Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Oct. 11, 2023, 7:47 a.m. | Oct. 11, 2023, 7:50 a.m. |
-
-
-
odjkem.exe "C:\Users\test22\AppData\Local\Temp\odjkem.exe"
2200
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.oneresi.com |
CNAME
oneresi.com
|
15.197.148.33 |
www.bowllywood.com | 156.241.138.74 | |
www.qianxz109.xyz | ||
www.trailblazerbaby.com |
CNAME
ext-sq.squarespace.com
|
198.49.23.144 |
www.seoulbeautytw.com |
CNAME
easystore.map.fastly.net
|
151.101.194.236 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49168 -> 156.241.138.74:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49166 -> 198.49.23.145:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49169 -> 15.197.148.33:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49167 -> 146.75.50.236:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.trailblazerbaby.com/ge06/?cxlL6=Vn36JpzNTKaSb0MTbSztLcrwH0nGOIWlPxp5C0tdRb7z35/kOAEpp28Rs4alwfkjtZwLX/a3&Tj=YBZ0 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.seoulbeautytw.com/ge06/?cxlL6=Qc2b7R052BxaaIixZxZchyIrCtI6dOvdNg5lwCRd5bjXdsmVEtEF/rdDBYlFLrvTnx09Yrft&Tj=YBZ0 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.bowllywood.com/ge06/?cxlL6=uEJyp/LCRcqeyVkDqWXotAOO7ojlhdOeJwNXEXO62CdMmnp4nkE9E2jcl8Y9Q/hLDx6OjvQc&Tj=YBZ0 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.oneresi.com/ge06/?cxlL6=TxZz26qHBFBWLipdaFP8DXj847gFVWoG3E2dnld5pyULLNin+5TsGSuzug1CwjEl4T2LS/ZH&Tj=YBZ0 |
request | GET http://www.trailblazerbaby.com/ge06/?cxlL6=Vn36JpzNTKaSb0MTbSztLcrwH0nGOIWlPxp5C0tdRb7z35/kOAEpp28Rs4alwfkjtZwLX/a3&Tj=YBZ0 |
request | GET http://www.seoulbeautytw.com/ge06/?cxlL6=Qc2b7R052BxaaIixZxZchyIrCtI6dOvdNg5lwCRd5bjXdsmVEtEF/rdDBYlFLrvTnx09Yrft&Tj=YBZ0 |
request | GET http://www.bowllywood.com/ge06/?cxlL6=uEJyp/LCRcqeyVkDqWXotAOO7ojlhdOeJwNXEXO62CdMmnp4nkE9E2jcl8Y9Q/hLDx6OjvQc&Tj=YBZ0 |
request | GET http://www.oneresi.com/ge06/?cxlL6=TxZz26qHBFBWLipdaFP8DXj847gFVWoG3E2dnld5pyULLNin+5TsGSuzug1CwjEl4T2LS/ZH&Tj=YBZ0 |
file | C:\Users\test22\AppData\Local\Temp\odjkem.exe |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Strab.4!c |
MicroWorld-eScan | Trojan.Garf.Gen.7 |
Skyhigh | BehavesLike.Win32.Generic.fc |
Cylance | unsafe |
Cybereason | malicious.24fc93 |
Arcabit | Trojan.Garf.Gen.7 [many] |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Kaspersky | UDS:Trojan.Win32.Strab.dby |
BitDefender | Trojan.Garf.Gen.7 |
Avast | Win32:TrojanX-gen [Trj] |
Emsisoft | Trojan.Garf.Gen.7 (B) |
VIPRE | Trojan.Garf.Gen.7 |
FireEye | Generic.mg.f66044875f6dff90 |
Ikarus | Trojan.NSIS.Agent |
MAX | malware (ai score=83) |
Kingsoft | malware.kb.a.926 |
Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Trojan.NSISX.Spy.Gen.24 |
Detected | |
BitDefenderTheta | Gen:NN.ZexaF.36738.kmW@am@X1vm |
ALYac | Trojan.NSISX.Spy.Gen.24 |
VBA32 | BScope.Trojan.Injector |
Rising | Trojan.Generic@AI.98 (RDML:mwyyO29IPUCFKmAs6/hp+Q) |
AVG | Win32:TrojanX-gen [Trj] |
DeepInstinct | MALICIOUS |
CrowdStrike | win/malicious_confidence_100% (W) |