Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 9, 2023, 9:36 p.m. | Sept. 9, 2023, 9:40 p.m. |
-
-
-
fzfyx.exe "C:\Users\test22\AppData\Local\Temp\fzfyx.exe"
2100
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.omclaval.com |
CNAME
gcdn0.wixdns.net
|
34.117.168.233 |
www.sx15k.com |
CNAME
sx15kcom.gotoip55.com
CNAME
web.dl31.vhostgo.com
CNAME
web.dl31.abc188.com
|
211.149.249.34 |
www.gk84.com |
CNAME
gk84.com
|
107.148.223.82 |
www.gracefullytouchedartistry.com |
CNAME
cdn1.wixdns.net
|
34.149.87.45 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49168 -> 34.149.87.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49166 -> 107.148.223.82:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49169 -> 34.117.168.233:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49167 -> 211.149.249.34:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.gk84.com/sy22/?Mfg=EZXT1couL1SMJvG2qeg6eanykcNOwoSwRkeI+9JF3ekTKFJ8rStu/JDK0lzRposG9gxESXnb&D6h4=O2JdRpPP8 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.sx15k.com/sy22/?Mfg=uDOmxGSZOI7byjRwM2VfDnyujtJEJ3PREhDiUuqfTZK7lE43sYjySeizw7LCJ3MdEZKjGoPp&D6h4=O2JdRpPP8 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.gracefullytouchedartistry.com/sy22/?Mfg=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&D6h4=O2JdRpPP8 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.omclaval.com/sy22/?Mfg=Vmf4Q5/zoPfldgruhOQLZP4+4m5gHfPs/jeCYPGlLiq5dZVswyzLC3uxqGOHhCLAF9vvj7E0&D6h4=O2JdRpPP8 |
request | GET http://www.gk84.com/sy22/?Mfg=EZXT1couL1SMJvG2qeg6eanykcNOwoSwRkeI+9JF3ekTKFJ8rStu/JDK0lzRposG9gxESXnb&D6h4=O2JdRpPP8 |
request | GET http://www.sx15k.com/sy22/?Mfg=uDOmxGSZOI7byjRwM2VfDnyujtJEJ3PREhDiUuqfTZK7lE43sYjySeizw7LCJ3MdEZKjGoPp&D6h4=O2JdRpPP8 |
request | GET http://www.gracefullytouchedartistry.com/sy22/?Mfg=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&D6h4=O2JdRpPP8 |
request | GET http://www.omclaval.com/sy22/?Mfg=Vmf4Q5/zoPfldgruhOQLZP4+4m5gHfPs/jeCYPGlLiq5dZVswyzLC3uxqGOHhCLAF9vvj7E0&D6h4=O2JdRpPP8 |
file | C:\Users\test22\AppData\Local\Temp\fzfyx.exe |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Strab.4!c |
MicroWorld-eScan | Trojan.GenericKD.69192829 |
FireEye | Generic.mg.e99042bc75c1e7c4 |
ALYac | Gen:Variant.Fragtor.357332 |
Malwarebytes | Trojan.FormBook.NSIS |
Sangfor | Suspicious.Win32.Save.ins |
K7AntiVirus | Trojan ( 005aafd11 ) |
K7GW | Trojan ( 005aafd11 ) |
Cybereason | malicious.1d492b |
Cyren | W32/Injector.BQS.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Injector.ETGY |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Kaspersky | HEUR:Trojan.Win32.Strab.gen |
BitDefender | Trojan.GenericKD.69192829 |
Avast | Win32:PWSX-gen [Trj] |
Tencent | Win32.Trojan.Strab.Dtgl |
Emsisoft | Trojan.GenericKD.69192829 (B) |
F-Secure | Trojan.TR/LokiBot.brbyg |
DrWeb | Trojan.Siggen21.27135 |
VIPRE | Trojan.GenericKD.69192829 |
TrendMicro | TROJ_GEN.R002C0DI823 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.fc |
Trapmine | malicious.moderate.ml.score |
Sophos | Mal/Generic-S |
SentinelOne | Static AI - Suspicious PE |
Avira | TR/AD.Swotter.lckxb |
MAX | malware (ai score=85) |
Microsoft | Trojan:Win32/Formbook.AT!MTB |
Gridinsoft | Trojan.Win32.FormBook.bot |
Xcitium | Malware@#17ygr7vwur632 |
Arcabit | Trojan.Generic.D41FCC7D |
ViRobot | Trojan.Win.Z.Strab.368282 |
ZoneAlarm | HEUR:Trojan.Win32.Strab.gen |
GData | Trojan.GenericKD.69192829 |
Detected | |
AhnLab-V3 | Trojan/Win.Generic.R585815 |
McAfee | Artemis!E99042BC75C1 |
VBA32 | BScope.Trojan.Strab |
Cylance | unsafe |
Panda | Trj/Chgt.AD |
Rising | Trojan.Lokibot!8.F1B5 (TFE:5:2497Qq5krJT) |
Ikarus | Trojan.Win32.Injector |
Fortinet | NSIS/Injector.ETGJ!tr |
BitDefenderTheta | Gen:NN.ZexaF.36662.sCW@aG6h5Dhi |
AVG | Win32:PWSX-gen [Trj] |
DeepInstinct | MALICIOUS |