Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 20, 2023, 5:54 p.m. | Sept. 20, 2023, 5:56 p.m. |
-
TiWorker.exe "C:\Users\test22\AppData\Local\Temp\TiWorker.exe"
2528
IP Address | Status | Action |
---|---|---|
103.71.154.244 | Active | Moloch |
104.21.13.143 | Active | Moloch |
104.21.21.57 | Active | Moloch |
164.124.101.2 | Active | Moloch |
199.59.243.224 | Active | Moloch |
216.239.36.21 | Active | Moloch |
216.240.130.67 | Active | Moloch |
216.40.34.41 | Active | Moloch |
23.104.137.185 | Active | Moloch |
45.33.6.223 | Active | Moloch |
67.223.117.37 | Active | Moloch |
81.171.28.43 | Active | Moloch |
85.128.134.237 | Active | Moloch |
Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.prosourcegraniteinc.com/kniu/?zM2u=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&r8LF=ldF1y4FXSVpJ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.theartboxslidell.com/kniu/?zM2u=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&r8LF=ldF1y4FXSVpJ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.xxkxcfkujyeft.xyz/kniu/?zM2u=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&r8LF=ldF1y4FXSVpJ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.onlyleona.com/kniu/?zM2u=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&r8LF=ldF1y4FXSVpJ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.tsygy.com/kniu/?zM2u=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&r8LF=ldF1y4FXSVpJ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.poultry-symposium.com/kniu/?zM2u=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&r8LF=ldF1y4FXSVpJ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.frefire.top/kniu/?zM2u=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&r8LF=ldF1y4FXSVpJ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.siteapp.fun/kniu/?zM2u=6sBKYXqHQWHKIO2IG+2EqtcAj7thqVpOenJ3Aw9YNEL5O7rEWmoX1sx8Xe3NA3a7pLf2GEiO8AkwTW2yzvekojaHRlDYosZEDLTR5OQ=&r8LF=ldF1y4FXSVpJ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.flyingfoxnb.com/kniu/?zM2u=2khzscf+uoNd4qXDJMvMlsCGRf74adwr4dCZmsSaM5bi7vY8OWwGY+oUQIQbfdmtzbAFku/2CGFb1XO6VHKJWfD6Hx+uzWgInko6T2A=&r8LF=ldF1y4FXSVpJ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.palatepursuits.cfd/kniu/?zM2u=hbIoOV/dmdXO2xpIn07o59QoAXcFh8OwL7wE3CCbwPL4DaTNKf4A6Fx93MICWs67Kq9ozN+vd0WYpt+cGdGxDSTpWz7Z0RqHqaDgDUU=&r8LF=ldF1y4FXSVpJ |
request | POST http://www.prosourcegraniteinc.com/kniu/ |
request | GET http://www.prosourcegraniteinc.com/kniu/?zM2u=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&r8LF=ldF1y4FXSVpJ |
request | GET http://www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip |
request | POST http://www.theartboxslidell.com/kniu/ |
request | GET http://www.theartboxslidell.com/kniu/?zM2u=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&r8LF=ldF1y4FXSVpJ |
request | POST http://www.xxkxcfkujyeft.xyz/kniu/ |
request | GET http://www.xxkxcfkujyeft.xyz/kniu/?zM2u=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&r8LF=ldF1y4FXSVpJ |
request | POST http://www.onlyleona.com/kniu/ |
request | GET http://www.onlyleona.com/kniu/?zM2u=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&r8LF=ldF1y4FXSVpJ |
request | POST http://www.tsygy.com/kniu/ |
request | GET http://www.tsygy.com/kniu/?zM2u=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&r8LF=ldF1y4FXSVpJ |
request | POST http://www.poultry-symposium.com/kniu/ |
request | GET http://www.poultry-symposium.com/kniu/?zM2u=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&r8LF=ldF1y4FXSVpJ |
request | POST http://www.frefire.top/kniu/ |
request | GET http://www.frefire.top/kniu/?zM2u=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&r8LF=ldF1y4FXSVpJ |
request | POST http://www.siteapp.fun/kniu/ |
request | GET http://www.siteapp.fun/kniu/?zM2u=6sBKYXqHQWHKIO2IG+2EqtcAj7thqVpOenJ3Aw9YNEL5O7rEWmoX1sx8Xe3NA3a7pLf2GEiO8AkwTW2yzvekojaHRlDYosZEDLTR5OQ=&r8LF=ldF1y4FXSVpJ |
request | POST http://www.flyingfoxnb.com/kniu/ |
request | GET http://www.flyingfoxnb.com/kniu/?zM2u=2khzscf+uoNd4qXDJMvMlsCGRf74adwr4dCZmsSaM5bi7vY8OWwGY+oUQIQbfdmtzbAFku/2CGFb1XO6VHKJWfD6Hx+uzWgInko6T2A=&r8LF=ldF1y4FXSVpJ |
request | POST http://www.palatepursuits.cfd/kniu/ |
request | GET http://www.palatepursuits.cfd/kniu/?zM2u=hbIoOV/dmdXO2xpIn07o59QoAXcFh8OwL7wE3CCbwPL4DaTNKf4A6Fx93MICWs67Kq9ozN+vd0WYpt+cGdGxDSTpWz7Z0RqHqaDgDUU=&r8LF=ldF1y4FXSVpJ |
request | POST http://www.prosourcegraniteinc.com/kniu/ |
request | POST http://www.theartboxslidell.com/kniu/ |
request | POST http://www.xxkxcfkujyeft.xyz/kniu/ |
request | POST http://www.onlyleona.com/kniu/ |
request | POST http://www.tsygy.com/kniu/ |
request | POST http://www.poultry-symposium.com/kniu/ |
request | POST http://www.frefire.top/kniu/ |
request | POST http://www.siteapp.fun/kniu/ |
request | POST http://www.flyingfoxnb.com/kniu/ |
request | POST http://www.palatepursuits.cfd/kniu/ |
domain | www.frefire.top | description | Generic top level domain TLD |
section | {u'size_of_data': u'0x0002d600', u'virtual_address': u'0x00001000', u'entropy': 7.996844157192147, u'name': u'.text', u'virtual_size': u'0x0002d504'} | entropy | 7.99684415719 | description | A section with a high entropy has been found | |||||||||
entropy | 1.0 | description | Overall entropy of this PE file is high |
Bkav | W32.Common.B4759783 |
Lionic | Trojan.Win32.Noon.4!c |
MicroWorld-eScan | Gen:Variant.Ser.Razy.7042 |
FireEye | Generic.mg.9809924a1fb00828 |
ALYac | Gen:Variant.Ser.Razy.7042 |
Malwarebytes | Trojan.Crypt |
Sangfor | Trojan.Win32.Formbook.Vt2t |
K7AntiVirus | Trojan ( 00536d121 ) |
Alibaba | Trojan:Win32/Formbook.2c18bffa |
K7GW | Riskware ( 0040eff71 ) |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.Ser.Razy.D1B82 |
VirIT | Trojan.Win32.GenusT.DRMH |
Cyren | W32/Formbook.N.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Formbook.AK |
APEX | Malicious |
Cynet | Malicious (score: 100) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Gen:Variant.Ser.Razy.7042 |
Avast | Win32:PWSX-gen [Trj] |
Tencent | Win32.Trojan.Generic.Fajl |
Sophos | Troj/Formbook-A |
F-Secure | Trojan.TR/Crypt.ZPACK.Gen |
DrWeb | Trojan.Packed2.45325 |
VIPRE | Gen:Variant.Ser.Razy.7042 |
TrendMicro | TROJ_GEN.R002C0DIH23 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.cc |
Trapmine | malicious.high.ml.score |
Emsisoft | Gen:Variant.Ser.Razy.7042 (B) |
SentinelOne | Static AI - Malicious PE |
Avira | TR/Crypt.ZPACK.Gen |
MAX | malware (ai score=89) |
Antiy-AVL | GrayWare/Win32.Formbook.A |
Gridinsoft | Trojan.Win32.Packed.sa |
Microsoft | Trojan:Win32/Formbook.RG!MTB |
ViRobot | Trojan.Win.Z.Formbook.190464.S |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Gen:Variant.Ser.Razy.7042 |
AhnLab-V3 | Trojan/Win.Formbook.X2184 |
McAfee | GenericRXVJ-YP!9809924A1FB0 |
VBA32 | Malware-Cryptor.General.3 |
Cylance | unsafe |
Panda | Trj/Chgt.AD |
TrendMicro-HouseCall | TROJ_GEN.R002C0DIH23 |
Rising | Ransom.Digitala!8.305 (TFE:3:4bkQNC3KfED) |
Ikarus | Trojan.Win32.Formbook |
Fortinet | W32/Formbook.AK!tr |
BitDefenderTheta | AI:Packer.428E21B61E |