Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Nov. 27, 2023, 9:23 a.m. | Nov. 27, 2023, 9:38 a.m. |
-
-
-
pedchgywx.exe "C:\Users\test22\AppData\Local\Temp\pedchgywx.exe"
2696
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.office-honu.com | 163.44.185.180 | |
www.studio352events.com | 208.91.197.132 | |
www.merelweb.com | 172.67.158.89 | |
www.earthdatascape.com |
CNAME
earthdatascape.com
|
62.149.128.45 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49170 -> 208.91.197.132:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49166 -> 163.44.185.180:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49167 -> 104.21.82.142:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49173 -> 62.149.128.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.office-honu.com/t2ti/?tXxh=tZ9f+xkGPYGlMQD6QUQgW7Bu5011mP3F3RfKADEubwWsw8RZnTP/abNvRo2Y4yuWOfFkav01&U48Hj=Nte0PL1048jDrzg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.merelweb.com/t2ti/?tXxh=BOOThCPjnUM7lSCFBnH2BimjClSgW0h7VqsAOgTwhlCUKhxaVw8OFbF4wmCxnm287AtkZOd7&U48Hj=Nte0PL1048jDrzg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.studio352events.com/t2ti/?tXxh=8VRVJ2RxNdqDCe39p/mzazLWBvMIpzi1TvcwnZg1FNPprXhJpJwCdr2o+lwBqF61wTFgCK1+&U48Hj=Nte0PL1048jDrzg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.earthdatascape.com/t2ti/?tXxh=kstlMeg9IcwzJYyFLKGxy4q3LInO5BAGxn+RlyiQLQgBmQ7dbCQPEHLv7OQh7nVjyOSdc9Py&U48Hj=Nte0PL1048jDrzg |
request | GET http://www.office-honu.com/t2ti/?tXxh=tZ9f+xkGPYGlMQD6QUQgW7Bu5011mP3F3RfKADEubwWsw8RZnTP/abNvRo2Y4yuWOfFkav01&U48Hj=Nte0PL1048jDrzg |
request | GET http://www.merelweb.com/t2ti/?tXxh=BOOThCPjnUM7lSCFBnH2BimjClSgW0h7VqsAOgTwhlCUKhxaVw8OFbF4wmCxnm287AtkZOd7&U48Hj=Nte0PL1048jDrzg |
request | GET http://www.studio352events.com/t2ti/?tXxh=8VRVJ2RxNdqDCe39p/mzazLWBvMIpzi1TvcwnZg1FNPprXhJpJwCdr2o+lwBqF61wTFgCK1+&U48Hj=Nte0PL1048jDrzg |
request | GET http://www.earthdatascape.com/t2ti/?tXxh=kstlMeg9IcwzJYyFLKGxy4q3LInO5BAGxn+RlyiQLQgBmQ7dbCQPEHLv7OQh7nVjyOSdc9Py&U48Hj=Nte0PL1048jDrzg |
file | C:\Users\test22\AppData\Local\Temp\pedchgywx.exe |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Strab.4!c |
MicroWorld-eScan | Trojan.NSISX.Spy.Gen.24 |
Skyhigh | BehavesLike.Win32.Trojan.gc |
McAfee | RDN/Generic.dx |
Malwarebytes | Spyware.AgentTesla |
VIPRE | Trojan.NSISX.Spy.Gen.24 |
Sangfor | Trojan.Win32.Strab.Vjpm |
Alibaba | Trojan:Win32/Guloader.b3fb8f9b |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Injector.ETMM |
APEX | Malicious |
Kaspersky | HEUR:Trojan.Win32.Strab.gen |
BitDefender | Trojan.NSISX.Spy.Gen.24 |
Avast | Win32:MalwareX-gen [Trj] |
Tencent | Win32.Trojan.Strab.Pcnw |
Emsisoft | Trojan.NSISX.Spy.Gen.24 (B) |
DrWeb | Trojan.Loader.1550 |
TrendMicro | Ransom.Win32.GULOADER.USBLKQ23 |
FireEye | Generic.mg.cf52e32f7257ad06 |
Sophos | Mal/Generic-S |
Ikarus | Trojan.MSIL.Inject |
Webroot | W32.Trojan.NSISX.Spy |
Detected | |
Avira | TR/AD.GenShell.dwjyc |
Varist | W32/ABRisk.EGPX-0756 |
Kingsoft | malware.kb.a.945 |
Microsoft | Trojan:Win32/Guloader.SMTK!MTB |
Gridinsoft | Trojan.Win32.FormBook.tr |
Arcabit | Trojan.NSISX.Spy.Gen.24 [many] |
ViRobot | Trojan.Win.Z.Strab.467872 |
ZoneAlarm | HEUR:Trojan.Win32.Strab.gen |
GData | Win32.Trojan.Agent.12FJA7 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Malware/Win.Generic.C5551419 |
BitDefenderTheta | Gen:NN.ZexaF.36792.GyW@ailve9p |
ALYac | Gen:Heur.Mint.Zard.55 |
MAX | malware (ai score=83) |
VBA32 | BScope.Trojan.Strab |
Cylance | unsafe |
Panda | Trj/Chgt.AD |
TrendMicro-HouseCall | TROJ_GEN.R014C0DKQ23 |
Rising | Trojan.Strab!8.12D03 (TFE:5:qCpbHD75FAV) |
Fortinet | NSIS/Agent.DCAC!tr |
AVG | Win32:MalwareX-gen [Trj] |
DeepInstinct | MALICIOUS |
CrowdStrike | win/malicious_confidence_100% (W) |