Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 4, 2022, 9:24 a.m.	Nov. 4, 2022, 9:53 a.m.

Size	141.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2cd179ab4d6e70b49431c124d1f9a3b8`
SHA256	`d6f0bf654937a0f7fbbeb220469299078f524e7fee425cb535a880bdd7b11909`
CRC32	`B82DB58A`
ssdeep	`3072:FCjZGjXpoGoByXPQs2UTXQ8yb7aFcIiSIvF68xJ6Y8Y:F0ZGbpYByPT7lyvIcRSIvF68xV8`
Yara	IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
2580

Name	Response	Post-Analysis Lookup
apps.identrust.com	A 182.162.106.33 CNAME a1952.dscq.akamai.net A 182.162.106.32 CNAME identrust.edgesuite.net	23.43.165.66
www.bondkosmetyki.pl	A 54.36.174.116	54.36.174.116

IP Address	Status	Action
164.124.101.2	Active	Moloch
182.162.106.33	Active	Moloch
54.36.174.116	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49164 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49169 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49173 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49174 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49177 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49167 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49186 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49195 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49198 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49170 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49166 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49172 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49168 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49176 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49182 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49235 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49178 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49188 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49247 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49179 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49203 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49253 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49184 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49261 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49191 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49266 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49197 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49211 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49189 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49200 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49202 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49225 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49232 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49237 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49222 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49218 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49238 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49251 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49231 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49249 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49256 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49234 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49269 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49257 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49259 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49244 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49246 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49187 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49258 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49262 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49175 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49263 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49264 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49265 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49267 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49192 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49270 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49193 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49181 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49194 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49183 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49196 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49185 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49199 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49272 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49277 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49279 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49273 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49280 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49190 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49278 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49283 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49276 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49289 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49286 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49281 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49284 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49201 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49285 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49226 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49223 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49233 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49242 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49239 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49243 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49245 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49250 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49252 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49254 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49255 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49260 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49271 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49274 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49275 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49268 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49282 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49288 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49287 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49290 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49291 -> 54.36.174.116:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49164 54.36.174.116:443	C=US, O=Let's Encrypt, CN=R3	CN=www.bondkosmetyki.pl	e7:00:2c:01:9f:1b:65:ae:4f:ae:0d:b9:65:88:f6:84:8f:23:ab:0f
TLSv1 192.168.56.101:49169 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49173 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49174 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49177 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49167 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49186 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49195 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49198 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49210 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49170 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49220 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49166 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49172 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49227 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49168 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49176 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49182 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49235 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49178 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49188 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49247 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49179 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49203 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49253 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49184 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49206 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49261 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49191 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49208 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49266 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49197 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49211 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49189 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49200 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49215 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49205 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49202 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49225 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49216 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49180 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49209 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49232 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49219 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49217 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49237 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49222 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49218 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49240 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49224 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49238 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49251 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49231 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49249 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49256 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49234 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49269 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49257 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49236 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49259 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49244 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49246 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49187 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49258 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49262 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49263 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49175 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49264 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49265 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49267 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49270 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49192 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49193 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49181 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49194 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49183 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49196 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49185 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49199 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49272 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49277 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49279 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49273 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49280 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49278 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49283 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49276 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49289 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49286 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49281 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49284 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49285 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49201 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49190 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49204 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49213 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49214 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49207 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49212 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49221 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49226 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49228 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49223 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49230 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49233 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49229 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49242 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49239 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49243 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49241 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49245 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49248 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49250 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49252 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49254 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49255 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49260 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49271 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49274 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49275 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49268 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49282 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49288 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49287 54.36.174.116:443	None	None	None
TLSv1 192.168.56.101:49290 54.36.174.116:443	None	None	None

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 4, 2022, 9:24 a.m.			0	0
IsDebuggerPresent Nov. 4, 2022, 9:24 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 4, 2022, 9:24 a.m.		1	1	0

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header

suspicious_request

GET http://www.bondkosmetyki.pl/wp-content/plugins/Kenjjqbio.png

Performs some HTTP requests (2 events)

request	GET http://www.bondkosmetyki.pl/wp-content/plugins/Kenjjqbio.png
request	GET http://apps.identrust.com/roots/dstrootcax3.p7c

Allocates read-write-execute memory (usually to unpack itself) (19 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 1769472 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007b0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00920000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 262144 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003e2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00415000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00417000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00af0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00406000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00407000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:24 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:25 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:25 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003fa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2022, 9:25 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Nov. 4, 2022, 9:24 a.m.	flags: 15 family: 0		111	0

File has been identified by 24 AntiVirus engines on VirusTotal as malicious (24 events)

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.2cd179ab4d6e70b4
McAfee	Artemis!2CD179AB4D6E
Cyren	W32/MSIL_Agent.DWN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.NYV
APEX	Malicious
Kaspersky	UDS:Trojan.MSIL.Scarsi.gen
BitDefender	IL:Trojan.MSILZilla.23760
MicroWorld-eScan	IL:Trojan.MSILZilla.23760
Avast	Win32:RATX-gen [Trj]
McAfee-GW-Edition	Artemis!Trojan
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	MSIL.Trojan-Downloader.Agent.BJF
Google	Detected
VBA32	Downloader.MSIL.gen.rexp
MAX	malware (ai score=86)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	PossibleThreat
BitDefenderTheta	Gen:NN.ZemsilF.34754.im0@a8fiFMj
AVG	Win32:RATX-gen [Trj]
CrowdStrike	win/malicious_confidence_90% (D)

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All