Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 15, 2023, 5:26 p.m. | Sept. 15, 2023, 5:36 p.m. |
-
-
-
wombiziksy.exe "C:\Users\test22\AppData\Local\Temp\wombiziksy.exe"
2716
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.vaskaworldairways.com |
CNAME
fletchto99.com
|
71.33.149.60 |
www.docomo-mobileconsulting.com | 91.195.240.109 | |
www.uadmxqby.click | ||
www.zhperviepixie.com |
CNAME
zhperviepixie.com
|
167.172.228.26 |
www.sarthaksrishticreation.com | 119.18.49.69 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49167 -> 119.18.49.69:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49169 -> 71.33.149.60:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49168 -> 91.195.240.109:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49166 -> 167.172.228.26:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.zhperviepixie.com/sy22/?8pM0A2PH=hdFL0kwy0tP2Sq5zkMkXOvLbydzGG5NDjXbLdYDkA/+zwUFtuqh4YP0DuyJcd4UMQHwk1geg&Cda4=inCHhv7P | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.sarthaksrishticreation.com/sy22/?8pM0A2PH=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&Cda4=inCHhv7P | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.docomo-mobileconsulting.com/sy22/?8pM0A2PH=lVM1xi/uUQcXVrGb3v1MnIj4JTU8QNZxAwtnBLuxN6GTboe8PABHdOr2nABXcw5/boXeCr4R&Cda4=inCHhv7P | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.vaskaworldairways.com/sy22/?8pM0A2PH=0xwPlKA6nfVb2/YVENf+IWv5xvicy/R8paHQQCrWR7ymRnci8vQj1/jQPH6Z9LiVJHGqShyE&Cda4=inCHhv7P |
request | GET http://www.zhperviepixie.com/sy22/?8pM0A2PH=hdFL0kwy0tP2Sq5zkMkXOvLbydzGG5NDjXbLdYDkA/+zwUFtuqh4YP0DuyJcd4UMQHwk1geg&Cda4=inCHhv7P |
request | GET http://www.sarthaksrishticreation.com/sy22/?8pM0A2PH=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&Cda4=inCHhv7P |
request | GET http://www.docomo-mobileconsulting.com/sy22/?8pM0A2PH=lVM1xi/uUQcXVrGb3v1MnIj4JTU8QNZxAwtnBLuxN6GTboe8PABHdOr2nABXcw5/boXeCr4R&Cda4=inCHhv7P |
request | GET http://www.vaskaworldairways.com/sy22/?8pM0A2PH=0xwPlKA6nfVb2/YVENf+IWv5xvicy/R8paHQQCrWR7ymRnci8vQj1/jQPH6Z9LiVJHGqShyE&Cda4=inCHhv7P |
file | C:\Users\test22\AppData\Local\Temp\wombiziksy.exe |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Strab.4!c |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.Garf.Gen.10 |
FireEye | Generic.mg.3950dff062247d4a |
ALYac | Trojan.NSISX.Spy.Gen.24 |
Malwarebytes | Generic.Malware/Suspicious |
Sangfor | Suspicious.Win32.Save.ins |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.Garf.Gen.10 [many] |
BitDefenderTheta | Gen:NN.ZexaF.36662.kuW@ayeFc0di |
Cyren | W32/Ninjector.JO.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Injector_AGen.ACN |
APEX | Malicious |
Cynet | Malicious (score: 100) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Trojan.Garf.Gen.10 |
Avast | Win32:TrojanX-gen [Trj] |
Emsisoft | Trojan.Garf.Gen.10 (B) |
VIPRE | Trojan.Garf.Gen.10 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.fc |
Trapmine | malicious.moderate.ml.score |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Win32.Injector |
Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Trojan.NSISX.Spy.Gen.24 |
Detected | |
AhnLab-V3 | Trojan/Win.NSISInject.R587856 |
McAfee | Artemis!3950DFF06224 |
MAX | malware (ai score=83) |
VBA32 | BScope.Trojan.Injector |
Cylance | unsafe |
Rising | Trojan.Convagent!8.12323 (TFE:5:EbkO1syneSG) |
SentinelOne | Static AI - Suspicious PE |
Fortinet | NSIS/Injector.ETGJ!tr |
AVG | Win32:TrojanX-gen [Trj] |
Cybereason | malicious.dd28f3 |
DeepInstinct | MALICIOUS |