Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | July 20, 2023, 7:35 a.m. | July 20, 2023, 7:38 a.m. |
-
-
lzoCW4lLiTNeo.exe "C:\Users\test22\AppData\Local\Temp\lzoCW4lLiTNeo.exe"
2668
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.1xboro7.click | 104.21.47.7 | |
www.mtproductions.xyz |
CNAME
mtproductions.xyz
|
103.138.151.78 |
www.getflooringservices.today | 172.67.183.64 | |
www.ezkiosystem.com | 170.130.208.37 | |
www.trwc.online | 162.0.238.217 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49169 -> 103.138.151.78:80 | 2031088 | ET HUNTING Request to .XYZ Domain with Minimal Headers | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.trwc.online/k2l0/?v2Jx4=TY0eLS25TbGWIPoAvIBkbiGMyWIlUL+junlCch65rY0chgQMasfhvMnMRaLp/GGSn7X9xMH4&jJBP_F=PPJHa6cP0fV4ANB0 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.ezkiosystem.com/k2l0/?v2Jx4=xqYImV8HKxPdTcT8y9GMwftV4Cj/nHOqtw0ItIHCgt3zlewQWki2gcTtgHbczwBAu8VEYRGB&jJBP_F=PPJHa6cP0fV4ANB0 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.1xboro7.click/k2l0/?v2Jx4=gdIo5mM9lXBdi558t2eJ3ed4IEH2JjF3YUJjs/DuOxOlHAWx6kMfp5pai83Dg+nwI9+C5pp6&jJBP_F=PPJHa6cP0fV4ANB0 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.mtproductions.xyz/k2l0/?v2Jx4=o2du+VOpfCxxrHF0jTeQdwEN/Nb3oP3iwGp0y37hEj8zJFJ0k0b8cpmxFrA37JuCeHQ21Z1q&jJBP_F=PPJHa6cP0fV4ANB0 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.getflooringservices.today/k2l0/?v2Jx4=FvRqhx5F0gpoyzkzEA/2xbKvy1jG9ib4vK3RJ9Rey27fu6ve9bbhEuDygjhGMwuuWgCzAHD/&jJBP_F=PPJHa6cP0fV4ANB0 |
request | GET http://www.trwc.online/k2l0/?v2Jx4=TY0eLS25TbGWIPoAvIBkbiGMyWIlUL+junlCch65rY0chgQMasfhvMnMRaLp/GGSn7X9xMH4&jJBP_F=PPJHa6cP0fV4ANB0 |
request | GET http://www.ezkiosystem.com/k2l0/?v2Jx4=xqYImV8HKxPdTcT8y9GMwftV4Cj/nHOqtw0ItIHCgt3zlewQWki2gcTtgHbczwBAu8VEYRGB&jJBP_F=PPJHa6cP0fV4ANB0 |
request | GET http://www.1xboro7.click/k2l0/?v2Jx4=gdIo5mM9lXBdi558t2eJ3ed4IEH2JjF3YUJjs/DuOxOlHAWx6kMfp5pai83Dg+nwI9+C5pp6&jJBP_F=PPJHa6cP0fV4ANB0 |
request | GET http://www.mtproductions.xyz/k2l0/?v2Jx4=o2du+VOpfCxxrHF0jTeQdwEN/Nb3oP3iwGp0y37hEj8zJFJ0k0b8cpmxFrA37JuCeHQ21Z1q&jJBP_F=PPJHa6cP0fV4ANB0 |
request | GET http://www.getflooringservices.today/k2l0/?v2Jx4=FvRqhx5F0gpoyzkzEA/2xbKvy1jG9ib4vK3RJ9Rey27fu6ve9bbhEuDygjhGMwuuWgCzAHD/&jJBP_F=PPJHa6cP0fV4ANB0 |
file | C:\Users\test22\AppData\Local\Temp\nssF176.tmp\btsbjnjm.dll |
file | C:\Users\test22\AppData\Local\Temp\nssF176.tmp\btsbjnjm.dll |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Agent.tshg |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.NSISX.Spy.Gen.24 |
FireEye | Generic.mg.bacd8202f058ddcc |
McAfee | Artemis!BACD8202F058 |
Sangfor | Trojan.Win32.Agent.V059 |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.NSISX.Spy.Gen.24 [many] |
BitDefenderTheta | Gen:NN.ZedlaF.36318.du4@aifJYkdi |
Cyren | W32/Injector.BOI.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Injector.ETDA |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Trojan.NSISX.Spy.Gen.24 |
Avast | FileRepMalware [Trj] |
Sophos | Mal/Generic-S |
F-Secure | Trojan.TR/AD.Swotter.hxuhr |
VIPRE | Trojan.NSISX.Spy.Gen.24 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.dc |
Trapmine | malicious.moderate.ml.score |
Emsisoft | Trojan.NSISX.Spy.Gen.24 (B) |
Ikarus | Trojan.Win32.Injector |
Webroot | W32.Trojan.NSISX.Spy |
Avira | TR/AD.Swotter.hxuhr |
Gridinsoft | Trojan.Win32.FormBook.bot |
Microsoft | Trojan:Win32/Strab.GNG!MTB |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Win32.Trojan.Agent.YC5W7E |
Detected | |
AhnLab-V3 | Infostealer/Win.Generic.R563828 |
MAX | malware (ai score=83) |
Cylance | unsafe |
Panda | Trj/Chgt.AD |
Rising | Trojan.Injector!1.E835 (CLASSIC) |
SentinelOne | Static AI - Suspicious PE |
Fortinet | NSIS/Agent.DCAC!tr |
AVG | FileRepMalware [Trj] |
Cybereason | malicious.2f058d |
DeepInstinct | MALICIOUS |