288c47bbc187111b439df19ff4df68f076.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Jan. 6, 2024, 10:33 a.m. | Jan. 6, 2024, 10:36 a.m. |
-
288c47bbc187111b439df19ff4df68f076.exe "C:\Users\test22\AppData\Local\Temp\288c47bbc187111b439df19ff4df68f076.exe"
2548-
-
BroomSetup.exe C:\Users\test22\AppData\Local\Temp\BroomSetup.exe
2772 -
nso107.tmp C:\Users\test22\AppData\Local\Temp\nso107.tmp
2884
-
-
288c47bbc1871b439df19ff4df68f076.exe "C:\Users\test22\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
2684
-
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| api.ipify.org |
CNAME
api4.ipify.org
|
173.231.16.77 |
Suricata Alerts
Suricata TLS
No Suricata TLS
| suspicious_features | Connection to IP address | suspicious_request | GET http://91.92.254.7/scripts/plus.php?ip=175.208.134.152&substr=nine&s=ab | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://185.172.128.53/syncUpd.exe | ||||||
| request | GET http://api.ipify.org/?format=dfg |
| request | GET http://91.92.254.7/scripts/plus.php?ip=175.208.134.152&substr=nine&s=ab |
| request | GET http://185.172.128.53/syncUpd.exe |
| domain | api.ipify.org |
| file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
| file | C:\Users\test22\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe |
| file | C:\Users\test22\AppData\Local\Temp\InstallSetup9.exe |
| file | C:\Users\test22\AppData\Local\Temp\nsaF7A0.tmp\INetC.dll |
| file | C:\Users\test22\AppData\Local\Temp\InstallSetup9.exe |
| file | C:\Users\test22\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe |
| file | C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe |
| file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
| file | C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\winamp58_3660_beta_full_en-us[1].exe |
| file | C:\Users\test22\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\syncUpd[1].exe |
| file | C:\Users\test22\AppData\Local\Temp\nso107.tmp |
| file | C:\Users\test22\AppData\Local\Temp\288c47bbc187111b439df19ff4df68f076.exe |
| file | C:\Users\test22\AppData\Local\Temp\nsaF7A0.tmp\INetC.dll |
| file | C:\Users\test22\AppData\Local\Temp\InstallSetup9.exe |
| section | {u'size_of_data': u'0x00675a00', u'virtual_address': u'0x00002000', u'entropy': 7.987804083877921, u'name': u'.text', u'virtual_size': u'0x00675844'} | entropy | 7.98780408388 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.999697725384 | description | Overall entropy of this PE file is high | |||||||||||
| host | 185.172.128.53 | |||
| host | 91.92.254.7 | |||
| file | C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe |
| file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
| file | C:\Windows\Prefetch\INSTALLSETUP9.EXE-BA053EC2.pf |
| file | C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf |
| file | c:\Windows\Temp\fwtsqmfile01.sqm |
| file | C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf |
| file | C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf |
| file | c:\Windows\Temp\fwtsqmfile00.sqm |
| file | C:\Windows\Prefetch\RUNDLL32.EXE-87432CEE.pf |
| file | C:\Windows\Prefetch\RUNDLL32.EXE-7BCB21A1.pf |
| file | C:\Windows\Prefetch\INJECT-X64.EXE-AAEEB6EB.pf |
| file | C:\Windows\Prefetch\Layout.ini |
| file | C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf |
| file | C:\Users\test22\AppData\Local\Temp\~DF8C0F100C7231519A.TMP |
| file | C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf |
| file | C:\Windows\Prefetch\SETUP.EXE-A9A86358.pf |
| file | C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf |
| file | C:\Windows\Prefetch\SVCHOST.EXE-CF79EE4C.pf |
| file | C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf |
| file | C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf |
| file | C:\Windows\Prefetch\PING.EXE-7E94E73E.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\uglified_jindo[1].js |
| file | C:\Windows\Prefetch\ReadyBoot\Trace9.fx |
| file | C:\Windows\Prefetch\SETUP-STUB.EXE-8F842224.pf |
| file | C:\Windows\Prefetch\288C47BBC187111B439DF19FF4DF6-33CCB524.pf |
| file | C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf |
| file | C:\Windows\Prefetch\PW.EXE-1D40DDAD.pf |
| file | C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf |
| file | C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf |
| file | C:\Windows\Prefetch\ReadyBoot\Trace1.fx |
| file | C:\Windows\Prefetch\AgGlGlobalHistory.db |
| file | C:\Windows\Prefetch\DEFAULT-BROWSER-AGENT.EXE-01C82E17.pf |
| file | C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf |
| file | C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf |
| file | C:\Windows\Prefetch\ReadyBoot\Trace8.fx |
| file | C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf |
| file | C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf |
| file | C:\Windows\Prefetch\SVCHOST.EXE-5901D5E8.pf |
| file | C:\Windows\Prefetch\MMC.EXE-561C5A40.pf |
| file | C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT |
| file | C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf |
| file | C:\Windows\Prefetch\INJECT-X64.EXE-7E2195F2.pf |
| file | C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf |
| file | C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf |
| file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000009.log |
| file | C:\Windows\Prefetch\SVCHOST.EXE-A1476A17.pf |
| file | C:\Windows\Prefetch\PfSvPerfStats.bin |
| file | C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf |
| file | C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf |
| file | C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf |
| file | C:\Windows\Prefetch\EDITPLUS.EXE-BB0BC86D.pf |
| file | C:\Users\test22\AppData\Local\Temp\nsaF79F.tmp |
| file | C:\Users\test22\AppData\Local\Temp\nspF675.tmp |
| file | C:\Users\test22\AppData\Local\Temp\nsaF7A0.tmp |
| file | C:\Users\test22\AppData\Local\Temp\SetupExe(20200504224110B04).log |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\dthumb[10].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\dthumb[3].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\dropbox_logo_text_2015-vfld7_dJ8[1].svg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\013[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\sprite-20210713@2x[2].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\7028d2d448816aeaab0e_20211029092933036[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\spr_lft_white_150916[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\AdPostInjectAsync[1].nhn |
| file | c:\Windows\Temp\fwtsqmfile01.sqm |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\dthumbCAUKPFFO.jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\m_920_294_0729[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\cropImg_196x196_38699317823237099[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\e84a7e15-e6a9-41ec-9eb7-883e9b5e7249[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\348acc74d7ad9acbdda7_20211101182838273[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\1_237[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\favicon[3].png |
| file | C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\dthumb[9].jpg |
| file | C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf |
| file | C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548_000_vcRuntimeMinimum_x64.log |
| file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\desktop.ini |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jquery-1.12.4.min_v1[1].js |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\w[1].css |
| file | C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\S6uyw4BMUTPHjx4wWA[1].woff |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\icon_spacer-vflN3BYt2[1].gif |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\3a7f4c4cb962a54fae75_20200728093632144[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\cropImg_728x360_77691188554226350[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\8c9b6e5b-4abb-45c6-9aa7-aa28806e8e84[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\TopNav[1].js |
| file | C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\adf7905c-28ea-4ddf-93b2-aa96dad57752[1].jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\977[1].png |
| file | C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\015[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\dthumbCAR5WT7S.jpg |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\smart_editor2.me.min.200716[1].css |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\ipsec[3].htm |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\nsd13728808[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\327[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\sample-doc-download[1].htm |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\SOC-Facebook[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f[2].txt |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\images[1].png |
| file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f1e83251-9248-4d4e-8d2e-d1505a55bc83[1].jpg |
| file | C:\Windows\Prefetch\VBOXDRVINST.EXE-7DCD6070.pf |
| Bkav | W32.AIDetectMalware.CS |
| Lionic | Trojan.Win32.ShortLoader.a!c |
| MicroWorld-eScan | IL:Trojan.MSILZilla.9891 |
| Skyhigh | BehavesLike.Win32.Generic.vc |
| McAfee | GenericRXPI-VQ!9DC46160B805 |
| Malwarebytes | Trojan.Crypt.MSIL.Generic |
| VIPRE | IL:Trojan.MSILZilla.9891 |
| Sangfor | Trojan.Win32.Save.a |
| K7AntiVirus | Ransomware ( 005a8b921 ) |
| Alibaba | TrojanDownloader:MSIL/Mokes.64bdbe1e |
| K7GW | Ransomware ( 005a8b921 ) |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Arcabit | IL:Trojan.MSILZilla.D26A3 |
| Symantec | ML.Attribute.HighConfidence |
| Elastic | malicious (high confidence) |
| ESET-NOD32 | a variant of MSIL/Agent.UZA |
| APEX | Malicious |
| Kaspersky | HEUR:Trojan-Downloader.MSIL.ShortLoader.gen |
| BitDefender | IL:Trojan.MSILZilla.9891 |
| NANO-Antivirus | Trojan.Win32.ShortLoader.kgmlsg |
| Avast | Win32:DropperX-gen [Drp] |
| Rising | Trojan.AntiVM!1.CF63 (CLASSIC) |
| Emsisoft | IL:Trojan.MSILZilla.9891 (B) |
| F-Secure | Heuristic.HEUR/AGEN.1365025 |
| DrWeb | Trojan.MulDropNET.43 |
| TrendMicro | Trojan.Win32.SMOKELOADER.YXEADZ |
| Sophos | Troj/ILAgent-I |
| Ikarus | Trojan.MSIL.Krypt |
| Webroot | W32.Trojan.MSILZilla |
| Detected | |
| Avira | HEUR/AGEN.1365025 |
| Varist | W32/MSIL_Kryptik.FFY.gen!Eldorado |
| Kingsoft | MSIL.Trojan-Downloader.ShortLoader.gen |
| Gridinsoft | Malware.Win32.Downloader.cc |
| Microsoft | Trojan:MSIL/Mokes.B!MTB |
| ZoneAlarm | HEUR:Trojan-Downloader.MSIL.ShortLoader.gen |
| GData | IL:Trojan.MSILZilla.9891 |
| Cynet | Malicious (score: 100) |
| AhnLab-V3 | Malware/Win.Generic.C4478643 |
| BitDefenderTheta | Gen:NN.ZemsilF.36680.@p0@aW8XMFj |
| MAX | malware (ai score=80) |
| Cylance | unsafe |
| Panda | Trj/GdSda.A |
| TrendMicro-HouseCall | Trojan.Win32.SMOKELOADER.YXEADZ |
| Tencent | Msil.Trojan-Downloader.Shortloader.Ekjl |
| SentinelOne | Static AI - Malicious PE |
| MaxSecure | Trojan.Malware.300983.susgen |
| Fortinet | MSIL/GenKryptik.FFMZ!tr |
| AVG | Win32:DropperX-gen [Drp] |
| Cybereason | malicious.06e8c2 |