Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 8, 2023, 7:37 a.m. | Sept. 8, 2023, 7:39 a.m. |
-
-
-
mifeajgx.exe "C:\Users\test22\AppData\Local\Temp\mifeajgx.exe"
2716
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.mysticheightstrail.com |
CNAME
mysticheightstrail.com
|
34.102.136.180 |
www.zhperviepixie.com |
CNAME
zhperviepixie.com
|
167.172.228.26 |
www.drpenawaraircondhargarahmah.com | ||
www.gracefullytouchedartistry.com |
CNAME
cdn1.wixdns.net
|
34.149.87.45 |
www.thwmlohr.click | 43.154.67.170 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49166 -> 34.102.136.180:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49167 -> 167.172.228.26:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49169 -> 43.154.67.170:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49168 -> 34.149.87.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.mysticheightstrail.com/sy22/?EDK8gDR=Q5FfiwTKAQAoPcoP4e5kySmJcOUQtYy/n0X88F5fBW8bclPVBZXpMCw8fqRp6JUwXvQoTE+1&BZ=E2M4oNPx_Ln | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.zhperviepixie.com/sy22/?EDK8gDR=hdFL0kwy0tP2Sq5zkMkXOvLbydzGG5NDjXbLdYDkA/+zwUFtuqh4YP0DuyJcd4UMQHwk1geg&BZ=E2M4oNPx_Ln | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.gracefullytouchedartistry.com/sy22/?EDK8gDR=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&BZ=E2M4oNPx_Ln | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.thwmlohr.click/sy22/?EDK8gDR=MgkfgN3fpomwP7fWV5mTPmG15nWdJlegbQggwbe1T0jMd3AI1ruzVKLfVQH9NXyhXYV15IAt&BZ=E2M4oNPx_Ln |
request | GET http://www.mysticheightstrail.com/sy22/?EDK8gDR=Q5FfiwTKAQAoPcoP4e5kySmJcOUQtYy/n0X88F5fBW8bclPVBZXpMCw8fqRp6JUwXvQoTE+1&BZ=E2M4oNPx_Ln |
request | GET http://www.zhperviepixie.com/sy22/?EDK8gDR=hdFL0kwy0tP2Sq5zkMkXOvLbydzGG5NDjXbLdYDkA/+zwUFtuqh4YP0DuyJcd4UMQHwk1geg&BZ=E2M4oNPx_Ln |
request | GET http://www.gracefullytouchedartistry.com/sy22/?EDK8gDR=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&BZ=E2M4oNPx_Ln |
request | GET http://www.thwmlohr.click/sy22/?EDK8gDR=MgkfgN3fpomwP7fWV5mTPmG15nWdJlegbQggwbe1T0jMd3AI1ruzVKLfVQH9NXyhXYV15IAt&BZ=E2M4oNPx_Ln |
file | C:\Users\test22\AppData\Local\Temp\mifeajgx.exe |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Strab.4!c |
MicroWorld-eScan | Gen:Variant.Ransom.Loki.17507 |
FireEye | Generic.mg.b2aff4034e70921c |
ALYac | Gen:Trojan.Heur.KT.5.sCW@aWyWV@pi |
Sangfor | Suspicious.Win32.Save.ins |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.Ransom.Loki.D4463 [many] |
BitDefenderTheta | AI:Packer.0FDC35B621 |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Injector.ETGW |
Cynet | Malicious (score: 100) |
APEX | Malicious |
BitDefender | Gen:Variant.Ransom.Loki.17507 |
Avast | Win32:PWSX-gen [Trj] |
Sophos | Mal/Generic-S |
VIPRE | Gen:Variant.Ransom.Loki.17507 |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.fc |
Trapmine | malicious.moderate.ml.score |
Emsisoft | Gen:Variant.Ransom.Loki.17507 (B) |
Ikarus | Trojan.Win32.Injector |
Webroot | W32.Malware.Gen |
MAX | malware (ai score=85) |
Gridinsoft | Trojan.Win32.FormBook.bot |
Microsoft | Trojan:Win32/Lokibot.SIS!MTB |
GData | Gen:Variant.Ransom.Loki.17507 |
Detected | |
AhnLab-V3 | Trojan/Win.Generic.R585815 |
McAfee | Artemis!B2AFF4034E70 |
VBA32 | BScope.Trojan.Strab |
Cylance | unsafe |
Rising | Trojan.Generic@AI.85 (RDML:0oAToU6fRWMk2etjLnLNyA) |
SentinelOne | Static AI - Suspicious PE |
Fortinet | NSIS/Injector.ETGJ!tr |
AVG | Win32:PWSX-gen [Trj] |
DeepInstinct | MALICIOUS |