Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 22, 2024, 5:19 p.m. | Sept. 22, 2024, 5:22 p.m. |
-
-
svchost.exe "C:\Users\test22\AppData\Local\Temp\audiodg.exe"
2664
-
-
-
firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
2984
-
-
explorer.exe C:\Windows\Explorer.EXE
1452
Name | Response | Post-Analysis Lookup |
---|---|---|
www.antonio-vivaldi.mobi | ||
www.goldenjade-travel.com | 116.50.37.244 | |
www.3xfootball.com | 154.215.72.110 | |
www.kasegitai.tokyo | ||
www.magmadokum.com |
CNAME
redirect.natrocdn.com
|
85.159.66.93 |
www.sqlite.org | 45.33.6.223 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49168 -> 154.215.72.110:80 | 2050745 | ET MALWARE FormBook CnC Checkin (GET) M5 | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49176 -> 116.50.37.244:80 | 2050745 | ET MALWARE FormBook CnC Checkin (GET) M5 | Malware Command and Control Activity Detected |
TCP 192.168.56.101:49178 -> 85.159.66.93:80 | 2050745 | ET MALWARE FormBook CnC Checkin (GET) M5 | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
request | POST http://www.3xfootball.com/fo8o/ |
request | GET http://www.3xfootball.com/fo8o/?01Rq=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&G0g-=NkDPf |
request | GET http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip |
request | GET http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip |
request | POST http://www.goldenjade-travel.com/fo8o/ |
request | GET http://www.goldenjade-travel.com/fo8o/?01Rq=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&G0g-=NkDPf |
request | POST http://www.magmadokum.com/fo8o/ |
request | GET http://www.magmadokum.com/fo8o/?01Rq=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&G0g-=NkDPf |
request | POST http://www.3xfootball.com/fo8o/ |
request | POST http://www.goldenjade-travel.com/fo8o/ |
request | POST http://www.magmadokum.com/fo8o/ |
description | netbtugc.exe tried to sleep 164 seconds, actually delayed analysis time by 164 seconds |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ |
file | C:\Users\test22\AppData\Local\Chromium\User Data |
file | C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data |
file | C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data |
file | C:\Users\test22\AppData\Local\Temp\sqlite3.dll |
file | C:\Users\test22\AppData\Local\Temp\sqlite3.dll |
file | C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data |
file | C:\Users\test22\AppData\Local\AVG\Browser\User Data |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Autoit.4!c |
tehtris | Generic.Malware |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win32.Dropper.tc |
Cylance | Unsafe |
CrowdStrike | win/malicious_confidence_90% (D) |
BitDefender | AIT:Trojan.Nymeria.6337 |
K7GW | Trojan ( 700000111 ) |
K7AntiVirus | Trojan ( 700000111 ) |
Arcabit | AIT:Trojan.Nymeria.D18C1 [many] |
Symantec | Trojan.Gen.2 |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Injector.Autoit.GKF |
APEX | Malicious |
Avast | Script:SNH-gen [Trj] |
Alibaba | TrojanSpy:Win32/Autoitinject.373fe4e2 |
MicroWorld-eScan | AIT:Trojan.Nymeria.6337 |
Rising | Trojan.Injector/Autoit!1.10326 (CLASSIC) |
Emsisoft | AIT:Trojan.Nymeria.6337 (B) |
F-Secure | Trojan.TR/AD.ShellcodeCrypter.owcbu |
TrendMicro | Cryp_Embed4 |
McAfeeD | ti!3F1860FE684D |
Trapmine | suspicious.low.ml.score |
CTX | exe.trojan.autoit |
Sophos | Mal/Generic-S |
FireEye | Generic.mg.8b016746ea349838 |
Detected | |
Avira | TR/AD.ShellcodeCrypter.owcbu |
Kingsoft | Win32.Trojan-Spy.Noon.bidz |
Gridinsoft | Trojan.Win32.Downloader.sa |
Microsoft | Trojan:Win32/Autoitinject.PPEH!MTB |
GData | AIT:Trojan.Nymeria.6337 (2x) |
Varist | W32/AutoIt.AQ.gen!Eldorado |
AhnLab-V3 | Packed/Win.Suspicious.C5673041 |
McAfee | Artemis!8B016746EA34 |
DeepInstinct | MALICIOUS |
VBA32 | Trojan.Autoit.F |
Malwarebytes | Generic.Malware/Suspicious |
Ikarus | Trojan.Win32.Injector |
Panda | Trj/CI.A |
TrendMicro-HouseCall | Cryp_Embed4 |
Tencent | Win32.Trojan-Spy.Noon.Sgil |
MaxSecure | Trojan.Autoit.AZA |
Fortinet | W32/Injector_Autoit.GKE!tr |
AVG | Script:SNH-gen [Trj] |
Paloalto | generic.ml |