Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 4, 2024, 5:43 p.m. | Aug. 4, 2024, 5:45 p.m. |
-
pic5.jpg.exe "C:\Users\test22\AppData\Local\Temp\pic5.jpg.exe"
2544
Name | Response | Post-Analysis Lookup |
---|---|---|
mundoparachicas.space | 104.21.42.29 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49163 -> 104.21.42.29:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49163 104.21.42.29:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=mundoparachicas.space | ef:c3:09:ce:17:d9:1d:ed:79:52:ca:9c:fd:3e:dc:01:9b:91:03:40 |
suspicious_features | POST method with no referer header | suspicious_request | POST https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D |
request | POST https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D |
request | POST https://mundoparachicas.space/imageFolio.cgi?qehii0w3ze9sn=nO6wgakvlUvUKyvVvRezNJaB0mAvGbPqVKo12a3LOUvhvPrA9eFcs3uIBjr2ICTAiCiRSrnI1BD1Zngf6t0fTw%3D%3D |
section | {u'size_of_data': u'0x0000d200', u'virtual_address': u'0x001df000', u'entropy': 7.916465937119629, u'name': u'.data', u'virtual_size': u'0x0000d1c0'} | entropy | 7.91646593712 | description | A section with a high entropy has been found |
registry | HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 Override |
registry | HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions |
Bkav | W64.AIDetectMalware |
Elastic | malicious (high confidence) |
Cylance | Unsafe |
Sangfor | Trojan.Win64.Agent.V1u9 |
ESET-NOD32 | a variant of Win64/Kryptik.EMS |
APEX | Malicious |
Kaspersky | Trojan.Win64.SleepObf.eb |
Rising | Trojan.Kryptik@AI.86 (RDML:FvvkDlCfmSj2WKWCy6wOUA) |
F-Secure | Trojan.TR/Kryptik.hemnz |
TrendMicro | Trojan.Win64.SMOKELOADER.YXEHDZ |
McAfeeD | ti!F1530D12529D |
Trapmine | malicious.high.ml.score |
FireEye | Generic.mg.85b1854b81d15ac9 |
Avira | TR/Kryptik.hemnz |
Kingsoft | Win32.Troj.Unknown.a |
ZoneAlarm | Trojan.Win64.SleepObf.eb |
DeepInstinct | MALICIOUS |
Malwarebytes | Generic.Malware/Suspicious |
TrendMicro-HouseCall | Trojan.Win64.SMOKELOADER.YXEHDZ |
CrowdStrike | win/malicious_confidence_100% (W) |
alibabacloud | Trojan:Win/Kryptik.EZK |