Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Feb. 16, 2023, 10:23 a.m. | Feb. 16, 2023, 10:32 a.m. |
-
-
fmgwqo.exe "C:\Users\test22\AppData\Local\Temp\fmgwqo.exe" C:\Users\test22\AppData\Local\Temp\lglfpuxh.i
2632-
fmgwqo.exe "C:\Users\test22\AppData\Local\Temp\fmgwqo.exe"
2688
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.123findcapital.com |
CNAME
123findcapital.com
|
3.33.152.147 |
www.dccmovil.com |
CNAME
dccmovil.com
|
34.102.136.180 |
www.jcw-media.com | 66.96.162.140 |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.dccmovil.com/b07o/?r0=o6HXEdJl6/VPp8rWf7jQRIH4rS2B7wZBnAS41Nk2ga+LVrdEWYkuzCknyBgzWY5EcE0I5NHB&sZODHD=8pH8P6V | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.jcw-media.com/b07o/?r0=jaJOBLEmd5yxE98n7CSjpxqJgVtnhHa3aCWCYIkttjtkv6GZ+uhp6dkAW9oK9ZGeuV/IrL/Z&sZODHD=8pH8P6V | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.123findcapital.com/b07o/?r0=BQnnnzHQBKzmuzWUc1NmCI/zEoVgbKldG3lEFhDIxtN9pUoBFrHG6JYkbinJNYhAMboRWfOr&sZODHD=8pH8P6V |
request | GET http://www.dccmovil.com/b07o/?r0=o6HXEdJl6/VPp8rWf7jQRIH4rS2B7wZBnAS41Nk2ga+LVrdEWYkuzCknyBgzWY5EcE0I5NHB&sZODHD=8pH8P6V |
request | GET http://www.jcw-media.com/b07o/?r0=jaJOBLEmd5yxE98n7CSjpxqJgVtnhHa3aCWCYIkttjtkv6GZ+uhp6dkAW9oK9ZGeuV/IrL/Z&sZODHD=8pH8P6V |
request | GET http://www.123findcapital.com/b07o/?r0=BQnnnzHQBKzmuzWUc1NmCI/zEoVgbKldG3lEFhDIxtN9pUoBFrHG6JYkbinJNYhAMboRWfOr&sZODHD=8pH8P6V |
file | C:\Users\test22\AppData\Local\Temp\fmgwqo.exe |
Lionic | Trojan.Win32.Generic.4!c |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.Garf.Gen.7 |
FireEye | Generic.mg.500ce28cca98df7f |
McAfee | Artemis!500CE28CCA98 |
Malwarebytes | Generic.Malware/Suspicious |
VIPRE | Trojan.Garf.Gen.7 |
Arcabit | Trojan.Garf.Gen.7 [many] |
Symantec | Packed.NSISPacker!g14 |
ESET-NOD32 | Win32/Formbook.AA |
APEX | Malicious |
Paloalto | generic.ml |
Cynet | Malicious (score: 100) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Trojan.Garf.Gen.7 |
Avast | Win32:Malware-gen |
Emsisoft | Trojan.Garf.Gen.7 (B) |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.dc |
Trapmine | malicious.moderate.ml.score |
Sophos | Mal/Generic-S |
SentinelOne | Static AI - Suspicious PE |
Webroot | W32.Trojan.Garf.Gen |
Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Trojan.NSISX.Spy.Gen.24 |
Detected | |
ALYac | Trojan.NSISX.Spy.Gen.24 |
MAX | malware (ai score=82) |
Cylance | Unsafe |
Rising | Trojan.Generic@AI.98 (RDML:bpPM4xjcMXQG3e2ry6nuQg) |
Ikarus | Trojan.Inject |
Fortinet | W32/Injector.NSAY!tr |
AVG | Win32:Malware-gen |
CrowdStrike | win/malicious_confidence_100% (W) |