Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 3, 2024, 9:02 a.m. | Sept. 3, 2024, 9:06 a.m. |
-
sWsmPty.exe "C:\Users\test22\AppData\Local\Temp\sWsmPty.exe"
1156
Name | Response | Post-Analysis Lookup |
---|---|---|
animalesfans.space | 172.67.180.170 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49164 -> 172.67.180.170:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49164 172.67.180.170:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=animalesfans.space | 95:26:87:08:29:b7:36:f6:73:4f:6c:94:de:e9:a6:0a:df:4f:50:49 |
suspicious_features | POST method with no referer header | suspicious_request | POST https://animalesfans.space/park?jpkr7rxhi=LXc8pXq%2B90Dqtjn83Fl3FLo0pHPLDPLaSKYnB%2FH72B5yCdr0JCJOZKWkStPG67hyYHv9uiy27egbaPaFEIaCVQ%3D%3D |
request | POST https://animalesfans.space/park?jpkr7rxhi=LXc8pXq%2B90Dqtjn83Fl3FLo0pHPLDPLaSKYnB%2FH72B5yCdr0JCJOZKWkStPG67hyYHv9uiy27egbaPaFEIaCVQ%3D%3D |
request | POST https://animalesfans.space/park?jpkr7rxhi=LXc8pXq%2B90Dqtjn83Fl3FLo0pHPLDPLaSKYnB%2FH72B5yCdr0JCJOZKWkStPG67hyYHv9uiy27egbaPaFEIaCVQ%3D%3D |
section | {u'size_of_data': u'0x0000bc00', u'virtual_address': u'0x001db000', u'entropy': 7.904690584187934, u'name': u'.data', u'virtual_size': u'0x0000bbd0'} | entropy | 7.90469058419 | description | A section with a high entropy has been found |
registry | HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 Override |
registry | HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win32.SleepObf.4!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 99) |
Skyhigh | BehavesLike.Win64.Qakbot.th |
ALYac | Trojan.GenericKD.73963949 |
Cylance | Unsafe |
VIPRE | Trojan.GenericKD.73963949 |
Sangfor | Trojan.Win64.Kryptik.Vyf6 |
BitDefender | Trojan.GenericKD.73963949 |
K7GW | Trojan ( 005b86ea1 ) |
Arcabit | Trojan.Generic.D46899AD |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win64/Kryptik.EMS |
APEX | Malicious |
McAfee | Artemis!478124644DA5 |
Avast | Win64:CrypterX-gen [Trj] |
Kaspersky | Trojan.Win64.SleepObf.il |
Alibaba | Trojan:Win64/SleepObf.9116279d |
MicroWorld-eScan | Trojan.GenericKD.73963949 |
Rising | Trojan.Kryptik!8.8 (CLOUD) |
Emsisoft | Trojan.GenericKD.73963949 (B) |
F-Secure | Trojan.TR/Kryptik.gnqru |
McAfeeD | ti!33083EE177BD |
Trapmine | suspicious.low.ml.score |
FireEye | Generic.mg.478124644da5f82d |
Sophos | Mal/Generic-S |
Webroot | W32.Trojan.GenKD |
Detected | |
Avira | TR/Kryptik.gnqru |
MAX | malware (ai score=81) |
Kingsoft | malware.kb.a.868 |
Gridinsoft | Ransom.Win64.Wacatac.sa |
Microsoft | Trojan:Win32/Casdet!rfn |
ViRobot | Trojan.Win.Z.Kryptik.2076672 |
ZoneAlarm | Trojan.Win64.SleepObf.il |
GData | Trojan.GenericKD.73963949 |
AhnLab-V3 | Trojan/Win.Generic.R664519 |
DeepInstinct | MALICIOUS |
Malwarebytes | Trojan.ShellCode |
Ikarus | Win32.Outbreak |
Tencent | Win64.Trojan.Sleepobf.Bdhl |
huorong | Trojan/W64.Agent.bx |
Fortinet | W64/Kryptik.EMS!tr |
AVG | Win64:CrypterX-gen [Trj] |
Paloalto | generic.ml |
CrowdStrike | win/malicious_confidence_90% (D) |
alibabacloud | Trojan:Win/Wacatac.B9nj |