Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | April 28, 2021, 9:42 a.m. | April 28, 2021, 9:46 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
www.rwproducedeliveryknoxville.com |
CNAME
ext-sq.squarespace.com
|
198.49.23.145 |
www.abbbbha13.art | ||
www.sparetimr.net | 198.54.117.211 | |
www.cheikh-faye.com | 154.86.221.17 | |
www.theaccountableteamscoach.com | 34.102.136.180 |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .lej |
section | .new |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.rwproducedeliveryknoxville.com/pmc/?Ez=mnj0FNt3a7nl1Ql0YoriOJf4cAinzVMKSi3j+C+aJnvhp8rA6ZNo2qczZQeE2eLS4QZ4NBwe&lhud=Txol_2I | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.theaccountableteamscoach.com/pmc/?Ez=gVzqDSSmhDwCcbrvrqFyqNa496pKegJJtCWYCwkmBn7L/f0dBhMWKcgRHIa8WjOwOWR88Fy0&lhud=Txol_2I | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.cheikh-faye.com/pmc/?Ez=45Jbv0zHXhCFcWB5cyZRlvCJJu0mHxT7nLQ17GVtdzGeB18Y8Ww2I3k3rk2swPMbwEwxbWWO&lhud=Txol_2I | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.sparetimr.net/pmc/?Ez=AlQ1RzJ/kwnlpQLinP/2GByIkuZWaj6fbRJnek0eZ1YVl3+ZWM7od8C6qhD96Nb7SsHk40GT&lhud=Txol_2I |
request | GET http://www.rwproducedeliveryknoxville.com/pmc/?Ez=mnj0FNt3a7nl1Ql0YoriOJf4cAinzVMKSi3j+C+aJnvhp8rA6ZNo2qczZQeE2eLS4QZ4NBwe&lhud=Txol_2I |
request | GET http://www.theaccountableteamscoach.com/pmc/?Ez=gVzqDSSmhDwCcbrvrqFyqNa496pKegJJtCWYCwkmBn7L/f0dBhMWKcgRHIa8WjOwOWR88Fy0&lhud=Txol_2I |
request | GET http://www.cheikh-faye.com/pmc/?Ez=45Jbv0zHXhCFcWB5cyZRlvCJJu0mHxT7nLQ17GVtdzGeB18Y8Ww2I3k3rk2swPMbwEwxbWWO&lhud=Txol_2I |
request | GET http://www.sparetimr.net/pmc/?Ez=AlQ1RzJ/kwnlpQLinP/2GByIkuZWaj6fbRJnek0eZ1YVl3+ZWM7od8C6qhD96Nb7SsHk40GT&lhud=Txol_2I |
name | RT_STRING | language | LANG_LATVIAN | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x039afb38 | size | 0x00000362 | ||||||||||||||||||
name | RT_STRING | language | LANG_LATVIAN | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x039afb38 | size | 0x00000362 | ||||||||||||||||||
name | RT_STRING | language | LANG_LATVIAN | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x039afb38 | size | 0x00000362 |
section | {u'size_of_data': u'0x00042e00', u'virtual_address': u'0x00001000', u'entropy': 7.65961115709344, u'name': u'.text', u'virtual_size': u'0x00042d9d'} | entropy | 7.65961115709 | description | A section with a high entropy has been found | |||||||||
entropy | 0.802098950525 | description | Overall entropy of this PE file is high |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Bypass DEP | rule | disable_dep |