Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 4, 2023, 8:55 a.m. | Aug. 4, 2023, 9:01 a.m. |
-
-
IB_iso.exe "C:\Users\test22\AppData\Local\Temp\IB_iso.exe"
2776
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.asgnelwin.com | ||
www.03ss.vip |
CNAME
63a4ffed.mycdn.online
|
|
www.mercardosupltda.shop |
CNAME
mercardosupltda.shop
|
154.49.247.55 |
www.vinteligencia.com | 104.21.52.110 | |
www.sofbks.top |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:53004 -> 8.8.8.8:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
TCP 192.168.56.101:49168 -> 154.49.247.55:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49169 -> 172.67.198.50:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.mercardosupltda.shop/sy22/?EZX0sf=3bMgBYp3T8Et67riN3kA3/aeujAUMemYR9Y/JjuHDcyhHg+qjpOYOJGYEHV0e9MGAbxHoQdS&qL3=gjnL3zDh_r | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.vinteligencia.com/sy22/?EZX0sf=bFBzPUMpurqsSaAEhywdCFYwBQqPS0zKvFatuRp4xXu+SuvLn4C9Xg+acXGhzE1ceHoH+Iro&qL3=gjnL3zDh_r |
request | GET http://www.mercardosupltda.shop/sy22/?EZX0sf=3bMgBYp3T8Et67riN3kA3/aeujAUMemYR9Y/JjuHDcyhHg+qjpOYOJGYEHV0e9MGAbxHoQdS&qL3=gjnL3zDh_r |
request | GET http://www.vinteligencia.com/sy22/?EZX0sf=bFBzPUMpurqsSaAEhywdCFYwBQqPS0zKvFatuRp4xXu+SuvLn4C9Xg+acXGhzE1ceHoH+Iro&qL3=gjnL3zDh_r |
domain | www.sofbks.top | description | Generic top level domain TLD |
file | C:\Users\test22\AppData\Local\Temp\nsyF416.tmp\aulnizizac.dll |
file | C:\Users\test22\AppData\Local\Temp\nsyF416.tmp\aulnizizac.dll |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Agent.tshg |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Variant.Nemesis.25866 |
FireEye | Generic.mg.d27e13ce5271639c |
ALYac | Trojan.NSISX.Spy.Gen.24 |
Cylance | unsafe |
Sangfor | Trojan.Win32.Formbook.Vti3 |
Cyren | W32/Ninjector.JO.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Injector.ETEF |
APEX | Malicious |
Cynet | Malicious (score: 100) |
Kaspersky | HEUR:Trojan.Win32.Strab.gen |
BitDefender | Gen:Variant.Nemesis.25866 |
ViRobot | Trojan.Win.Z.Nemesis.247940 |
Emsisoft | Gen:Variant.Nemesis.25866 (B) |
F-Secure | Trojan.TR/AD.GenShell.illbf |
DrWeb | Trojan.Loader.1668 |
VIPRE | Gen:Variant.Nemesis.25866 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.dc |
Trapmine | malicious.moderate.ml.score |
Sophos | Mal/Generic-S |
SentinelOne | Static AI - Suspicious PE |
Webroot | W32.Infostealer.Gen |
Avira | TR/AD.GenShell.xdwes |
Gridinsoft | Trojan.Win32.FormBook.bot |
Arcabit | Trojan.Nemesis.D650A [many] |
ZoneAlarm | HEUR:Trojan.Win32.Strab.gen |
GData | Trojan.NSISX.Spy.Gen.24 |
Detected | |
AhnLab-V3 | Trojan/Win.Generic.R587806 |
McAfee | Artemis!D27E13CE5271 |
MAX | malware (ai score=80) |
Malwarebytes | Trojan.Injector |
Rising | Trojan.FormBook!8.F858 (CLOUD) |
Ikarus | Trojan-Spy.Agent |
Fortinet | NSIS/Agent.DCAC!tr |
BitDefenderTheta | Gen:NN.ZedlaF.36348.bm4@aiCNZ@l |
Panda | Trj/GdSda.A |
CrowdStrike | win/malicious_confidence_100% (W) |