Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Oct. 4, 2023, 7:40 a.m. | Oct. 4, 2023, 7:55 a.m. |
-
-
-
vzhywqyw.exe "C:\Users\test22\AppData\Local\Temp\vzhywqyw.exe"
2092
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.johnnystintshop.com |
CNAME
johnnystintshop.com
|
15.197.148.33 |
www.jizihao1.com | 39.101.169.136 | |
www.mysticheightstrail.com |
CNAME
mysticheightstrail.com
|
15.197.148.33 |
www.apneabirmingham.info |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49168 -> 3.33.130.190:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49166 -> 3.33.130.190:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49167 -> 39.101.169.136:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.mysticheightstrail.com/sy22/?5j=Q5FfiwTKAQAoPcoP4e5kySmJcOUQtYy/n0X88F5fBW8bclPVBZXpMCw8fqRp6JUwXvQoTE+1&vTdDK=LJBx | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.jizihao1.com/sy22/?5j=3PKlaCPIzU4vEpSTCliM62U/p7q8/wgFKC2xum1ddk3IfpDEo7oK1Mr0Jaw/Go0sFzx2J7Yb&vTdDK=LJBx | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.johnnystintshop.com/sy22/?5j=lBpndDaiazzaPDz8oVvNWLtjY8ASY3krgNLZx/nYs7DN6Z9ubRKrMqHrK8vEE3FEQDB+295P&vTdDK=LJBx |
request | GET http://www.mysticheightstrail.com/sy22/?5j=Q5FfiwTKAQAoPcoP4e5kySmJcOUQtYy/n0X88F5fBW8bclPVBZXpMCw8fqRp6JUwXvQoTE+1&vTdDK=LJBx |
request | GET http://www.jizihao1.com/sy22/?5j=3PKlaCPIzU4vEpSTCliM62U/p7q8/wgFKC2xum1ddk3IfpDEo7oK1Mr0Jaw/Go0sFzx2J7Yb&vTdDK=LJBx |
request | GET http://www.johnnystintshop.com/sy22/?5j=lBpndDaiazzaPDz8oVvNWLtjY8ASY3krgNLZx/nYs7DN6Z9ubRKrMqHrK8vEE3FEQDB+295P&vTdDK=LJBx |
file | C:\Users\test22\AppData\Local\Temp\vzhywqyw.exe |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Strab.4!c |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.NSISX.Spy.Gen.24 |
ALYac | Gen:Variant.Jaik.182440 |
Malwarebytes | Malware.AI.2921465108 |
VIPRE | Trojan.NSISX.Spy.Gen.24 |
Sangfor | Spyware.Win32.Agent.Va6g |
CrowdStrike | win/malicious_confidence_100% (W) |
K7GW | Trojan ( 005abde11 ) |
K7AntiVirus | Trojan ( 005abde11 ) |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Injector.ETIQ |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Kaspersky | HEUR:Trojan.Win32.Strab.gen |
BitDefender | Trojan.NSISX.Spy.Gen.24 |
Avast | Win32:AdwareX-gen [Adw] |
Emsisoft | Trojan.NSISX.Spy.Gen.24 (B) |
F-Secure | Heuristic.HEUR/AGEN.1337940 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.fc |
Trapmine | malicious.moderate.ml.score |
FireEye | Generic.mg.5b4cde02e2552a6c |
Sophos | Mal/Generic-S |
GData | Trojan.NSISX.Spy.Gen.24 |
Jiangmin | Trojan.Fsysna.pez |
Avira | HEUR/AGEN.1337940 |
MAX | malware (ai score=84) |
Gridinsoft | Trojan.Win32.Kryptik.oa!s1 |
Arcabit | Trojan.NSISX.Spy.Gen.24 [many] |
ZoneAlarm | HEUR:Trojan.Win32.Strab.gen |
Microsoft | Trojan:Win32/Wacatac.B!ml |
AhnLab-V3 | Win-Trojan/Gandcrab08.Exp |
McAfee | Artemis!5B4CDE02E255 |
Cylance | unsafe |
Rising | Trojan.Generic@AI.87 (RDML:B76BXeXG8QuGEmMnvDyCqA) |
SentinelOne | Static AI - Suspicious PE |
BitDefenderTheta | Gen:NN.ZexaE.36738.kuW@aKMWGOii |
AVG | Win32:AdwareX-gen [Adw] |
Cybereason | malicious.719a6b |
DeepInstinct | MALICIOUS |