Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | March 29, 2021, 5:50 p.m. | March 29, 2021, 5:53 p.m. |
-
-
winlog.exe "C:\Users\test22\AppData\Local\Temp\winlog.exe"
2076
-
IP Address | Status | Action |
---|---|---|
104.21.15.71 | Active | Moloch |
107.180.4.11 | Active | Moloch |
119.59.120.8 | Active | Moloch |
162.241.226.91 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.106.71.28 | Active | Moloch |
198.100.154.154 | Active | Moloch |
204.11.56.48 | Active | Moloch |
212.32.237.92 | Active | Moloch |
34.80.190.141 | Active | Moloch |
62.149.128.40 | Active | Moloch |
82.192.82.228 | Active | Moloch |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.hipnoseportugal.com/m2be/?CP=fyh/eIcWLzHdYVM4fMwwrsLD1ZW7Cr5WD4M+TzD/IfsF8P4vWPBgWGXIMzfqNHcT0XPQNNXV&nN=Sxl0iBepVBODj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.capacitaciondelfuturo.com/m2be/?CP=JuGytuw2VxfQte3rKPqxcSs+eAHRIhMzmgi2qjF3W//4E0tsyJg/EsiU7NhRUhyD34G08D0/&nN=Sxl0iBepVBODj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.aingline.com/m2be/?CP=/cx1WigI5eNaC6i34KXME6WD5Ct7TvaQWlf5eu0+0EgzxF3BEesPFAZQYDHHoJuM8x1hM5KR&nN=Sxl0iBepVBODj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.cvacity.info/m2be/?CP=+ymgIVB8UjLw7GnSCSTG+4Qmonnd1NOjLVf+OJhKsAnFyz+U37p2kLcdnoXMrt5J42Ufd+P7&nN=Sxl0iBepVBODj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.estiqama.net/m2be/?CP=Qo4KD+5hT4eOQLFCwLb4LDUCpH7heJjKIRzr1jRkVgQp+XrEPJL9m+CmGxW3caf4Gouz1Gdq&nN=Sxl0iBepVBODj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.sevenstepstohappy.co.uk/m2be/?CP=8TGzqWDl7PaPmTVvDtvqhODOTjAAtr8xONuQ5BTUnlorI9+IESwVjKVVX1fuZDRWAC7K+zRz&nN=Sxl0iBepVBODj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.bachsimplicity.com/m2be/?CP=xrbmytv2xUVmSvMzdbroGQwspeoDnbTi2rZvbqTMTzC9e05HRkzmYXtexDpha4skvPZC1Tmx&nN=Sxl0iBepVBODj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.somht.com/m2be/?CP=ifCDsBLIuITK+LGSwbP7ucLsNIzdB7eAVKli539gxau1WIOKSQQ2NauSUkeMIVDcyV1m1TuN&nN=Sxl0iBepVBODj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.watchtofree.com/m2be/?CP=fyr+10g42Gqxc1oP4g7nbJJjJa6bzqp1uVFWcWZ7TIWPIKq1SSOIdiXCTiFl6Dc22E4QladY&nN=Sxl0iBepVBODj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.aeo2.net/m2be/?CP=QAnod8LT1llQdxTrzzR37y2wBLdATPFFotOpszExPVQzgQdQkGKfb27zuJKRnWl89FGWsp7C&nN=Sxl0iBepVBODj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.thinkcleanedu.com/m2be/?CP=Ycau8pAj/XaNEeATzdMxYV0HLSZZWx/92SzWGcEh6T05SXoe0LDAvqh/0eNxBCokjSO13ed1&nN=Sxl0iBepVBODj |
request | POST http://www.hipnoseportugal.com/m2be/ |
request | GET http://www.hipnoseportugal.com/m2be/?CP=fyh/eIcWLzHdYVM4fMwwrsLD1ZW7Cr5WD4M+TzD/IfsF8P4vWPBgWGXIMzfqNHcT0XPQNNXV&nN=Sxl0iBepVBODj |
request | POST http://www.capacitaciondelfuturo.com/m2be/ |
request | GET http://www.capacitaciondelfuturo.com/m2be/?CP=JuGytuw2VxfQte3rKPqxcSs+eAHRIhMzmgi2qjF3W//4E0tsyJg/EsiU7NhRUhyD34G08D0/&nN=Sxl0iBepVBODj |
request | POST http://www.aingline.com/m2be/ |
request | GET http://www.aingline.com/m2be/?CP=/cx1WigI5eNaC6i34KXME6WD5Ct7TvaQWlf5eu0+0EgzxF3BEesPFAZQYDHHoJuM8x1hM5KR&nN=Sxl0iBepVBODj |
request | POST http://www.cvacity.info/m2be/ |
request | GET http://www.cvacity.info/m2be/?CP=+ymgIVB8UjLw7GnSCSTG+4Qmonnd1NOjLVf+OJhKsAnFyz+U37p2kLcdnoXMrt5J42Ufd+P7&nN=Sxl0iBepVBODj |
request | POST http://www.estiqama.net/m2be/ |
request | GET http://www.estiqama.net/m2be/?CP=Qo4KD+5hT4eOQLFCwLb4LDUCpH7heJjKIRzr1jRkVgQp+XrEPJL9m+CmGxW3caf4Gouz1Gdq&nN=Sxl0iBepVBODj |
request | POST http://www.sevenstepstohappy.co.uk/m2be/ |
request | GET http://www.sevenstepstohappy.co.uk/m2be/?CP=8TGzqWDl7PaPmTVvDtvqhODOTjAAtr8xONuQ5BTUnlorI9+IESwVjKVVX1fuZDRWAC7K+zRz&nN=Sxl0iBepVBODj |
request | POST http://www.bachsimplicity.com/m2be/ |
request | GET http://www.bachsimplicity.com/m2be/?CP=xrbmytv2xUVmSvMzdbroGQwspeoDnbTi2rZvbqTMTzC9e05HRkzmYXtexDpha4skvPZC1Tmx&nN=Sxl0iBepVBODj |
request | POST http://www.somht.com/m2be/ |
request | GET http://www.somht.com/m2be/?CP=ifCDsBLIuITK+LGSwbP7ucLsNIzdB7eAVKli539gxau1WIOKSQQ2NauSUkeMIVDcyV1m1TuN&nN=Sxl0iBepVBODj |
request | POST http://www.watchtofree.com/m2be/ |
request | GET http://www.watchtofree.com/m2be/?CP=fyr+10g42Gqxc1oP4g7nbJJjJa6bzqp1uVFWcWZ7TIWPIKq1SSOIdiXCTiFl6Dc22E4QladY&nN=Sxl0iBepVBODj |
request | POST http://www.aeo2.net/m2be/ |
request | GET http://www.aeo2.net/m2be/?CP=QAnod8LT1llQdxTrzzR37y2wBLdATPFFotOpszExPVQzgQdQkGKfb27zuJKRnWl89FGWsp7C&nN=Sxl0iBepVBODj |
request | POST http://www.thinkcleanedu.com/m2be/ |
request | GET http://www.thinkcleanedu.com/m2be/?CP=Ycau8pAj/XaNEeATzdMxYV0HLSZZWx/92SzWGcEh6T05SXoe0LDAvqh/0eNxBCokjSO13ed1&nN=Sxl0iBepVBODj |
request | POST http://www.hipnoseportugal.com/m2be/ |
request | POST http://www.capacitaciondelfuturo.com/m2be/ |
request | POST http://www.aingline.com/m2be/ |
request | POST http://www.cvacity.info/m2be/ |
request | POST http://www.estiqama.net/m2be/ |
request | POST http://www.sevenstepstohappy.co.uk/m2be/ |
request | POST http://www.bachsimplicity.com/m2be/ |
request | POST http://www.somht.com/m2be/ |
request | POST http://www.watchtofree.com/m2be/ |
request | POST http://www.aeo2.net/m2be/ |
request | POST http://www.thinkcleanedu.com/m2be/ |
file | C:\Users\test22\AppData\Local\Temp\nsh63F4.tmp\5xqehe.dll |
file | C:\Users\test22\AppData\Local\Temp\nsh63F4.tmp\5xqehe.dll |
Sangfor | Trojan.Win32.Save.a |
Cyren | W32/Injector.AFV.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
Kaspersky | UDS:Trojan-Spy.Win32.Noon.gen |
McAfee-GW-Edition | BehavesLike.Win32.VirRansom.dc |
APEX | Malicious |
Microsoft | Trojan:Win32/Spynoon.AV!MTB |