Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 17, 2024, 10:10 a.m. | May 17, 2024, 10:12 a.m. |
-
mshta.exe "C:\Windows\System32\mshta.exe" C:\Users\test22\AppData\Local\Temp\ttt.hta
2548
Name | Response | Post-Analysis Lookup |
---|---|---|
brandwizer.co.in | 5.9.123.217 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49163 -> 5.9.123.217:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 5.9.123.217:443 -> 192.168.56.101:49164 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 192.168.56.101:49162 -> 5.9.123.217:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
No Suricata TLS
Lionic | Trojan.HTML.Valyria.a!c |
Skyhigh | BehavesLike.HTML.Dropper.zq |
ALYac | Trojan.Script.Agent |
VIPRE | VB:Trojan.Kimsuky.A |
Arcabit | VB:Trojan.Kimsuky.A |
Symantec | Trojan Horse |
ESET-NOD32 | VBS/Kimsuky.AM |
TrendMicro-HouseCall | TROJ_FRS.0NA104EE24 |
Avast | Other:Malware-gen [Trj] |
Kaspersky | HEUR:Trojan-Downloader.HTA.SLoad.gen |
BitDefender | VB:Trojan.Kimsuky.A |
MicroWorld-eScan | VB:Trojan.Kimsuky.A |
Rising | Trojan.Kimsuky/VBS!8.13D95 (TOPIS:E0:3BSGVFy9i7O) |
Emsisoft | VB:Trojan.Kimsuky.A (B) |
TrendMicro | TROJ_FRS.0NA104EE24 |
FireEye | VB:Trojan.Kimsuky.A |
Ikarus | Trojan.VBS.Kimsuky |
Microsoft | Trojan:VBS/Malgent!MSR |
ViRobot | VBS.S.Running.1556 |
ZoneAlarm | HEUR:Trojan-Downloader.HTA.SLoad.gen |
GData | VB:Trojan.Kimsuky.A |
MAX | malware (ai score=81) |
AVG | Other:Malware-gen [Trj] |