Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 12, 2024, 12:52 p.m. | Sept. 12, 2024, 12:55 p.m. |
-
bin.exe "C:\Users\test22\AppData\Local\Temp\bin.exe"
1940 -
-
firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
2676
-
-
explorer.exe C:\Windows\Explorer.EXE
1236
Name | Response | Post-Analysis Lookup |
---|---|---|
www.zz82x.top |
CNAME
zz82x.top
|
38.47.232.196 |
www.withad.xyz | 162.0.238.43 | |
www.wcm50.top |
CNAME
wcm50.top
|
154.23.184.60 |
www.coffee-and-blends.info | 217.160.0.231 | |
www.lanxuanz.tech |
CNAME
zhs.zohosites.com
|
136.143.186.12 |
www.mayawashfold.net |
CNAME
mayawashfold.net
|
15.197.148.33 |
www.filelabel.info |
CNAME
filelabel.info
|
15.197.148.33 |
www.sqlite.org | 45.33.6.223 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.103:53673 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
TCP 192.168.56.103:49175 -> 38.47.232.196:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
request | POST http://www.coffee-and-blends.info/v35v/ |
request | GET http://www.coffee-and-blends.info/v35v/?2V=QLykxYh4zvA0eVm8sHd9vJ7cm8Ocwd+aLw1iNOUTi/NZcFg0+k6SuajB+VDZEgWr7u3QxNH7fyl6o0+K3GiYVb/CpQQZmkLRlg6A/sXIMKu948ijpPl34Lh5vJIQLmsCgl/X2MY=&5N=yBxsewvl1 |
request | GET http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip |
request | GET http://www.sqlite.org/2018/sqlite-dll-win32-x86-3240000.zip |
request | POST http://www.mayawashfold.net/mtee/ |
request | GET http://www.mayawashfold.net/mtee/?2V=mIo06BHEAes+1ktXaBAtNGKqBpRmqRxWlUKS3fumHCh/F9Apz5MmL+0gaGFLr/u+11M8U18avNpkfr0bp21uUDjReIWSdbsSeAfUqf/zog6+kRphWsZifsnSv92p91nXivHnLMY=&5N=yBxsewvl1 |
request | GET http://www.zz82x.top/ym8o/?2V=0oBut1yNYbWGPCBlgyv3pZVha+opv9VnbBTx5iLcdFvMwA802wT5+eN4s6JX6RPQYa1HVkeDIT7ul87fzWjyS3+9Bl5G+MuIzE/ROIZBkpIpmi83C/mWL5yyeDtdBV6PHeqsO2U=&5N=yBxsewvl1 |
request | POST http://www.wcm50.top/sok0/ |
request | GET http://www.wcm50.top/sok0/?2V=9nK66fHSoCGrYX5gaK/AO9t7tPQ5/QEti9hRjfn4Wr4e/FiQigglpcmZABT8bPLN/EEfVpiA5WrUcuyZtKi/BBJRI9fYI3SyqgQHC3eDkS3RCCCNVpOtSHUDKdaHP3QuqehRYy8=&5N=yBxsewvl1 |
request | POST http://www.withad.xyz/r0nv/ |
request | GET http://www.withad.xyz/r0nv/?2V=MbxsL1z6NlMfyEEdZx/ZxPf8EiE8jFH+EotLfQicwl73p/l3IQxOGOCDPbvxx6J9DUF2ANV1DH6MzynBnTYcCPycA1shdY1mvpanTFbxObMy1SnsPVKhvAf5oxTVz0DK2AgMbQQ=&5N=yBxsewvl1 |
request | POST http://www.lanxuanz.tech/em49/ |
request | GET http://www.lanxuanz.tech/em49/?2V=vV5RcTk6UjJnp8cFAK/SOuBjTCno8ikmF8l1hdm9JL6NOoivCUbMGww4nWsmekXmD/ydRpWe52eDtuCzDhpXjdrcsjftmH+l+fFtrvvEqEsdx0xgXMMdSTOC4EPGj+TD2I4a44E=&5N=yBxsewvl1 |
request | POST http://www.filelabel.info/2w7y/ |
request | GET http://www.filelabel.info/2w7y/?2V=Lawv0YecSOnZdZmqngGcZvprhomfb4X9YfPVtq1IvWwToR7xRnuqxAjnf14Kb1P7OK3qF8y3rVlNPzF5bdVhlCUeYm2+7ddpSexImSbNaMK380N1MHIbJRhlUDS9sCT5SZ96r/0=&5N=yBxsewvl1 |
request | POST http://www.coffee-and-blends.info/v35v/ |
request | POST http://www.mayawashfold.net/mtee/ |
request | POST http://www.wcm50.top/sok0/ |
request | POST http://www.withad.xyz/r0nv/ |
request | POST http://www.lanxuanz.tech/em49/ |
request | POST http://www.filelabel.info/2w7y/ |
domain | www.wcm50.top | description | Generic top level domain TLD | ||||||
domain | www.zz82x.top | description | Generic top level domain TLD |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ |
file | C:\Users\test22\AppData\Local\Chromium\User Data |
file | C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data |
file | C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data |
file | C:\Users\test22\AppData\Local\Temp\sqlite3.dll |
file | C:\Users\test22\AppData\Local\Temp\sqlite3.dll |
section | {u'size_of_data': u'0x00044e00', u'virtual_address': u'0x00001000', u'entropy': 7.995106703390662, u'name': u'.text', u'virtual_size': u'0x00044d04'} | entropy | 7.99510670339 | description | A section with a high entropy has been found | |||||||||
entropy | 1.0 | description | Overall entropy of this PE file is high |
file | C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data |
file | C:\Users\test22\AppData\Local\AVG\Browser\User Data |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Formbook.4!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
CAT-QuickHeal | Trojanspy.Noon |
Skyhigh | BehavesLike.Win32.VirRansom.dc |
ALYac | Gen:Variant.Mikey.148734 |
Cylance | Unsafe |
VIPRE | Gen:Variant.Mikey.148734 |
Sangfor | Trojan.Win32.Formbook.Vep1 |
K7AntiVirus | Trojan ( 00536d121 ) |
BitDefender | Gen:Variant.Mikey.148734 |
K7GW | Trojan ( 00536d121 ) |
Cybereason | malicious.dc0182 |
Arcabit | Trojan.Mikey.D244FE |
VirIT | Trojan.Win32.Formbook.GEN |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Formbook.AK |
APEX | Malicious |
Avast | Win32:PWSX-gen [Trj] |
Kaspersky | Trojan-Spy.Win32.Noon.biby |
Alibaba | Trojan:Win32/FormBook.4cc9e21c |
MicroWorld-eScan | Gen:Variant.Mikey.148734 |
Rising | Trojan.Kryptik@AI.86 (RDML:7JRLDhO071wIAHwW0TLapg) |
Emsisoft | Gen:Variant.Mikey.148734 (B) |
F-Secure | Trojan.TR/Crypt.ZPACK.Gen |
TrendMicro | TROJ_GEN.R002C0DIB24 |
McAfeeD | Real Protect-LS!95C51C6DC018 |
Trapmine | malicious.moderate.ml.score |
CTX | malware (ai score=88) |
Sophos | Troj/Formbook-A |
SentinelOne | Static AI - Malicious PE |
FireEye | Generic.mg.95c51c6dc0182811 |
Webroot | W32.Noon.Gen |
Detected | |
Avira | TR/Crypt.ZPACK.Gen |
Antiy-AVL | Trojan/Win32.Formbook.x |
Kingsoft | malware.kb.a.1000 |
Gridinsoft | Trojan.Win32.Kryptik.sa |
Microsoft | Trojan:Win32/FormBook.NF!MTB |
ZoneAlarm | Trojan-Spy.Win32.Noon.biby |
GData | Gen:Variant.Mikey.148734 |
AhnLab-V3 | Infostealer/Win.Formbook.R647393 |
McAfee | Artemis!95C51C6DC018 |
DeepInstinct | MALICIOUS |
VBA32 | BScope.Trojan.Formbook |
Malwarebytes | Spyware.FormBook |
Ikarus | Trojan.Win32.Formbook |
Panda | Trj/CI.A |
TrendMicro-HouseCall | TROJ_GEN.R002C0DIB24 |