Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Feb. 9, 2023, 10:20 a.m. | Feb. 9, 2023, 10:35 a.m. |
-
-
aicjnyb.exe "C:\Users\test22\AppData\Local\Temp\aicjnyb.exe" C:\Users\test22\AppData\Local\Temp\uogalvrii.vj
2060-
aicjnyb.exe "C:\Users\test22\AppData\Local\Temp\aicjnyb.exe"
2152
-
-
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.ambilis.com/8qa3/?NB=Yw6YD0s17PM9etjv/emAmMlEED9F94kmNvL7jtaM45zABScbtKoqJqCX2gTJEUJahVXOtkWRgK0fQ0tM1LEfveKg/13pcGnAI9Ia8t8=&PNbL=jX-jTZzzH14-6O | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.theedenpublicschool.com/8qa3/?NB=awREWtMMj+lRHHM6AQdmRgvwbUZmvp8tQda9g/jpnZpjQndokfCyaw0eStkt3W3LDFF5IEfACaY0uUEW+xg0qs2ozgMGzCLbcweLr7E=&PNbL=jX-jTZzzH14-6O | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.ecomicsvilla.com/8qa3/?NB=NoEkgSowB96SWPAg7xVMgGDZv5EdP4jNoDX46qfudZBh/ww1VORetC7JM6bTsJ7/lBMT+kpLr5o69A4fo6ZiQJ0mwjKygXrKvZBCDz0=&PNbL=jX-jTZzzH14-6O | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.boltag.xyz/8qa3/?NB=qnytmCaQLfU4zsrtGjFnzBqU0b3giDP99e6pyqNb4SbHI20/4CVvCJHspsGpbucyTs/cyReYkpquPSKEraK1PzjSbuif9SuGl0f0RSw=&PNbL=jX-jTZzzH14-6O | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.f1253.com/8qa3/?NB=J0i+HNrGClYTAcXYOGMjUfCCY+jxRA7qTJ0QlwQRMh/eBqJkbuSEepiRopmRQgF/HN5KR+bmQ7TE+zYnqYNLGx5YeZCqzK5CyODJ6qA=&PNbL=jX-jTZzzH14-6O | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.pushpaholidays.com/8qa3/?NB=uwc3uy5jUwBmgGhOFs3IT1KM06KJvn6K5bdvjpj3r4WyLQ/DzhXqBqj1ZuMMRVOGVDo2DjphbD36wW4cqg2mbD0xix1zXMzS8AuI19o=&PNbL=jX-jTZzzH14-6O | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.defituesday.com/8qa3/?NB=g/K91+24+PHAiHPhvyuFXzVpVj02gVzNZeKGHjuCFrMmzpuKet/E+G0ypAyl4zj9I8Z7auL/coT2Y4uPH7ZahhTSjlAwmlMiIr0KtvE=&PNbL=jX-jTZzzH14-6O | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.soroptimistofamador.com/8qa3/?NB=c5Eeb7dn/8EYxC+M6re+nHBh7m2i5KbribjzLk2BVWQgprnRWDOreo3dlS1Tf/13fTrHvW7qwb+7jwCe0+JVEy4ZSMH4EcsXdNb8klM=&PNbL=jX-jTZzzH14-6O |
request | GET http://www.ambilis.com/8qa3/?NB=Yw6YD0s17PM9etjv/emAmMlEED9F94kmNvL7jtaM45zABScbtKoqJqCX2gTJEUJahVXOtkWRgK0fQ0tM1LEfveKg/13pcGnAI9Ia8t8=&PNbL=jX-jTZzzH14-6O |
request | GET http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip |
request | POST http://www.theedenpublicschool.com/8qa3/ |
request | GET http://www.theedenpublicschool.com/8qa3/?NB=awREWtMMj+lRHHM6AQdmRgvwbUZmvp8tQda9g/jpnZpjQndokfCyaw0eStkt3W3LDFF5IEfACaY0uUEW+xg0qs2ozgMGzCLbcweLr7E=&PNbL=jX-jTZzzH14-6O |
request | POST http://www.ecomicsvilla.com/8qa3/ |
request | GET http://www.ecomicsvilla.com/8qa3/?NB=NoEkgSowB96SWPAg7xVMgGDZv5EdP4jNoDX46qfudZBh/ww1VORetC7JM6bTsJ7/lBMT+kpLr5o69A4fo6ZiQJ0mwjKygXrKvZBCDz0=&PNbL=jX-jTZzzH14-6O |
request | POST http://www.boltag.xyz/8qa3/ |
request | GET http://www.boltag.xyz/8qa3/?NB=qnytmCaQLfU4zsrtGjFnzBqU0b3giDP99e6pyqNb4SbHI20/4CVvCJHspsGpbucyTs/cyReYkpquPSKEraK1PzjSbuif9SuGl0f0RSw=&PNbL=jX-jTZzzH14-6O |
request | POST http://www.f1253.com/8qa3/ |
request | GET http://www.f1253.com/8qa3/?NB=J0i+HNrGClYTAcXYOGMjUfCCY+jxRA7qTJ0QlwQRMh/eBqJkbuSEepiRopmRQgF/HN5KR+bmQ7TE+zYnqYNLGx5YeZCqzK5CyODJ6qA=&PNbL=jX-jTZzzH14-6O |
request | POST http://www.pushpaholidays.com/8qa3/ |
request | GET http://www.pushpaholidays.com/8qa3/?NB=uwc3uy5jUwBmgGhOFs3IT1KM06KJvn6K5bdvjpj3r4WyLQ/DzhXqBqj1ZuMMRVOGVDo2DjphbD36wW4cqg2mbD0xix1zXMzS8AuI19o=&PNbL=jX-jTZzzH14-6O |
request | POST http://www.defituesday.com/8qa3/ |
request | GET http://www.defituesday.com/8qa3/?NB=g/K91+24+PHAiHPhvyuFXzVpVj02gVzNZeKGHjuCFrMmzpuKet/E+G0ypAyl4zj9I8Z7auL/coT2Y4uPH7ZahhTSjlAwmlMiIr0KtvE=&PNbL=jX-jTZzzH14-6O |
request | POST http://www.soroptimistofamador.com/8qa3/ |
request | GET http://www.soroptimistofamador.com/8qa3/?NB=c5Eeb7dn/8EYxC+M6re+nHBh7m2i5KbribjzLk2BVWQgprnRWDOreo3dlS1Tf/13fTrHvW7qwb+7jwCe0+JVEy4ZSMH4EcsXdNb8klM=&PNbL=jX-jTZzzH14-6O |
request | POST http://www.theedenpublicschool.com/8qa3/ |
request | POST http://www.ecomicsvilla.com/8qa3/ |
request | POST http://www.boltag.xyz/8qa3/ |
request | POST http://www.f1253.com/8qa3/ |
request | POST http://www.pushpaholidays.com/8qa3/ |
request | POST http://www.defituesday.com/8qa3/ |
request | POST http://www.soroptimistofamador.com/8qa3/ |
file | C:\Users\test22\AppData\Local\Temp\aicjnyb.exe |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.NSISX.Spy.Gen.24 |
FireEye | Generic.mg.b0dd3b97aaab029d |
ALYac | Gen:Variant.Jaik.95172 |
VIPRE | Trojan.NSISX.Spy.Gen.24 |
Sangfor | Suspicious.Win32.Save.ins |
BitDefenderTheta | Gen:NN.ZexaF.36252.iuW@aivfXWh |
Cyren | W32/Trojan.FAER-6525 |
Symantec | Packed.NSISPacker!g14 |
ESET-NOD32 | a variant of Win32/Injector.ESQV |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Paloalto | generic.ml |
Kaspersky | VHO:Trojan-Spy.Win32.Noon.gen |
BitDefender | Trojan.NSISX.Spy.Gen.24 |
Emsisoft | Trojan.NSISX.Spy.Gen.24 (B) |
McAfee-GW-Edition | BehavesLike.Win32.ICLoader.fc |
Trapmine | malicious.moderate.ml.score |
Sophos | Generic ML PUA (PUA) |
SentinelOne | Static AI - Suspicious PE |
Microsoft | Trojan:Win32/Wacatac.B!ml |
Arcabit | Trojan.NSISX.Spy.Gen.24 [many] |
ZoneAlarm | VHO:Trojan-Spy.Win32.Noon.gen |
GData | Gen:Variant.Jaik.95172 |
Detected | |
MAX | malware (ai score=89) |
Rising | Trojan.Generic@AI.91 (RDML:U4Z3SX0ihdd8CMLs4Raf7Q) |
Ikarus | Trojan.Inject |