Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Nov. 16, 2023, 1:21 p.m. | Nov. 16, 2023, 1:24 p.m. |
-
unsecapp.exe "C:\Users\test22\AppData\Local\Temp\unsecapp.exe"
2648 -
-
firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
3008
-
IP Address | Status | Action |
---|---|---|
118.27.125.154 | Active | Moloch |
154.91.180.241 | Active | Moloch |
162.0.222.119 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.134.1 | Active | Moloch |
192.185.223.51 | Active | Moloch |
198.252.99.243 | Active | Moloch |
198.44.187.121 | Active | Moloch |
199.59.243.225 | Active | Moloch |
207.244.126.150 | Active | Moloch |
208.91.197.132 | Active | Moloch |
216.40.34.41 | Active | Moloch |
34.120.137.41 | Active | Moloch |
34.96.147.60 | Active | Moloch |
45.33.6.223 | Active | Moloch |
76.76.21.241 | Active | Moloch |
83.229.19.76 | Active | Moloch |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:58166 -> 164.124.101.2:53 | 2027863 | ET INFO Observed DNS Query to .biz TLD | Potentially Bad Traffic |
UDP 192.168.56.101:51901 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
TCP 192.168.56.101:49173 -> 198.44.187.121:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
TCP 192.168.56.101:49175 -> 34.96.147.60:80 | 2027876 | ET INFO HTTP Request to Suspicious *.life Domain | Potentially Bad Traffic |
TCP 192.168.56.101:49182 -> 154.91.180.241:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
UDP 192.168.56.101:54883 -> 164.124.101.2:53 | 2027867 | ET INFO Observed DNS Query to .life TLD | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
request | POST http://www.talknconvert.com/zqco/ |
request | GET http://www.talknconvert.com/zqco/?wFt=+y3ZRElHCLe7jmdKMp2JFPlUK9YT5bvGGHfUVKPtd2bXz9pNtTUvPUI0E2mMKKDMK40SLr9h4U0bLKuGzmPR68kee6xzU8cXih09j6g=&o0Ijw=FV31C |
request | GET http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip |
request | GET http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip |
request | GET http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip |
request | GET http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip |
request | GET http://www.sqlite.org/2022/sqlite-dll-win32-x86-3390000.zip |
request | GET http://www.zz23xw.top/zqco/?wFt=VoRUmMaSMr2kGXzG8DGzs0cy5P6qw2FvfeSWrzBmFVf4r1pcQgw7LosabWMBXohSSG87M+jYFIXYlgYqysxLRuA79T8FIpBWYkRSO2Y=&o0Ijw=FV31C |
request | GET http://www.oneillspubs.com/zqco/?wFt=XdRd7IBdWEpb/jCY/gch7kg+lw27Z26x+D3ieONLL7CY8BddAHnhXbvHyElLQzrirdgR+wn8qaFBYv6gfz4EEy7O0ffUbALIB58FlQs=&o0Ijw=FV31C |
request | GET http://www.ezus.life/zqco/?wFt=u471bzHmixRgx8jG34/3521QRSoafTDA19WcHl++OFLBIVcH0DdbJeLxOpVlrYL99BmDVXWg0zcKhLFxNQar41PBegN+NBU9NC/0Y9c=&o0Ijw=FV31C |
request | GET http://www.speedbikesglobal.com/zqco/?wFt=9kePTKggf4eP6/DCGbsdghdg+/LhYxsxm+U+B1ESzIz+TmizgBdCe1eXOmqUrZ0x2YkFTu0erOvA47Ha2c+EVc4yEgJLqy1Od5EFPsA=&o0Ijw=FV31C |
request | GET http://www.ofupakoshi.com/zqco/?wFt=oR8rxthcq91bDeb9vmLMA5uA0V6TVpHsZzEUlFltfnhRD4eEP3S8Ru2FP+uQ72DlNChyjz/yveiA7oMKQr7r0mPigqg1fcYUoRyODkg=&o0Ijw=FV31C |
request | GET http://www.velvet-key-properties.top/zqco/?wFt=3cujheEXCxTSONvEGgHYK3Ro6UrcWljFRITPND+osZObjxCf4likA3rqCl3sr+p4oSCTpecI3ocHZbRBmm9rhynO4PrZ/611WMrx7zI=&o0Ijw=FV31C |
request | GET http://www.wearehydrant.com/zqco/?wFt=yN+4vjoTZa2+2rQfpO28lQWMu+aZ3T74Wrnr375QTRpmINRbNSsldLaHn5rMvgmgz4hpMiEXqXqPXNl5+v6fM5IMtXKekPO/Z+VSq9A=&o0Ijw=FV31C |
request | GET http://www.54c7pv.top/zqco/?wFt=XV3W3W1bHvM399Du4uoMZ6VmM7juBhQ9XL1FfmdLfANGdpYh3tpg4K62NhqwFVpBYKsURc+EQi3NVVDNf+vTi2grpbzFJu9fs/bFcso=&o0Ijw=FV31C |
request | GET http://www.brls.money/zqco/?wFt=kJJUs3T9xo/faco/szFu0NbjBV/XWn0UwEs2UTEFdB9bg8qGS48Zihll1h6n106FVzSgHW/cbGOli2i8W1uBzVY1OSvzf5lm+SHpTzw=&o0Ijw=FV31C |
request | GET http://www.stprov.biz/zqco/?wFt=ogfkNg/1tCd9W0WeOmHDQCOqLPOGwiuWSgR6FQ2+VD8GhLug2Ctv0H3GE0eldR7xC4dFHEP3Eqt1pFBXCYATF7XInOdNSl+LOLADaFA=&o0Ijw=FV31C |
request | GET http://www.tauruss29.click/zqco/?wFt=BXZ/xzuuMumnvtIwilHAju88nUMjodQ2L7qTmXiCbitM75fYFK9Ni/+RZPv+ooYbFCP5HCJJxbmcDVUQEF+nSIUi2tQgIq30IPYEAqs=&o0Ijw=FV31C |
request | GET http://www.izabeladesa.com/zqco/?wFt=xgP5YBHAlkZQY3zMM6zpGwRaICyRepfzD3pvdIKGHZOpNZwdZqd18fiXnD4wcHdwNOCnD+EJd+f9y7+0iF4km1rz8VJupnABKYXyGpk=&o0Ijw=FV31C |
request | GET http://www.surcebmx.shop/zqco/?wFt=sVrFTG3ePMlGeHtN+9NOfDvz/GoZiwZc2hOKEoTgtp1zYewc+7d6IlOKQB9rGmOyetA1JhIO28lR44+yf+JFgN9FJ6btdItGqkraV1A=&o0Ijw=FV31C |
request | GET http://www.ayotundewrites.com/zqco/?wFt=+wI3MeD3jbNUmfUR22cpBsb5CtqXzI827TrKoKznZ2673z1g+k3Zglb4E7/i1xr4Z9cBRHIArS2WPt0us+pQAzv8dUN4XDgXBL/DreA=&o0Ijw=FV31C |
request | POST http://www.talknconvert.com/zqco/ |
domain | www.zz23xw.top | description | Generic top level domain TLD | ||||||
domain | www.54c7pv.top | description | Generic top level domain TLD | ||||||
domain | www.velvet-key-properties.top | description | Generic top level domain TLD |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ |
file | C:\Users\test22\AppData\Local\Temp\unsecapp.exe |
section | {u'size_of_data': u'0x0003c000', u'virtual_address': u'0x00001000', u'entropy': 7.9919199392600335, u'name': u'.text', u'virtual_size': u'0x0003be44'} | entropy | 7.99191993926 | description | A section with a high entropy has been found | |||||||||
entropy | 1.0 | description | Overall entropy of this PE file is high |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Formbook.l!c |
Elastic | malicious (high confidence) |
DrWeb | Trojan.Inject4.64351 |
MicroWorld-eScan | Gen:Variant.Zusy.460032 |
FireEye | Generic.mg.7630a755b70921f9 |
Skyhigh | BehavesLike.Win32.Generic.dc |
ALYac | Gen:Variant.Zusy.460032 |
Malwarebytes | Spyware.FormBook |
VIPRE | Gen:Variant.Zusy.460032 |
Sangfor | Spyware.Win32.Formbook.Vl9i |
K7AntiVirus | Trojan ( 00536d121 ) |
BitDefender | Gen:Variant.Zusy.460032 |
K7GW | Trojan ( 00536d121 ) |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.Zusy.D70500 |
BitDefenderTheta | Gen:NN.ZexaF.36792.peX@aaNRV2f |
VirIT | Trojan.Win32.GenusT.DTQP |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Formbook.AA |
APEX | Malicious |
Cynet | Malicious (score: 100) |
Kaspersky | Trojan-Spy.Win32.Noon.bfdm |
Alibaba | Trojan:Win32/FormBook.f7b8d397 |
Rising | Spyware.Noon!8.E7C9 (TFE:3:u7ALXQCfWED) |
Sophos | Troj/Formbook-A |
F-Secure | Trojan.TR/Crypt.ZPACK.Gen |
TrendMicro | TROJ_GEN.R06CC0DKE23 |
Trapmine | malicious.moderate.ml.score |
Emsisoft | Gen:Variant.Zusy.460032 (B) |
Ikarus | Win32.Outbreak |
Detected | |
Avira | TR/Crypt.ZPACK.Gen |
Antiy-AVL | Trojan/Win32.Formbook |
Kingsoft | Win32.Troj.Undef.a |
Gridinsoft | Spy.Win32.Keylogger.sa |
Microsoft | Trojan:Win32/FormBook.AFK!MTB |
ZoneAlarm | Trojan-Spy.Win32.Noon.bfdm |
GData | Win32.Trojan.PSE.11JTEDN |
Varist | W32/Formbook.AG.gen!Eldorado |
AhnLab-V3 | Trojan/Win.FormBook.R619333 |
VBA32 | Malware-Cryptor.General.3 |
MAX | malware (ai score=88) |
DeepInstinct | MALICIOUS |
Cylance | unsafe |
Panda | Trj/CI.A |
TrendMicro-HouseCall | TROJ_GEN.R06CC0DKE23 |
Tencent | Win32.Trojan-Spy.Noon.Gjgl |
SentinelOne | Static AI - Malicious PE |
MaxSecure | Trojan.Malware.300983.susgen |