Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Oct. 12, 2023, 7:42 a.m. | Oct. 12, 2023, 7:49 a.m. |
-
-
-
ynyasozukh.exe "C:\Users\test22\AppData\Local\Temp\ynyasozukh.exe"
2192
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.new-minerals.com |
CNAME
cname.xg167.lhxh.cn
|
103.146.179.167 |
www.abstractcertify.com | ||
www.ocoala.com | 13.248.169.48 | |
www.aspiredstudio.com |
CNAME
aspiredstudio.com
|
199.36.158.100 |
www.tugerdi.site |
CNAME
tugerdi.site
|
93.89.226.17 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49166 -> 76.223.54.146:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49168 -> 199.36.158.100:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49169 -> 103.146.179.167:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49167 -> 93.89.226.17:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.ocoala.com/t6tg/?Tj=Bo69CXQCSq8YAZlSXsSXSHHhzBc0NkTLrUDc3+XWv9vtXAWnC5Ex0xTxf+gUzISZTYrGWz37&RX=dn98bVV8c4CP | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.aspiredstudio.com/t6tg/?Tj=2Be6iIgSXmfB1nqJxUfd7To44XQGyUfcHTuBHOXScd6rc4VNel4uavXkn/Sr1IDzPZX3+Zir&RX=dn98bVV8c4CP | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.new-minerals.com/t6tg/?Tj=KAteo39jXhYLV1ChmFznVIk+hBqN4AymFECkKH2GQakbZ7TdByL07ntBP05Gab5nXO3C3vF7&RX=dn98bVV8c4CP |
request | GET http://www.ocoala.com/t6tg/?Tj=Bo69CXQCSq8YAZlSXsSXSHHhzBc0NkTLrUDc3+XWv9vtXAWnC5Ex0xTxf+gUzISZTYrGWz37&RX=dn98bVV8c4CP |
request | GET http://www.aspiredstudio.com/t6tg/?Tj=2Be6iIgSXmfB1nqJxUfd7To44XQGyUfcHTuBHOXScd6rc4VNel4uavXkn/Sr1IDzPZX3+Zir&RX=dn98bVV8c4CP |
request | GET http://www.new-minerals.com/t6tg/?Tj=KAteo39jXhYLV1ChmFznVIk+hBqN4AymFECkKH2GQakbZ7TdByL07ntBP05Gab5nXO3C3vF7&RX=dn98bVV8c4CP |
file | C:\Users\test22\AppData\Local\Temp\ynyasozukh.exe |
Lionic | Trojan.Win32.Remcos.4!c |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.NSISX.Spy.Gen.24 |
Skyhigh | BehavesLike.Win32.Generic.fc |
McAfee | Artemis!7F4BE9FCB737 |
Malwarebytes | Generic.Malware/Suspicious |
VIPRE | Trojan.NSISX.Spy.Gen.24 |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.NSISX.Spy.Gen.24 [many] |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Injector.ETJG |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Kaspersky | UDS:Trojan.Win32.Strab.ddb |
BitDefender | Trojan.NSISX.Spy.Gen.24 |
Avast | Win32:Evo-gen [Trj] |
Emsisoft | Trojan.NSISX.Spy.Gen.24 (B) |
FireEye | Generic.mg.7f4be9fcb7371a4a |
Sophos | Mal/Generic-S |
Ikarus | Trojan.NSIS.Agent |
Varist | W32/Trojan.DNGJ-4663 |
MAX | malware (ai score=85) |
Kingsoft | malware.kb.a.905 |
Gridinsoft | Ransom.Win32.Wacatac.sa |
Microsoft | Trojan:Win32/Znyonm |
ZoneAlarm | UDS:Trojan.Win32.Strab.gen |
GData | Trojan.NSISX.Spy.Gen.24 |
Detected | |
VBA32 | BScope.Trojan.Injector |
ALYac | Gen:Variant.Fragtor.386231 |
Cylance | unsafe |
Panda | Trj/Chgt.AD |
Rising | Trojan.Generic@AI.98 (RDML:KiTIC8lmrni13eTvjLC7Zg) |
BitDefenderTheta | Gen:NN.ZexaF.36738.kmW@aKHPk3b |
AVG | Win32:Evo-gen [Trj] |
Cybereason | malicious.5a81e7 |
DeepInstinct | MALICIOUS |