Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 18, 2022, 10:33 a.m. | May 18, 2022, 10:58 a.m. |
-
-
timeout.exe timeout 2
1668
-
-
MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
1660
Name | Response | Post-Analysis Lookup |
---|---|---|
www.thebeautifullifeofthearth.com | 192.0.78.25 | |
www.mommoth.club | 23.88.111.156 | |
a1prestige.cf | 192.185.174.178 | |
www.rameshgoostar.com |
Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | GET method with no useragent header | suspicious_request | GET http://a1prestige.cf/m/Tbqzh_Upfmzfqb.jpg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.mommoth.club/sn12/?oPqpRL=M1FrCRBfZI4URM1OR9+PPRBG9+ZjtDf1KcSpQBV/o5qXUsKvPLp9knFexYRpxxJTz8QEmRaD&Lv0h=ZTypDbLPA | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.thebeautifullifeofthearth.com/sn12/?oPqpRL=+bAqrraOPFP6G7VNldvEvmQlIsf6EpITHpJV0mplF4OII8J3s/Rhv2hUxoigmbYJPULf8A1w&Lv0h=ZTypDbLPA |
request | GET http://a1prestige.cf/m/Tbqzh_Upfmzfqb.jpg |
request | GET http://www.mommoth.club/sn12/?oPqpRL=M1FrCRBfZI4URM1OR9+PPRBG9+ZjtDf1KcSpQBV/o5qXUsKvPLp9knFexYRpxxJTz8QEmRaD&Lv0h=ZTypDbLPA |
request | GET http://www.thebeautifullifeofthearth.com/sn12/?oPqpRL=+bAqrraOPFP6G7VNldvEvmQlIsf6EpITHpJV0mplF4OII8J3s/Rhv2hUxoigmbYJPULf8A1w&Lv0h=ZTypDbLPA |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
Bkav | W32.AIDetectNet.01 |
Lionic | Trojan.MSIL.Agent.a!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
McAfee | Artemis!A6E96BF01307 |
Cylance | Unsafe |
CrowdStrike | win/malicious_confidence_100% (W) |
Alibaba | TrojanDownloader:MSIL/DropperX.ab120718 |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of MSIL/TrojanDownloader.Agent.LUK |
APEX | Malicious |
Avast | Win32:DropperX-gen [Drp] |
Kaspersky | HEUR:Trojan-Downloader.MSIL.Agent.gen |
Tencent | Msil.Trojan-downloader.Agent.Lpbl |
McAfee-GW-Edition | Artemis!Trojan |
Sophos | Mal/Generic-S |
Ikarus | Win32.Outbreak |
Webroot | W32.Dropper.Gen |
Kingsoft | Win32.Troj.Undef.(kcloud) |
ZoneAlarm | HEUR:Trojan-Downloader.MSIL.Agent.gen |
Microsoft | TrojanDownloader:MSIL/AgentTesla.ESH!MTB |
Malwarebytes | Generic.Malware/Suspicious |
SentinelOne | Static AI - Suspicious PE |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | W32/Agent.LUK!tr |
BitDefenderTheta | Gen:NN.ZemsilF.34666.em0@aOi9hyf |
AVG | Win32:DropperX-gen [Drp] |
Cybereason | malicious.e51a0f |
Paloalto | generic.ml |