Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Jan. 10, 2024, 7:56 a.m. | Jan. 10, 2024, 8:01 a.m. |
-
288c47bbc187122b439df19ff4df68f076.exe "C:\Users\test22\AppData\Local\Temp\288c47bbc187122b439df19ff4df68f076.exe"
2556-
-
BroomSetup.exe C:\Users\test22\AppData\Local\Temp\BroomSetup.exe
2788 -
nsc4CA7.tmp C:\Users\test22\AppData\Local\Temp\nsc4CA7.tmp
2996
-
-
288c47bbc1871b439df19ff4df68f076.exe "C:\Users\test22\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
2684
-
Name | Response | Post-Analysis Lookup |
---|---|---|
iplogger.com | 172.67.188.178 | |
api.ipify.org |
CNAME
api4.ipify.org
|
64.185.227.156 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:50064 104.21.76.57:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=iplogger.com | 58:f1:b8:44:37:6f:27:f8:01:6a:79:0e:7e:47:5b:b5:88:ec:1d:cc |
suspicious_features | Connection to IP address | suspicious_request | GET http://185.172.128.53/syncUpd.exe |
request | GET http://api.ipify.org/?format=dfg |
request | GET http://185.172.128.53/syncUpd.exe |
request | GET https://iplogger.com/19nVA4 |
domain | api.ipify.org |
file | C:\Users\test22\AppData\Local\Temp\nscF416.tmp\INetC.dll |
file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
file | C:\Users\test22\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe |
file | C:\Users\test22\AppData\Local\Temp\InstallSetup9.exe |
file | C:\Users\test22\AppData\Local\Temp\nscF416.tmp\Math.dll |
file | C:\Users\test22\AppData\Local\Temp\InstallSetup9.exe |
file | C:\Users\test22\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe |
file | C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe |
file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
file | C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\winamp58_3660_beta_full_en-us[1].exe |
file | C:\Users\test22\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe |
file | C:\Users\test22\AppData\Local\Temp\288c47bbc187122b439df19ff4df68f076.exe |
file | C:\Users\test22\AppData\Local\Temp\nscF416.tmp\Math.dll |
file | C:\Users\test22\AppData\Local\Temp\nsc4CA7.tmp |
file | C:\Users\test22\AppData\Local\Temp\InstallSetup9.exe |
file | C:\Users\test22\AppData\Local\Temp\nscF416.tmp\INetC.dll |
section | {u'size_of_data': u'0x00698400', u'virtual_address': u'0x00002000', u'entropy': 7.976002646896117, u'name': u'.text', u'virtual_size': u'0x00698234'} | entropy | 7.9760026469 | description | A section with a high entropy has been found | |||||||||
entropy | 0.99970392302 | description | Overall entropy of this PE file is high |
host | 185.172.128.53 | |||
host | 91.92.255.226 |
file | C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe |
file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
file | C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf |
file | c:\Windows\Temp\fwtsqmfile01.sqm |
file | C:\Windows\Prefetch\INJECT-X86.EXE-6FB1ED76.pf |
file | C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf |
file | C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf |
file | c:\Windows\Temp\fwtsqmfile00.sqm |
file | C:\Windows\Prefetch\RUNDLL32.EXE-87432CEE.pf |
file | C:\Windows\Prefetch\RUNDLL32.EXE-7BCB21A1.pf |
file | C:\Windows\Prefetch\INJECT-X64.EXE-AAEEB6EB.pf |
file | C:\Windows\Prefetch\Layout.ini |
file | C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf |
file | C:\Users\test22\AppData\Local\Temp\~DF8C0F100C7231519A.TMP |
file | C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf |
file | C:\Windows\Prefetch\SETUP.EXE-A9A86358.pf |
file | C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf |
file | C:\Windows\Prefetch\288C47BBC1871B439DF19FF4DF68F-1A38A6C2.pf |
file | C:\Windows\Prefetch\SVCHOST.EXE-CF79EE4C.pf |
file | C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf |
file | C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf |
file | C:\Windows\Prefetch\PING.EXE-7E94E73E.pf |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\uglified_jindo[1].js |
file | C:\Windows\Prefetch\ReadyBoot\Trace9.fx |
file | C:\Windows\Prefetch\SETUP-STUB.EXE-8F842224.pf |
file | C:\Windows\Prefetch\288C47BBC187122B439DF19FF4DF6-92B82F76.pf |
file | C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf |
file | C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf |
file | C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf |
file | C:\Windows\Prefetch\ReadyBoot\Trace1.fx |
file | C:\Windows\Prefetch\AgGlGlobalHistory.db |
file | C:\Windows\Prefetch\DEFAULT-BROWSER-AGENT.EXE-01C82E17.pf |
file | C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf |
file | C:\Windows\Prefetch\ReadyBoot\Trace8.fx |
file | C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf |
file | C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf |
file | C:\Windows\Prefetch\SVCHOST.EXE-5901D5E8.pf |
file | C:\Windows\Prefetch\MMC.EXE-561C5A40.pf |
file | C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT |
file | C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf |
file | C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf |
file | C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf |
file | C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000009.log |
file | C:\Windows\Prefetch\SVCHOST.EXE-A1476A17.pf |
file | C:\Windows\Prefetch\PfSvPerfStats.bin |
file | C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf |
file | C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf |
file | C:\Windows\Prefetch\EDITPLUS.EXE-BB0BC86D.pf |
file | C:\Windows\Prefetch\MPCMDRUN.EXE-6AA90EA5.pf |
file | C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf |
file | C:\Users\test22\AppData\Local\Temp\SetupExe(20200504224110B04).log |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\dthumb[10].jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\dthumb[3].png |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\dropbox_logo_text_2015-vfld7_dJ8[1].svg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\013[1].png |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\sprite-20210713@2x[2].png |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\7028d2d448816aeaab0e_20211029092933036[1].jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\spr_lft_white_150916[1].png |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\AdPostInjectAsync[1].nhn |
file | c:\Windows\Temp\fwtsqmfile01.sqm |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\dthumbCAUKPFFO.jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\m_920_294_0729[1].png |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\cropImg_196x196_38699317823237099[1].jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\e84a7e15-e6a9-41ec-9eb7-883e9b5e7249[1].jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\348acc74d7ad9acbdda7_20211101182838273[1].jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\1_237[1].png |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\favicon[3].png |
file | C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\dthumb[9].jpg |
file | C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf |
file | C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548_000_vcRuntimeMinimum_x64.log |
file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\desktop.ini |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jquery-1.12.4.min_v1[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\w[1].css |
file | C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\S6uyw4BMUTPHjx4wWA[1].woff |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\icon_spacer-vflN3BYt2[1].gif |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\3a7f4c4cb962a54fae75_20200728093632144[1].jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\cropImg_728x360_77691188554226350[1].jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\8c9b6e5b-4abb-45c6-9aa7-aa28806e8e84[1].jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\TopNav[1].js |
file | C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\adf7905c-28ea-4ddf-93b2-aa96dad57752[1].jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\977[1].png |
file | C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\015[1].png |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\dthumbCAR5WT7S.jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\smart_editor2.me.min.200716[1].css |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\ipsec[3].htm |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\nsd13728808[1].png |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\327[1].png |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\sample-doc-download[1].htm |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\SOC-Facebook[1].png |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f[2].txt |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\images[1].png |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f1e83251-9248-4d4e-8d2e-d1505a55bc83[1].jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\3de5642a-2629-4625-9a63-d96768537b11[1].jpg |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\keys_js5[2].htm |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\974[1].png |
file | C:\Windows\Prefetch\VBOXDRVINST.EXE-7DCD6070.pf |
dead_host | 91.92.255.226:80 |
Bkav | W32.AIDetectMalware.CS |
Lionic | Trojan.Win32.ShortLoader.a!c |
DrWeb | Trojan.MulDropNET.43 |
MicroWorld-eScan | IL:Trojan.MSILZilla.9891 |
Skyhigh | BehavesLike.Win32.Generic.vc |
McAfee | GenericRXPI-VQ!D872AD98CE3E |
Cylance | unsafe |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Ransomware ( 005a8b921 ) |
Alibaba | TrojanDownloader:MSIL/Mokes.51aef0a1 |
K7GW | Ransomware ( 005a8b921 ) |
Cybereason | malicious.ac6545 |
BitDefenderTheta | Gen:NN.ZemsilF.36680.@p0@aC@zlvf |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of MSIL/Agent.UZA |
APEX | Malicious |
ClamAV | Win.Packed.Msilzilla-10018301-0 |
Kaspersky | HEUR:Trojan-Downloader.MSIL.ShortLoader.gen |
BitDefender | IL:Trojan.MSILZilla.9891 |
Avast | Win32:DropperX-gen [Drp] |
Tencent | Msil.Trojan-Downloader.Shortloader.Ximw |
Emsisoft | IL:Trojan.MSILZilla.9891 (B) |
F-Secure | Heuristic.HEUR/AGEN.1365025 |
VIPRE | IL:Trojan.MSILZilla.9891 |
TrendMicro | Trojan.Win32.SMOKELOADER.YXEAIZ |
Sophos | Troj/ILAgent-I |
Ikarus | Trojan.MSIL.Krypt |
Webroot | W32.Trojan.MSILZilla |
Detected | |
Avira | HEUR/AGEN.1365025 |
Varist | W32/MSIL_Kryptik.FFY.gen!Eldorado |
Kingsoft | MSIL.Trojan-Downloader.ShortLoader.gen |
Microsoft | Trojan:MSIL/Mokes.B!MTB |
Gridinsoft | Trojan.Win32.Downloader.ns |
Xcitium | Malware@#ngtmjep2aye9 |
Arcabit | IL:Trojan.MSILZilla.D26A3 |
ZoneAlarm | HEUR:Trojan-Downloader.MSIL.ShortLoader.gen |
GData | IL:Trojan.MSILZilla.9891 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Malware/Win.Generic.C4478643 |
VBA32 | Trojan.MSIL.Injector.gen |
Malwarebytes | Trojan.Crypt.MSIL.Generic |
Panda | Trj/GdSda.A |
TrendMicro-HouseCall | Trojan.Win32.SMOKELOADER.YXEAIZ |
Rising | Trojan.AntiVM!1.CF63 (CLASSIC) |
SentinelOne | Static AI - Malicious PE |
Fortinet | MSIL/GenKryptik.FFMZ!tr |
AVG | Win32:DropperX-gen [Drp] |
DeepInstinct | MALICIOUS |