nst407c.tmp

The file nst407c.tmp has been detected as malware by 3 anti-virus scanners. While running, it connects to the Internet address server-205-251-251-169.jfk5.r.cloudfront.net on port 80 using the HTTP protocol.
MD5:
9fe8c7aefec683eba4c090b52a364597

SHA-1:
ff0d76926ad746ad7389b3086ca0cdf2b7c7a8bb

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/5/2024 12:51:14 PM UTC  (today)

Scan engine
Detection
Engine version

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1104

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1077

Reason Heuristics
Threat.Downloader.KY
16.2.29.19

File size:
264.4 KB (270,712 bytes)

Common path:
C:\users\{user}\appdata\local\72146ba0-1444961832-11d5-ad9a-14dae99871d6\nst407c.tmp

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-50-173.jfk5.r.cloudfront.net  (54.230.50.173:80)

TCP (HTTP):
Connects to server-54-230-38-74.jfk1.r.cloudfront.net  (54.230.38.74:80)

TCP (HTTP):
Connects to server-54-230-38-146.jfk1.r.cloudfront.net  (54.230.38.146:80)

TCP (HTTP):
Connects to server-205-251-251-169.jfk5.r.cloudfront.net  (205.251.251.169:80)

TCP (HTTP):
Connects to server-204-246-169-90.jfk1.r.cloudfront.net  (204.246.169.90:80)

TCP (HTTP):
Connects to server-204-246-169-211.jfk1.r.cloudfront.net  (204.246.169.211:80)

Remove nst407c.tmp - Powered by Reason Core Security