Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 26, 2021, 8:54 a.m. | May 26, 2021, 9:24 a.m. |
-
-
665688680962.exe "C:\ProgramData\665688680962.exe"
1940 -
cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /pid 200 & erase C:\Users\test22\AppData\Local\Temp\ConsoleApp1.exe & RD /S /Q C:\\ProgramData\\866957695521655\\* & exit
1684-
taskkill.exe taskkill /pid 200
2680
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1848
Name | Response | Post-Analysis Lookup |
---|---|---|
ieaspk.com | 67.220.184.98 |
Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://45.133.1.47/6.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://45.133.1.47/1.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://45.133.1.47/2.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://45.133.1.47/3.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://45.133.1.47/4.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://45.133.1.47/5.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://45.133.1.47/7.jpg | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://45.133.1.47/main.php | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://45.133.1.47/ | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://46.101.81.223/t.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://46.101.81.223/origin.exe |
request | POST http://45.133.1.47/6.jpg |
request | POST http://45.133.1.47/1.jpg |
request | POST http://45.133.1.47/2.jpg |
request | POST http://45.133.1.47/3.jpg |
request | POST http://45.133.1.47/4.jpg |
request | POST http://45.133.1.47/5.jpg |
request | POST http://45.133.1.47/7.jpg |
request | POST http://45.133.1.47/main.php |
request | POST http://45.133.1.47/ |
request | GET http://46.101.81.223/t.exe |
request | GET http://46.101.81.223/origin.exe |
request | POST http://45.133.1.47/6.jpg |
request | POST http://45.133.1.47/1.jpg |
request | POST http://45.133.1.47/2.jpg |
request | POST http://45.133.1.47/3.jpg |
request | POST http://45.133.1.47/4.jpg |
request | POST http://45.133.1.47/5.jpg |
request | POST http://45.133.1.47/7.jpg |
request | POST http://45.133.1.47/main.php |
request | POST http://45.133.1.47/ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State |
file | C:\Users\test22\AppData\Local\Chromium\User Data\Local State |
file | C:\Users\test22\AppData\Local\Nichrome\User Data\Local State |
file | C:\ProgramData\sqlite3.dll |
file | C:\ProgramData\freebl3.dll |
file | C:\ProgramData\msvcp140.dll |
file | C:\ProgramData\nss3.dll |
file | C:\ProgramData\665688680962.exe |
file | C:\ProgramData\vcruntime140.dll |
file | C:\ProgramData\mozglue.dll |
file | C:\ProgramData\softokn3.dll |
cmdline | cmd.exe /c taskkill /pid 200 & erase C:\Users\test22\AppData\Local\Temp\ConsoleApp1.exe & RD /S /Q C:\\ProgramData\\866957695521655\\* & exit |
cmdline | "C:\Windows\System32\cmd.exe" /c taskkill /pid 200 & erase C:\Users\test22\AppData\Local\Temp\ConsoleApp1.exe & RD /S /Q C:\\ProgramData\\866957695521655\\* & exit |
file | C:\ProgramData\665688680962.exe |
file | C:\Users\test22\AppData\Local\Temp\ConsoleApp1.exe |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( ProcessId = 200) |