Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Feb. 12, 2023, 2:52 p.m. | Feb. 12, 2023, 3:11 p.m. |
-
-
hpsfqj.exe "C:\Users\test22\AppData\Local\Temp\hpsfqj.exe" C:\Users\test22\AppData\Local\Temp\sfbna.k
2116-
hpsfqj.exe "C:\Users\test22\AppData\Local\Temp\hpsfqj.exe"
2220
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.eleonorasdaycare.com | 154.209.142.100 | |
www.microshel.com |
CNAME
microshel.com
|
34.102.136.180 |
www.aq993.cyou | ||
www.detoxshopbr.store |
CNAME
shops.myshopify.com
|
23.227.38.74 |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.eleonorasdaycare.com/re29/?u6u4=iZ4D9MfQzkLMiVC19Sx2I5zdLa7VmU5sDnt6/xeT1G1WjM9KfvNu0TUCkvScjOTSuzsJDmh5&9rQl7P=xPJpLXiX | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.microshel.com/re29/?u6u4=trfuaJRD6A/eesv4M6SXrE7j8J9Y8vN4m/WyH3ernOja7pMfzOf3bi/QkcHzhOFYePR8sA9G&9rQl7P=xPJpLXiX | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.detoxshopbr.store/re29/?u6u4=aQt7vukWYUzx+oCCTqo8HxJeOTyNng86cco+4+q4ypewOOMVBrQ/M97kQTWlSCj26KyEdjaM&9rQl7P=xPJpLXiX |
request | GET http://www.eleonorasdaycare.com/re29/?u6u4=iZ4D9MfQzkLMiVC19Sx2I5zdLa7VmU5sDnt6/xeT1G1WjM9KfvNu0TUCkvScjOTSuzsJDmh5&9rQl7P=xPJpLXiX |
request | GET http://www.microshel.com/re29/?u6u4=trfuaJRD6A/eesv4M6SXrE7j8J9Y8vN4m/WyH3ernOja7pMfzOf3bi/QkcHzhOFYePR8sA9G&9rQl7P=xPJpLXiX |
request | GET http://www.detoxshopbr.store/re29/?u6u4=aQt7vukWYUzx+oCCTqo8HxJeOTyNng86cco+4+q4ypewOOMVBrQ/M97kQTWlSCj26KyEdjaM&9rQl7P=xPJpLXiX |
file | C:\Users\test22\AppData\Local\Temp\hpsfqj.exe |
Bkav | W32.AIDetectNet.01 |
MicroWorld-eScan | Gen:Variant.Nemesis.15914 |
FireEye | Generic.mg.1d920aa56457a163 |
ALYac | Gen:Variant.Jaik.95172 |
VIPRE | Gen:Variant.Nemesis.15914 |
Sangfor | Suspicious.Win32.Save.ins |
Cybereason | malicious.f1341a |
Arcabit | Trojan.Nemesis.D3E2A [many] |
Symantec | Packed.NSISPacker!g14 |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Injector.ESQZ |
APEX | Malicious |
Paloalto | generic.ml |
Cynet | Malicious (score: 100) |
Kaspersky | VHO:Trojan-Spy.Win32.Noon.gen |
BitDefender | Gen:Variant.Nemesis.15914 |
Avast | Win32:PWSX-gen [Trj] |
Emsisoft | Gen:Variant.Nemesis.15914 (B) |
McAfee-GW-Edition | BehavesLike.Win32.ICLoader.dc |
Trapmine | malicious.moderate.ml.score |
Sophos | Generic ML PUA (PUA) |
SentinelOne | Static AI - Suspicious PE |
MAX | malware (ai score=82) |
Microsoft | Trojan:Win32/Formbook!MTB |
GData | Gen:Variant.Jaik.95172 |
Detected | |
Acronis | suspicious |
McAfee | Artemis!1D920AA56457 |
Rising | Trojan.Injector!8.C4 (RDMK:cmRtazpbFIJpGF141RAt9u7HcmhB) |
Ikarus | Trojan.Inject |
Fortinet | W32/Injector_AGen.QG!tr |
BitDefenderTheta | Gen:NN.ZexaF.36276.hqW@aqdPvF |
AVG | Win32:PWSX-gen [Trj] |