Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Nov. 26, 2023, 1:31 p.m. | Nov. 26, 2023, 1:40 p.m. |
-
-
-
pujipqto.exe "C:\Users\test22\AppData\Local\Temp\pujipqto.exe"
2128
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.tron-pk.xyz | 172.67.152.75 | |
www.salvanandcie.com |
CNAME
cdn1.wixdns.net
|
34.149.87.45 |
www.rykuruh.cfd | ||
www.texwwfrx.com | 104.21.88.236 | |
www.free-indeed.faith | 91.195.240.19 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49171 -> 104.21.32.135:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49171 -> 104.21.32.135:80 | 2031088 | ET HUNTING Request to .XYZ Domain with Minimal Headers | Potentially Bad Traffic |
TCP 192.168.56.103:49166 -> 34.149.87.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49169 -> 172.67.154.55:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49167 -> 91.195.240.19:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.salvanandcie.com/tb8i/?-ZeTi6B=UMOMUPRltOuIOavlOV9TAbzOI3NyPSxU0IiF98vYZIoJYysmNQovnALCNihIDsZ76SkBnDz1&2d=lnxh | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.free-indeed.faith/tb8i/?-ZeTi6B=mjsfGumS0MCj+go/ckdO0h+daXKQjTCMjol4fCy+GQ9z9EIRohWOFaX9TAL/50qANRa4gnnD&2d=lnxh | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.texwwfrx.com/tb8i/?-ZeTi6B=zluqp2Qif7Juk0jSJTDTdhTVgLgB+eVfrKJdSE4Bz8PdBwx7LJWv3E/FDzXvfZ8eIpu6oPdn&2d=lnxh | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.tron-pk.xyz/tb8i/?-ZeTi6B=5rJxyOnP1GB0ESD4ttWy9/4jFy42toRxagw3E+bnB/pmFdmTHJRzMwLMKKbb+ploXs+4W+sP&2d=lnxh |
request | GET http://www.salvanandcie.com/tb8i/?-ZeTi6B=UMOMUPRltOuIOavlOV9TAbzOI3NyPSxU0IiF98vYZIoJYysmNQovnALCNihIDsZ76SkBnDz1&2d=lnxh |
request | GET http://www.free-indeed.faith/tb8i/?-ZeTi6B=mjsfGumS0MCj+go/ckdO0h+daXKQjTCMjol4fCy+GQ9z9EIRohWOFaX9TAL/50qANRa4gnnD&2d=lnxh |
request | GET http://www.texwwfrx.com/tb8i/?-ZeTi6B=zluqp2Qif7Juk0jSJTDTdhTVgLgB+eVfrKJdSE4Bz8PdBwx7LJWv3E/FDzXvfZ8eIpu6oPdn&2d=lnxh |
request | GET http://www.tron-pk.xyz/tb8i/?-ZeTi6B=5rJxyOnP1GB0ESD4ttWy9/4jFy42toRxagw3E+bnB/pmFdmTHJRzMwLMKKbb+ploXs+4W+sP&2d=lnxh |
file | C:\Users\test22\AppData\Local\Temp\pujipqto.exe |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Strab.4!c |
DrWeb | Trojan.Loader.1550 |
MicroWorld-eScan | Trojan.GenericKD.70578826 |
FireEye | Trojan.GenericKD.70578826 |
Skyhigh | BehavesLike.Win32.BadFile.gc |
ALYac | Gen:Heur.Mint.Zard.55 |
Cylance | unsafe |
Sangfor | Trojan.Win32.Agent.V7xr |
K7AntiVirus | Trojan ( 005ae5eb1 ) |
Alibaba | Trojan:Win32/Strab.bd9486e6 |
K7GW | Trojan ( 005ae5eb1 ) |
CrowdStrike | win/malicious_confidence_100% (W) |
BitDefenderTheta | Gen:NN.ZexaF.36792.GyW@aW0sFpp |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Injector.ETMM |
Cynet | Malicious (score: 99) |
APEX | Malicious |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Trojan.GenericKD.70578826 |
Avast | Win32:MalwareX-gen [Trj] |
Tencent | Win32.Trojan.Strab.Pqil |
Emsisoft | Trojan.GenericKD.70578826 (B) |
F-Secure | Trojan.TR/AD.GenShell.ysgqj |
VIPRE | Gen:Variant.Nemesis.1955 |
Sophos | Mal/Generic-S |
Webroot | W32.Malware.Gen |
Avira | TR/AD.GenShell.ysgqj |
Antiy-AVL | Trojan/Win32.Injector |
Kingsoft | Win32.Troj.Unknown.a |
Microsoft | Trojan:Win32/Guloader.SMTK!MTB |
Gridinsoft | Ransom.Win32.Wacatac.sa |
Arcabit | Trojan.Generic.D434F28A |
ZoneAlarm | HEUR:Trojan.Win32.Strab.gen |
GData | Win32.Trojan.Agent.JR9Z8Z |
Varist | W32/ABRisk.TJBM-4704 |
AhnLab-V3 | Malware/Win.Generic.C5551419 |
McAfee | RDN/Generic.dx |
MAX | malware (ai score=85) |
VBA32 | BScope.Trojan.Strab |
Malwarebytes | Spyware.AgentTesla |
Panda | Trj/Chgt.AD |
Rising | Trojan.Strab!8.12D03 (TFE:5:qCpbHD75FAV) |
Ikarus | Trojan.MSIL.Inject |
Fortinet | NSIS/Agent.DCAC!tr |
AVG | Win32:MalwareX-gen [Trj] |
DeepInstinct | MALICIOUS |