Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 22, 2024, 5:18 p.m. | Sept. 22, 2024, 5:51 p.m. |
-
66e571613a5a3_Server.exe "C:\Users\test22\AppData\Local\Temp\66e571613a5a3_Server.exe"
1540
Name | Response | Post-Analysis Lookup |
---|---|---|
win.ust.cx | 154.91.34.235 | |
www.ipip.net | 172.67.22.102 | |
luoyefeihua.site | ||
en.ipip.net | 104.22.30.153 | |
downapp.baidu.com | 60.190.116.35 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49164 -> 104.22.30.153:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49165 -> 104.22.31.153:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49164 104.22.30.153:443 |
C=US, O=Google Trust Services, CN=WR1 | CN=www.ipip.net | 5e:e0:4c:ad:06:35:8e:83:c1:b4:04:49:a7:cf:48:a8:e1:aa:f5:38 |
TLSv1 192.168.56.103:49165 104.22.31.153:443 |
C=US, O=Google Trust Services, CN=WR1 | CN=en.ipip.net | 40:22:3a:4f:77:4e:be:5b:e5:5a:f3:1e:14:9a:12:eb:20:ed:f3:68 |
request | GET http://downapp.baidu.com/ |
request | GET http://downapp.baidu.com/appsearch/AndroidPhone/1.0.65.172/1/1012271b/20171027150542/appsearch_AndroidPhone_1-0-65-172_1012271b.apk?responseContentDisposition=attachment%3Bfilename%3D%22appsearch_AndroidPhone_v8.0.3%281.0.65.172%29_1012271b.apk%22&responseContentType=application%2Fvnd.android.package-archive&request_id=1516457256_8032127161&type=dynamic |
request | GET https://www.ipip.net/ |
request | GET https://en.ipip.net/ |
file | C:\Users\test22\AppData\Local\Temp\test.exe |
file | C:\Users\test22\AppData\Local\Temp\test.exe |
wmi | Select MACAddress From Win32_NetworkAdapter Where ((MACAddress Is Not NULL) AND (Manufacturer <> 'Microsoft')) |
section | {u'size_of_data': u'0x00019200', u'virtual_address': u'0x00044000', u'entropy': 7.928825616339337, u'name': u'UPX1', u'virtual_size': u'0x0001a000'} | entropy | 7.92882561634 | description | A section with a high entropy has been found | |||||||||
entropy | 0.99504950495 | description | Overall entropy of this PE file is high |
section | UPX0 | description | Section name indicates UPX | ||||||
section | UPX1 | description | Section name indicates UPX | ||||||
section | UPX2 | description | Section name indicates UPX |
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\bootcon66e571613a5a3_Server.exe | reg_value | C:\Users\test22\AppData\Local\Temp\66e571613a5a3_Server.exe |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.BlackMoon.4!c |
Cynet | Malicious (score: 100) |
CAT-QuickHeal | Trojan.Injuke |
Skyhigh | BehavesLike.Win32.Generic.cc |
ALYac | Gen:Variant.Application.Graftor.799690 |
Cylance | Unsafe |
VIPRE | Gen:Variant.Application.Graftor.799690 |
Sangfor | Trojan.Win32.Save.a |
CrowdStrike | win/malicious_confidence_90% (D) |
BitDefender | Gen:Variant.Application.Graftor.799690 |
K7GW | Trojan ( 005930da1 ) |
K7AntiVirus | Trojan ( 005930da1 ) |
Arcabit | Trojan.Application.Graftor.DC33CA |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (moderate confidence) |
ESET-NOD32 | a variant of Win32/Packed.BlackMoon.A suspicious |
APEX | Malicious |
Avast | Win32:TrojanX-gen [Trj] |
ClamAV | Win.Dropper.Tiggre-9845940-0 |
Kaspersky | HEUR:Trojan.Win32.Injuke.vho |
Alibaba | Trojan:Win32/Injuke.81ca9389 |
NANO-Antivirus | Trojan.Win32.Graftor.hfiybo |
MicroWorld-eScan | Gen:Variant.Application.Graftor.799690 |
Rising | Trojan.Blamon!8.E8FB (TFE:5:4rHQxiKfRp) |
Emsisoft | Gen:Variant.Application.Graftor.799690 (B) |
F-Secure | Trojan.TR/Dropper.Gen |
DrWeb | Trojan.Siggen18.26977 |
Zillya | Trojan.Injuke.Win32.360 |
TrendMicro | TROJ_GEN.R002C0DIK24 |
McAfeeD | Real Protect-LS!D42E570EC9CF |
Trapmine | malicious.high.ml.score |
CTX | exe.trojan.generic |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Win32.CoinMiner |
FireEye | Generic.mg.d42e570ec9cf6757 |
Jiangmin | Trojan.APosT.aed |
Detected | |
Avira | TR/Dropper.Gen |
Antiy-AVL | Trojan/Win32.C2Lop |
Kingsoft | Win32.Trojan.Injuke.vho |
Gridinsoft | Trojan.Win32.Agent.sa |
Microsoft | Trojan:Win32/C2Lop.C |
ViRobot | Trojan.Win.Z.Graftor.104448 |
ZoneAlarm | HEUR:Trojan.Win32.Injuke.vho |
GData | Win32.Trojan.Agent.WP |
Varist | W32/BlackMoon.DD.gen!Eldorado |
AhnLab-V3 | Trojan/Win32.C2Lop.R342429 |
McAfee | GenericRXAA-AA!D42E570EC9CF |
DeepInstinct | MALICIOUS |
dead_host | 192.168.56.103:49167 |
dead_host | 154.91.34.235:8080 |