |
Zoner | Probably Heur.W97Obfuscated |
Rising | Malware.Obfus/VBA@AI.82 (VBA) |
Fortinet | VBA/Agent.XPW!tr |
AVG | Other:Malware-gen [Trj] |