Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 13, 2024, 9:22 a.m. | Sept. 13, 2024, 9:29 a.m. |
-
-
svchost.exe "C:\Users\test22\AppData\Local\Temp\frownked2.1.exe"
2228
-
-
-
firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
2880
-
-
explorer.exe C:\Windows\Explorer.EXE
1236
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49179 -> 161.97.168.245:80 | 2032991 | ET INFO HTTP Request to a *.buzz domain | Potentially Bad Traffic |
TCP 192.168.56.103:49182 -> 162.0.238.43:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
TCP 192.168.56.103:49178 -> 161.97.168.245:80 | 2032991 | ET INFO HTTP Request to a *.buzz domain | Potentially Bad Traffic |
UDP 192.168.56.103:50674 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
request | POST http://www.trapkitten.website/vzgx/ |
request | GET http://www.trapkitten.website/vzgx/?Jht=fAt7pIVPpGXAvBzfbofxH6KLA/SKUI8tR0TDZSipM2iZbUNyxYUxThLLESsgo4hlkDzs7nheSjoc1Sj/m3Gn3caq3+Ik36hEeLqFX7XS2ZCHg+ZK2jYSb1UZmcKhE1PtLCklngg=&fl=WtGo |
request | GET http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip |
request | GET http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip |
request | GET http://www.sqlite.org/2016/sqlite-dll-win32-x86-3120000.zip |
request | GET http://www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip |
request | GET http://www.qwefs.org/toq1/?Jht=uFBHOFjbtFvxqkcdxVd4tJdULw7QnIRXIDe+8RHTfxNdoahKRW8U0UCbhdOPwbKTgOK/uYLPOnJNTHSrlEGfXzyIhJOeIq51xyFm40Ibheoc9HKPcTfbc4gFNH+mWXon7XUk+C8=&fl=WtGo |
request | POST http://www.dfmagazine.shop/wc8m/ |
request | GET http://www.dfmagazine.shop/wc8m/?Jht=LNw/HBPP4tr5bvxRqEHHjPwHzHq/oSZ3YB7NlE9rWxPCxu7fGi7WVymEaD0ez69xv6ZMfJiRCRJpj/kbYTwl2Jp3vmj/K6IWSBhtVJ2AAHCG128jD1oExGyyLZzj9OMbCV/AQw0=&fl=WtGo |
request | POST http://www.disn-china.buzz/za6x/ |
request | GET http://www.disn-china.buzz/za6x/?Jht=EgAkyEJNK52+6mt3E5/kJbXdEzdYowDWwvgRo5oIQtO9ZSuXgOHTA+BJ7wLJ2gaYF8C47CtaBGKeFv/a+P8O0H1n59GM1zMsYaWK1AmiqPY5ZahcO8GJtNWa29lHrhEg3yNDlxM=&fl=WtGo |
request | GET http://www.kevin-torkelson.info/gekb/?Jht=5z2j4JvjBCmnxDGmXhsNUCzyBEeNU+efumCOi9/ZiiqSem4bSPmiC7+SQGIeXbOACmsQlkv/nReqN9BPj1atBFP4iljpjZG37OmieLn9iAg49nsR4NFlAX0ACoZEb3mOX8X6rtg=&fl=WtGo |
request | POST http://www.mandemj.top/to69/ |
request | GET http://www.mandemj.top/to69/?Jht=jnxbIh9toY3Lk087C6fRSAIIDhtmtOIIZy5Q1YpSMvmzprTTtz9chlCe8JLifgChZqJUy3cTTTxPfarkAUDrW4VnhfiXjSai62R1N2pl8mrhOBQxiL5e+vemTWR4j4PbfMHKe5c=&fl=WtGo |
request | POST http://www.pmjjewels.online/risb/ |
request | GET http://www.pmjjewels.online/risb/?Jht=eaaelBCTiJBUEmuLZOnRpNwStkEgMLy/XK1YEbKYGwCJmco23DW+jwYfw/wGti4g6zAdqT8YjPqv8SPTYnHAaF9kOPWwjHlUiv4xVtfBSx2ls1nJs2JEa5QE0YkRP5wLYmM3P0s=&fl=WtGo |
request | POST http://www.trapkitten.website/vzgx/ |
request | POST http://www.dfmagazine.shop/wc8m/ |
request | POST http://www.disn-china.buzz/za6x/ |
request | POST http://www.mandemj.top/to69/ |
request | POST http://www.pmjjewels.online/risb/ |
domain | www.mandemj.top | description | Generic top level domain TLD |
description | cmdl32.exe tried to sleep 148 seconds, actually delayed analysis time by 148 seconds |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ |
file | C:\Users\test22\AppData\Local\Chromium\User Data |
file | C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data |
file | C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data |
file | C:\Users\test22\AppData\Local\Temp\sqlite3.dll |
file | C:\Users\test22\AppData\Local\Temp\sqlite3.dll |
section | {u'size_of_data': u'0x000b8800', u'virtual_address': u'0x000c4000', u'entropy': 6.974208947233943, u'name': u'.rsrc', u'virtual_size': u'0x000b8774'} | entropy | 6.97420894723 | description | A section with a high entropy has been found | |||||||||
entropy | 0.47859922179 | description | Overall entropy of this PE file is high |
file | C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data |
file | C:\Users\test22\AppData\Local\AVG\Browser\User Data |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Formbook.4!c |
Elastic | malicious (high confidence) |
CAT-QuickHeal | TrojanPWS.AutoIt.Zbot.S |
Skyhigh | BehavesLike.Win32.Generic.th |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Injector.V9c1 |
K7AntiVirus | Trojan ( 700000111 ) |
K7GW | Trojan ( 700000111 ) |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | a variant of Win32/Injector.Autoit.GJF |
APEX | Malicious |
Avast | FileRepMalware [Misc] |
Kaspersky | UDS:DangerousObject.Multi.Generic |
Alibaba | Trojan:Win32/Injector.34bf1373 |
McAfeeD | ti!B14DBA44C081 |
Trapmine | suspicious.low.ml.score |
CTX | exe.trojan.autoit |
Sophos | Mal/Generic-S |
FireEye | Generic.mg.ab7caff90a834757 |
Avira | TR/AVI.Agent.lqnit |
Kingsoft | malware.kb.a.885 |
Gridinsoft | Ransom.Win32.Wacatac.sa |
Microsoft | Trojan:Win32/Wacatac.B!ml |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Win32.Trojan-Stealer.FormBook.6GHKRQ |
McAfee | Artemis!AB7CAFF90A83 |
DeepInstinct | MALICIOUS |
VBA32 | Trojan-Downloader.Autoit.gen |
Malwarebytes | Generic.Malware/Suspicious |
Panda | Trj/Chgt.AD |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | AutoIt/Injector.GIZ!tr |
AVG | FileRepMalware [Misc] |
Paloalto | generic.ml |
CrowdStrike | win/malicious_confidence_60% (D) |