Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Jan. 25, 2024, 8:51 a.m. | Jan. 25, 2024, 8:55 a.m. |
-
bin.exe "C:\Users\test22\AppData\Local\Temp\bin.exe"
800
Name | Response | Post-Analysis Lookup |
---|---|---|
www.gattgraphic.com |
CNAME
cdn1.wixdns.net
|
34.149.87.45 |
www.bruderhertz.art | ||
www.family-doctor-79417.com | 103.224.212.213 | |
www.martinkeyword.top | 172.67.154.225 | |
www.zhangnational.site | 104.21.49.198 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.103:52760 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
TCP 192.168.56.103:49164 -> 104.21.6.136:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
TCP 192.168.56.103:49164 -> 104.21.6.136:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49164 -> 104.21.6.136:80 | 2031089 | ET HUNTING Request to .TOP Domain with Minimal Headers | Potentially Bad Traffic |
TCP 192.168.56.103:49167 -> 172.67.166.205:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49166 -> 103.224.212.213:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
TCP 192.168.56.103:49165 -> 34.149.87.45:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.martinkeyword.top/b21s/?LZa0=0tEjvMOQZ1u+KiVdVD9NMdDqyg4NNl7IsBZDKOPbb44psP0R1uri9OUTuHQ9LNmBSi0J17UR&uTux=njoTZ26xmz | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.gattgraphic.com/b21s/?LZa0=EodxxVnP6AALhCm6PMojoLYK50H/6a9ovP9+wbqeR1Lo4rltyls8iqRv+JR8KYWFAhTe4tyj&uTux=njoTZ26xmz | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.family-doctor-79417.com/b21s/?LZa0=Mxt8ckLWX1wN0TXkckU8PS2/S2ul7U/m+MSjsB7vFpbxPb8t47jkcaQcBHmi0NSFrzd3m2nN&uTux=njoTZ26xmz | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.zhangnational.site/b21s/?LZa0=y0Dj+cpzYNB0KREV3i9vRRBmemYalAwO39f2/WBFUnsbQy2Uen8j2v8X32Jt1Fp/TC7TXkMI&uTux=njoTZ26xmz |
request | GET http://www.martinkeyword.top/b21s/?LZa0=0tEjvMOQZ1u+KiVdVD9NMdDqyg4NNl7IsBZDKOPbb44psP0R1uri9OUTuHQ9LNmBSi0J17UR&uTux=njoTZ26xmz |
request | GET http://www.gattgraphic.com/b21s/?LZa0=EodxxVnP6AALhCm6PMojoLYK50H/6a9ovP9+wbqeR1Lo4rltyls8iqRv+JR8KYWFAhTe4tyj&uTux=njoTZ26xmz |
request | GET http://www.family-doctor-79417.com/b21s/?LZa0=Mxt8ckLWX1wN0TXkckU8PS2/S2ul7U/m+MSjsB7vFpbxPb8t47jkcaQcBHmi0NSFrzd3m2nN&uTux=njoTZ26xmz |
request | GET http://www.zhangnational.site/b21s/?LZa0=y0Dj+cpzYNB0KREV3i9vRRBmemYalAwO39f2/WBFUnsbQy2Uen8j2v8X32Jt1Fp/TC7TXkMI&uTux=njoTZ26xmz |
domain | www.martinkeyword.top | description | Generic top level domain TLD |
section | {u'size_of_data': u'0x0002d400', u'virtual_address': u'0x00001000', u'entropy': 7.401692454615399, u'name': u'.text', u'virtual_size': u'0x0002d214'} | entropy | 7.40169245462 | description | A section with a high entropy has been found | |||||||||
entropy | 1.0 | description | Overall entropy of this PE file is high |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Formbook.4!c |
Elastic | Windows.Trojan.Diceloader |
Cynet | Malicious (score: 100) |
CAT-QuickHeal | Trojan.GenericPMF.S31790698 |
Skyhigh | BehavesLike.Win32.Generic.cc |
McAfee | GenericRXCD-ZZ!D36B9ED936C5 |
Cylance | unsafe |
VIPRE | Gen:Variant.Lazy.425031 |
Sangfor | Suspicious.Win32.Save.a |
K7AntiVirus | Trojan ( 00536d121 ) |
BitDefender | Gen:Variant.Lazy.425031 |
K7GW | Trojan ( 00536d121 ) |
Cybereason | malicious.8c90f0 |
Arcabit | Trojan.Lazy.D67C47 |
Symantec | Trojan.Formbook |
ESET-NOD32 | a variant of Win32/Formbook.AL |
APEX | Malicious |
Avast | Win32:Formbook-B [Trj] |
ClamAV | Win.Malware.Formbook-7399661-0 |
Kaspersky | HEUR:Trojan.Win32.Generic |
NANO-Antivirus | Virus.Win32.Gen.ccmw |
SUPERAntiSpyware | Trojan.Agent/Gen-Crypt |
MicroWorld-eScan | Gen:Variant.Lazy.425031 |
Rising | Stealer.Formbook!1.C470 (CLASSIC) |
Emsisoft | Gen:Variant.Lazy.425031 (B) |
F-Secure | Trojan.TR/Crypt.ZPACK.Gen |
DrWeb | Trojan.Siggen9.48175 |
TrendMicro | TrojanSpy.Win32.FORMBOOK.SMYXDDE |
FireEye | Generic.mg.d36b9ed936c51fc6 |
Sophos | Troj/Formbook-A |
Ikarus | Trojan.Win32.Formbook |
Webroot | W32.Malware.gen |
Detected | |
Avira | TR/Crypt.ZPACK.Gen |
MAX | malware (ai score=81) |
Antiy-AVL | Trojan/Win32.Formbook.x |
Kingsoft | Win32.Trojan.Generic.a |
Microsoft | Trojan:Win32/FormBook.AFB!MTB |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Win32.Trojan.PSE.100IPS |
Varist | W32/Formbook.A.gen!Eldorado |
AhnLab-V3 | Trojan/Win.Formbook.X2185 |
BitDefenderTheta | AI:Packer.EE3E03421E |
DeepInstinct | MALICIOUS |
VBA32 | BScope.TrojanPSW.Banker |
Malwarebytes | Generic.Malware.AI.DDS |
Tencent | Win32.Trojan.Generic.Mqil |
SentinelOne | Static AI - Malicious PE |
MaxSecure | Trojan.Malware.300983.susgen |