Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 20, 2023, 7:29 a.m. | Sept. 20, 2023, 7:32 a.m. |
-
-
-
jkaeg.exe "C:\Users\test22\AppData\Local\Temp\jkaeg.exe"
2804
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.hbiwhwr.shop |
CNAME
hbiwhwr.shop
|
34.102.136.180 |
www.summitstracecolumbus.com | 85.202.174.60 | |
www.278809.com | 154.205.107.177 | |
www.91967.net | 20.205.142.141 | |
www.thwmlohr.click | 43.154.67.170 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49167 -> 20.205.142.141:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49171 -> 43.154.67.170:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49170 -> 34.102.136.180:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49166 -> 85.202.174.60:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.summitstracecolumbus.com/sy22/?-ZeHzZ4=nHjvsxR8MNyek9Frd1eEkzxomyZgRhw7CXfe5CvZzjzDG9G5MlwArHUwsFbqxuFMI96piyiY&Ntiptf=llvt | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.91967.net/sy22/?-ZeHzZ4=uE9wR2Y3PY1yx307bieK+o21csjZIE3yfcLUSuw3Fyc4r02fwZ9qroRs52d1jBHfNCAz8DHk&Ntiptf=llvt | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.hbiwhwr.shop/sy22/?-ZeHzZ4=yd0bSXVZUXdU8qKTRdtZDhtRbXCT/uJkAzwFnTNcMl5wHiXF5PZYexVTbwnTO0CSyNbsU44F&Ntiptf=llvt | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.thwmlohr.click/sy22/?-ZeHzZ4=MgkfgN3fpomwP7fWV5mTPmG15nWdJlegbQggwbe1T0jMd3AI1ruzVKLfVQH9NXyhXYV15IAt&Ntiptf=llvt |
request | GET http://www.summitstracecolumbus.com/sy22/?-ZeHzZ4=nHjvsxR8MNyek9Frd1eEkzxomyZgRhw7CXfe5CvZzjzDG9G5MlwArHUwsFbqxuFMI96piyiY&Ntiptf=llvt |
request | GET http://www.91967.net/sy22/?-ZeHzZ4=uE9wR2Y3PY1yx307bieK+o21csjZIE3yfcLUSuw3Fyc4r02fwZ9qroRs52d1jBHfNCAz8DHk&Ntiptf=llvt |
request | GET http://www.hbiwhwr.shop/sy22/?-ZeHzZ4=yd0bSXVZUXdU8qKTRdtZDhtRbXCT/uJkAzwFnTNcMl5wHiXF5PZYexVTbwnTO0CSyNbsU44F&Ntiptf=llvt |
request | GET http://www.thwmlohr.click/sy22/?-ZeHzZ4=MgkfgN3fpomwP7fWV5mTPmG15nWdJlegbQggwbe1T0jMd3AI1ruzVKLfVQH9NXyhXYV15IAt&Ntiptf=llvt |
file | C:\Users\test22\AppData\Local\Temp\jkaeg.exe |
dead_host | 154.205.107.177:80 |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Strab.4!c |
MicroWorld-eScan | Gen:Variant.Nemesis.2027 |
FireEye | Generic.mg.847c4cd760ad1632 |
ALYac | Gen:Variant.Fragtor.365975 |
Cylance | unsafe |
VIPRE | Gen:Variant.Nemesis.2027 |
Sangfor | Suspicious.Win32.Save.ins |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.Nemesis.D7EB [many] |
Cyren | W32/ABRisk.BJIA-8399 |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Injector.ETHN |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Gen:Variant.Nemesis.2027 |
Avast | Win32:TrojanX-gen [Trj] |
Emsisoft | Gen:Variant.Nemesis.2027 (B) |
F-Secure | Trojan.TR/LokiBot.nelvv |
TrendMicro | TROJ_GEN.R002C0DIJ23 |
McAfee-GW-Edition | BehavesLike.Win32.RealProtect.fc |
Trapmine | malicious.moderate.ml.score |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Win32.Injector |
Webroot | W32.Infostealer.Gen |
Avira | TR/AD.Swotter.ownut |
Gridinsoft | Trojan.Win32.FormBook.bot |
Microsoft | Trojan:Win32/Znyonm |
ZoneAlarm | HEUR:Trojan.Win32.Strab.gen |
GData | Trojan.NSISX.Spy.Gen.24 |
Detected | |
BitDefenderTheta | Gen:NN.ZexaF.36662.muW@aq7JHehi |
MAX | malware (ai score=82) |
VBA32 | BScope.Trojan.Injector |
Malwarebytes | Trojan.Injector |
Panda | Trj/GdSda.A |
Rising | Trojan.Formbook!8.F858 (TFE:5:EDnZZ13kEaH) |
SentinelOne | Static AI - Suspicious PE |
Fortinet | NSIS/Injector.ETGJ!tr |
AVG | Win32:TrojanX-gen [Trj] |
DeepInstinct | MALICIOUS |