Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | March 29, 2023, 5:33 p.m. | March 29, 2023, 5:39 p.m. |
-
w.exe "C:\Users\test22\AppData\Local\Temp\w.exe"
2628
Name | Response | Post-Analysis Lookup |
---|---|---|
bitcoin.org | 172.67.40.154 | |
download.electrum.org | 104.21.89.144 | |
downloads.exodus.com | 104.18.19.218 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49164 -> 104.18.19.218:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 104.18.19.218:443 -> 192.168.56.101:49166 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 192.168.56.101:49162 -> 104.22.68.176:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49168 -> 104.21.89.144:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49165 -> 104.18.19.218:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49162 104.22.68.176:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=*.bitcoin.org | 1a:81:c6:0e:51:52:81:af:8a:1f:a8:fe:a3:18:04:fa:db:01:f5:3c |
TLSv1 192.168.56.101:49168 104.21.89.144:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=*.electrum.org | 76:1b:7b:1a:b2:a7:3f:c5:99:a7:2b:68:f5:fd:1b:a5:5e:97:4b:65 |
resource name | SETTINGS |
request | GET https://bitcoin.org/bin/bitcoin-core-22.0/bitcoin-22.0-win64-setup.exe |
request | GET https://download.electrum.org/4.3.4/electrum-4.3.4-setup.exe |
file | C:\Users\test22\AppData\Roaming\exodus-windows-x64-23.3.27.exe |
file | C:\Users\test22\AppData\Local\Temp\Updater.exe |
file | C:\Users\test22\AppData\Roaming\electrum-4.3.4-setup.exe |
file | C:\Users\test22\AppData\Roaming\bitcoin-22.0-win64-setup.exe |
file | C:\Users\test22\AppData\Local\Temp\Updater.exe |
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows | reg_value | C:\Users\test22\AppData\Local\Temp\Updater.exe |
Lionic | Trojan.Win32.Agent.Y!c |
tehtris | Generic.Malware |
DrWeb | Trojan.DownLoader30.17344 |
MicroWorld-eScan | Gen:Variant.Midie.111126 |
CAT-QuickHeal | Trojan.AgentMF.S19993834 |
McAfee | Downloader-FBWZ!C200EA136A59 |
Malwarebytes | Trojan.Downloader |
VIPRE | Gen:Variant.Midie.111126 |
Sangfor | Suspicious.Win32.Save.vb |
K7AntiVirus | Riskware ( 0040eff71 ) |
K7GW | Riskware ( 0040eff71 ) |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.Midie.D1B216 |
BitDefenderTheta | AI:Packer.6732398D1F |
VirIT | Trojan.Win32.Genus.PBD |
Cyren | W32/VBTrojan.Downloader.1D!Maxi |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/TrojanDownloader.VB.RLW |
Cynet | Malicious (score: 99) |
APEX | Malicious |
Paloalto | generic.ml |
ClamAV | Win.Malware.Aizczvpi-7667171-0 |
Kaspersky | Trojan.Win32.Agent.xabduu |
BitDefender | Gen:Variant.Midie.111126 |
NANO-Antivirus | Trojan.Win32.VB.fxwldb |
SUPERAntiSpyware | Trojan.Agent/Gen-Downloader |
Avast | Win32:Evo-gen [Trj] |
Tencent | Win32.Trojan.Agent.Ogil |
TACHYON | Trojan/W32.VB-Agent.16384.ID |
TrendMicro | TROJ_GEN.R002C0DCS23 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.lz |
FireEye | Generic.mg.c200ea136a598e37 |
Emsisoft | Gen:Variant.Midie.111126 (B) |
SentinelOne | Static AI - Suspicious PE |
Jiangmin | TrojanDownloader.Generic.bdxz |
Avira | TR/VB.Downloader.Gen |
Antiy-AVL | Trojan/Win32.Wacatac |
Gridinsoft | Trojan.Win32.Agent.dd!n |
Microsoft | Trojan:Win32/VBObfuse.BIV!MTB |
ViRobot | Trojan.Win.Z.Midie.16384.B |
GData | Gen:Variant.Midie.111126 |
Detected | |
AhnLab-V3 | Trojan/Win32.RL_Vobfus.R326912 |
VBA32 | Malware-Cryptor.VB.gen.1 |
ALYac | Gen:Variant.Midie.111126 |
MAX | malware (ai score=82) |
Cylance | unsafe |
TrendMicro-HouseCall | TROJ_GEN.R002C0DCS23 |
Rising | Downloader.Generic!8.141 (TFE:4:2XZfwNMewX) |