Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

957C4XK6Lt.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	5.126377670630054
Filename:	957C4XK6Lt.exe
Filesize:	10240
MD5:	f33c75710d0e0463a2528e619c2ee382
SHA1:	4d2dd071fe274e6a8696448c21eeeecc0cf07e6d
SHA256:	ec7dd08d03d5d4142c82fc04cea7e948d05641b0a3008a0d8a00b0421b5b04f9
SHA512:	154242d9880aa6a4f56e697643da089db121fcb1fb8fe7748efed650a6446d259be45aa58ec76f447d2c4bb5649f01acd2304d86321ec8720dfa1182ce0d5bfe
SSDEEP:	96:zMCbgvMlD60OX6QRdR/9DCop+BYA8v1cVKV15uJxGE9YUBz2qh3C7tCEfq:AeNlD5wrldp+OF0JxTmUBzthc
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......gd.##.`p#.`p#.`p}.p!.`p}.p".`p}.p6.`p...p(.`p#.ap..`p}.p .`p*}.p".`pRich#.`p................PE..L... .'f...................

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Hides that the sample has been downloaded from the Internet (zone.identifier)	Hooking and other Techniques for Hiding and Protection	Security Software Discovery
Machine Learning detection for sample	AV Detection
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging	Security Software Discovery
Drops PE files	Persistence and Installation Behavior
Uses 32bit PE files	Compliance, System Summary
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information Security Software Discovery
Contains functionality to download additional files from the internet	Networking
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to register its own exception handler	Anti Debugging	Security Software Discovery
Creates files inside the user directory	System Summary
Creates temporary files	System Summary	Security Software Discovery
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary	Security Software Discovery
Uses new MSVCR Dlls	Compliance, System Summary

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newtpp[1].exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newtpp[1].exe
Category:	dropped
Dump:	newtpp[1].exe.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\957C4XK6Lt.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.395549483776685
Encrypted:	false
Ssdeep:	1536:gEKh/S0Fmav8242worjs0nGxMvrEl3/AEHK:bKlWOpsG8MviYEHK
Size:	86016
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Yara detected Phorpiex	Phishing, Spam, unwanted Advertisements and Ransom Demands, Remote Access Functionality
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Creates files inside the user directory	System Summary	Masquerading

C:\Users\user\AppData\Local\Temp\135143440.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\135143440.exe
Category:	dropped
Dump:	135143440.exe.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\957C4XK6Lt.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.395549483776685
Encrypted:	false
Ssdeep:	1536:gEKh/S0Fmav8242worjs0nGxMvrEl3/AEHK:bKlWOpsG8MviYEHK
Size:	86016
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Yara detected Phorpiex	Phishing, Spam, unwanted Advertisements and Ransom Demands, Remote Access Functionality
Changes security center settings (notifications, updates, antivirus, firewall)	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools
Changes the view of files in windows explorer (hidden files and folders)	Hooking and other Techniques for Hiding and Protection	Hidden Files and Directories
Contains functionality to check if Internet connection is working	Networking	System Network Connections Discovery
Contains functionality to detect sleep reduction / modifications	Malware Analysis System Evasion	Security Software Discovery
Drops PE files to the user root directory	Boot Survival	Masquerading
Found evasive API chain (may stop execution after checking mutex)	Malware Analysis System Evasion	Native API
Hides that the sample has been downloaded from the Internet (zone.identifier)	Hooking and other Techniques for Hiding and Protection	Hidden Files and Directories
Machine Learning detection for dropped file	AV Detection
Abnormal high CPU Usage	System Summary
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to call native functions	System Summary
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Creates files inside the system directory	System Summary	Masquerading
Detected potential crypto function	System Summary	Encrypted Channel Archive Collected Data
Drops PE files	Persistence and Installation Behavior
Drops PE files to the user directory	Persistence and Installation Behavior	Masquerading
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found evasive API chain (may stop execution after accessing registry keys)	Malware Analysis System Evasion
Installs a raw input device (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
May check if the current machine is a sandbox (GetTickCount - Sleep)	Malware Analysis System Evasion	Security Software Discovery
Modifies existing windows services	Boot Survival	Windows Service
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Uses Microsoft's Enhanced Cryptographic Provider	Cryptography	Encrypted Channel
Contains functionality to check free disk space	System Summary	System Information Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to query system information	Malware Analysis System Evasion	System Information Discovery
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates an autostart registry key	Boot Survival	Registry Run Keys / Startup Folder
Creates mutexes	System Summary
Creates temporary files	System Summary
Program exit points	Malware Analysis System Evasion
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Users\user\AppData\Local\Temp\1682018248.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\1682018248.exe
Category:	dropped
Dump:	1682018248.exe.3.dr
ID:	dr_6
Target ID:	3
Process:	C:\Users\user\AppData\Local\Temp\135143440.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.395514880379391
Encrypted:	false
Ssdeep:	1536:9EKh/S0Fmav8242worjs0nGxMvrEl3/AEHK:iKlWOpsG8MviYEHK
Size:	86016
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Yara detected Phorpiex	Phishing, Spam, unwanted Advertisements and Ransom Demands, Remote Access Functionality
Hides that the sample has been downloaded from the Internet (zone.identifier)	Hooking and other Techniques for Hiding and Protection	Hidden Files and Directories
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Users\user\sysvratrel.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\sysvratrel.exe
Category:	dropped
Dump:	sysvratrel.exe0.3.dr
ID:	dr_3
Target ID:	3
Process:	C:\Users\user\AppData\Local\Temp\135143440.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.395549483776685
Encrypted:	false
Ssdeep:	1536:gEKh/S0Fmav8242worjs0nGxMvrEl3/AEHK:bKlWOpsG8MviYEHK
Size:	86016
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Yara detected Phorpiex	Phishing, Spam, unwanted Advertisements and Ransom Demands, Remote Access Functionality
Drops PE files to the user root directory	Boot Survival	Masquerading
Found evasive API chain (may stop execution after checking mutex)	Malware Analysis System Evasion	Native API
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the user directory	Persistence and Installation Behavior	Masquerading
Found evaded block containing many API calls	Malware Analysis System Evasion	Native API
Found evasive API chain (may stop execution after accessing registry keys)	Malware Analysis System Evasion
Found large amount of non-executed APIs	Malware Analysis System Evasion
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Program exit points	Malware Analysis System Evasion
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Windows\sysvratrel.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Windows\sysvratrel.exe
Category:	dropped
Dump:	sysvratrel.exe.3.dr
ID:	dr_2
Target ID:	3
Process:	C:\Users\user\AppData\Local\Temp\135143440.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.395549483776685
Encrypted:	false
Ssdeep:	1536:gEKh/S0Fmav8242worjs0nGxMvrEl3/AEHK:bKlWOpsG8MviYEHK
Size:	86016
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops executables to the windows directory (C:\Windows) and starts them	Persistence and Installation Behavior	Masquerading
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\1[1]

data

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\1[1]
Category:	dropped
Dump:	1[1].3.dr
ID:	dr_5
Target ID:	3
Process:	C:\Users\user\AppData\Local\Temp\135143440.exe
Type:	data
Entropy:	7.997935698155853
Encrypted:	true
Ssdeep:	1536:p4eQqXPFgVoNd1v/NBIrgjVe+yIMY41v5SeCXQslpJ1nj0wZ1UfBRoh34sWJNUdR:y95AZVqrghPyIfaC3lBgwZ1UfBRohItA
Size:	86272
Whitelisted:	false
Reputation:	low

C:\Users\user\tbtnds.dat

data

dropped

Details

File:	C:\Users\user\tbtnds.dat
Category:	dropped
Dump:	tbtnds.dat.3.dr
ID:	dr_4
Target ID:	3
Process:	C:\Users\user\AppData\Local\Temp\135143440.exe
Type:	data
Entropy:	4.816605532319396
Encrypted:	false
Ssdeep:	96:IGTlA8/YYd48cUlqcO4BtyA2ByJ5G+vt9OobxUql79/a0cpHtM:TACXd48onGytA7G+iULRcA
Size:	4096
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\957C4XK6Lt.exe

"C:\Users\user\Desktop\957C4XK6Lt.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3748
Target ID:	0
Parent PID:	4004
Name:	957C4XK6Lt.exe
Path:	C:\Users\user\Desktop\957C4XK6Lt.exe
Commandline:	"C:\Users\user\Desktop\957C4XK6Lt.exe"
Size:	10240
MD5:	F33C75710D0E0463A2528E619C2EE382
Time:	10:06:53
Date:	24/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x530000
Modulesize:	24576
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

C:\Users\user\AppData\Local\Temp\135143440.exe

Details

Is windows:	false
Is dropped:	true
PID:	6684
Target ID:	3
Parent PID:	3748
Name:	135143440.exe
Path:	C:\Users\user\AppData\Local\Temp\135143440.exe
Commandline:	C:\Users\user\AppData\Local\Temp\135143440.exe
Size:	86016
MD5:	36010B83BCCFCD1032971DF9FC5082A1
Time:	10:06:59
Date:	24/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	98304
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Phorpiex	Phishing, Spam, unwanted Advertisements and Ransom Demands, Remote Access Functionality
Hides that the sample has been downloaded from the Internet (zone.identifier)	Hooking and other Techniques for Hiding and Protection	Hidden Files and Directories
Drops PE files	Persistence and Installation Behavior
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Creates temporary files	System Summary
Spawns processes	System Summary	Process Injection

C:\Users\user\sysvratrel.exe

"C:\Users\user\sysvratrel.exe"

Details

Is windows:	false
Is dropped:	true
PID:	5676
Target ID:	5
Parent PID:	4004
Name:	sysvratrel.exe
Path:	C:\Users\user\sysvratrel.exe
Commandline:	"C:\Users\user\sysvratrel.exe"
Size:	86016
MD5:	36010B83BCCFCD1032971DF9FC5082A1
Time:	10:07:13
Date:	24/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x400000
Modulesize:	98304
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Phorpiex	Phishing, Spam, unwanted Advertisements and Ransom Demands, Remote Access Functionality
Drops PE files to the user root directory	Boot Survival	Masquerading
Drops executables to the windows directory (C:\Windows) and starts them	Persistence and Installation Behavior	Masquerading
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the user directory	Persistence and Installation Behavior	Masquerading
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\1682018248.exe

Details

Is windows:	false
Is dropped:	true
PID:	6528
Target ID:	6
Parent PID:	6684
Name:	1682018248.exe
Path:	C:\Users\user\AppData\Local\Temp\1682018248.exe
Commandline:	C:\Users\user\AppData\Local\Temp\1682018248.exe
Size:	86016
MD5:	CD1D9C0ED8763E6BB3EE7EFB133DC60E
Time:	10:07:14
Date:	24/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	98304
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Phorpiex	Phishing, Spam, unwanted Advertisements and Ransom Demands, Remote Access Functionality
Hides that the sample has been downloaded from the Internet (zone.identifier)	Hooking and other Techniques for Hiding and Protection	Hidden Files and Directories
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

C:\Windows\sysvratrel.exe

"C:\Windows\sysvratrel.exe"

Details

Is windows:	false
Is dropped:	true
PID:	2012
Target ID:	7
Parent PID:	4004
Name:	sysvratrel.exe
Path:	C:\Windows\sysvratrel.exe
Commandline:	"C:\Windows\sysvratrel.exe"
Size:	86016
MD5:	36010B83BCCFCD1032971DF9FC5082A1
Time:	10:07:21
Date:	24/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x400000
Modulesize:	98304
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Phorpiex	Phishing, Spam, unwanted Advertisements and Ransom Demands, Remote Access Functionality
Drops PE files to the user root directory	Boot Survival	Masquerading
Drops executables to the windows directory (C:\Windows) and starts them	Persistence and Installation Behavior	Masquerading
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the user directory	Persistence and Installation Behavior	Masquerading
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection

C:\Users\user\sysvratrel.exe

"C:\Users\user\sysvratrel.exe"

Details

Is windows:	false
Is dropped:	true
PID:	6196
Target ID:	8
Parent PID:	4004
Name:	sysvratrel.exe
Path:	C:\Users\user\sysvratrel.exe
Commandline:	"C:\Users\user\sysvratrel.exe"
Size:	86016
MD5:	36010B83BCCFCD1032971DF9FC5082A1
Time:	10:07:30
Date:	24/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x400000
Modulesize:	98304
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Phorpiex	Phishing, Spam, unwanted Advertisements and Ransom Demands, Remote Access Functionality
Drops PE files to the user root directory	Boot Survival	Masquerading
Drops executables to the windows directory (C:\Windows) and starts them	Persistence and Installation Behavior	Masquerading
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the user directory	Persistence and Installation Behavior	Masquerading
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://twizt.net/pei

unknown

http://twizt.net/new

unknown

http://185.215.113.66/1D

unknown

http://91.202.233.141/

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://91.202.233.141/1

unknown

http://193.233.132.177/5h.dllm

unknown

http://91.202.233.141/2

unknown

http://193.233.132.177/5z

unknown

http://91.202.233.141/4l3

unknown

http://193.233.132.177/6b

unknown

http://185.215.113.66/383(

unknown

http://193.233.132.177/3B

unknown

http://91.202.233.141/5

unknown

http://91.202.233.141/6

unknown

http://91.202.233.141/3

unknown

http://91.202.233.141/4

unknown

http://185.215.113.66/http://91.202.233.141/http://193.233.132.177/123456%s%s%s:Zone.Identifier%user

unknown

http://91.202.233.141/2s

unknown

http://twizt.net/peinstall.php5%z

unknown

http://twizt.net/newtpp.z%

unknown

http://193.233.132.177/5R

unknown

http://91.202.233.141/1p3

unknown

http://185.215.113.66/

unknown

http://91.202.233.141/40

unknown

http://twizt.net/peinstall.phpb

unknown

http://91.202.233.141/4%

unknown

http://193.233.132.177/1Z

unknown

http://91.202.233.141/6L2

unknown

http://twizt.net/peinstall.phpshqos.dll.muiS9

unknown

http://91.20

unknown

http://twizt.net/newtpp.exeP0S

unknown

http://91.202.233.141/3rosoft

unknown

http://185.215.113.66/1~

unknown

http://schemas.xmlsoap.org/soap/encoding/

unknown

http://twizt.net/peinstall.phpm%

unknown

http://193.233.132.177/

unknown

http://185.215.113.66/5

185.215.113.66

http://185.215.113.66/4

185.215.113.66

http://185.215.113.66/3

185.215.113.66

http://185.215.113.66/2

185.215.113.66

http://193.233.132.177/6

unknown

http://91.202.233.141/2W3C

unknown

http://193.233.132.177/5

unknown

http://185.215.113.66/6

185.215.113.66

http://193.233.132.177/2

unknown

http://193.233.132.177/1

unknown

http://91.202.233.141/4z

unknown

http://193.233.132.177/4

unknown

http://193.233.132.177/3

unknown

http://185.215.113.66/1

185.215.113.66

http://twizt.net/peinstall.php%temp%%s

unknown

http://91.202.233.141/5O

unknown

http://91.202.233.141/6ZF

unknown

http://193.233.132.177/5h.dll

unknown

http://91.202.233.141/6-3

unknown

http://twizt.net/newtpp.exeP0

unknown

http://twizt.net/peinstall.phpystem32

unknown

http://twizt.net/=

unknown

http://twizt.net/newtpp.exe

185.215.113.66

http://twizt.net/peinstall.php

185.215.113.66

There are 51 hidden URLs, click here to show them.

Domains

Name

Malicious

twizt.net

185.215.113.66

Details

Name:	twizt.net
IP:	185.215.113.66
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

89.236.226.70

unknown

Uzbekistan

82.114.186.50

unknown

Yemen

2.190.224.61

unknown

Iran (ISLAMIC Republic Of)

134.35.173.140

unknown

Yemen

181.114.188.143

unknown

Bolivia

82.194.11.2

unknown

Azerbaijan

189.158.148.85

unknown

Mexico

92.46.174.254

unknown

Kazakhstan

134.35.74.170

unknown

Yemen

85.113.19.18

unknown

Kyrgyzstan

46.35.86.48

unknown

Yemen

5.200.190.214

unknown

Iran (ISLAMIC Republic Of)

5.233.222.244

unknown

Iran (ISLAMIC Republic Of)

5.200.152.6

unknown

Iran (ISLAMIC Republic Of)

128.65.176.18

unknown

Iran (ISLAMIC Republic Of)

212.112.112.84

unknown

Kyrgyzstan

31.186.49.163

unknown

Kyrgyzstan

120.237.99.181

unknown

China

5.251.56.144

unknown

Kazakhstan

95.71.69.217

unknown

Russian Federation

89.218.235.182

unknown

Kazakhstan

36.20.68.95

unknown

China

37.20.161.137

unknown

Russian Federation

89.219.115.32

unknown

Iran (ISLAMIC Republic Of)

41.102.227.47

unknown

Algeria

151.233.73.168

unknown

Iran (ISLAMIC Republic Of)

186.94.185.219

unknown

Venezuela

2.185.146.181

unknown

Iran (ISLAMIC Republic Of)

95.58.18.206

unknown

Kazakhstan

134.35.163.241

unknown

Yemen

197.148.34.173

unknown

Angola

217.20.222.188

unknown

Syrian Arab Republic

91.234.219.185

unknown

Uzbekistan

39.53.75.107

unknown

Pakistan

31.186.54.5

unknown

Kyrgyzstan

92.47.124.54

unknown

Kazakhstan

134.35.81.188

unknown

Yemen

2.191.221.216

unknown

Iran (ISLAMIC Republic Of)

2.180.157.70

unknown

Iran (ISLAMIC Republic Of)

91.202.233.141

unknown

Russian Federation

95.107.12.43

unknown

Russian Federation

156.212.34.122

unknown

Egypt

195.158.15.3

unknown

Uzbekistan

109.72.204.86

unknown

Iran (ISLAMIC Republic Of)

5.63.93.62

unknown

Kazakhstan

239.255.255.250

unknown

Reserved

5.232.84.160

unknown

Iran (ISLAMIC Republic Of)

95.156.103.50

unknown

Russian Federation

105.109.202.176

unknown

Algeria

185.215.113.66

twizt.net

Portugal

134.35.185.171

unknown

Yemen

213.230.90.222

unknown

Uzbekistan

193.233.132.177

unknown

Russian Federation

189.190.10.16

unknown

Mexico

84.53.244.106

unknown

Russian Federation

195.181.62.5

unknown

Iran (ISLAMIC Republic Of)

109.122.77.179

unknown

Serbia

185.177.0.227

unknown

Tajikistan

94.141.69.176

unknown

Uzbekistan

151.233.21.215

unknown

Iran (ISLAMIC Republic Of)

There are 50 hidden IPs, click here to show them.