Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 8, 2021, 12:19 p.m. | June 8, 2021, 12:22 p.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
edgedl.me.gvt1.com | 34.104.35.123 | |
www.waaer435fc.com | 45.77.178.25 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49812 -> 172.217.174.195:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.102:49812 172.217.174.195:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | 0c:b8:82:34:93:46:2b:86:b2:28:eb:7c:42:37:d1:9c:24:93:05:62 |
section | .txet |
suspicious_features | POST method with no referer header | suspicious_request | POST http://www.waaer435fc.com/index.php/api/a | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://www.waaer435fc.com/index.php/api/fb | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2?cup2key=10:1929671218&cup2hreq=c069310cfc1ab8df9c466b265e40c1b95d7f7ef5967930c7bce8b28276cd14bd |
request | POST http://www.waaer435fc.com/index.php/api/a |
request | POST http://www.waaer435fc.com/index.php/api/fb |
request | HEAD http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe |
request | POST https://update.googleapis.com/service/update2?cup2key=10:1929671218&cup2hreq=c069310cfc1ab8df9c466b265e40c1b95d7f7ef5967930c7bce8b28276cd14bd |
request | POST http://www.waaer435fc.com/index.php/api/a |
request | POST http://www.waaer435fc.com/index.php/api/fb |
request | POST https://update.googleapis.com/service/update2?cup2key=10:1929671218&cup2hreq=c069310cfc1ab8df9c466b265e40c1b95d7f7ef5967930c7bce8b28276cd14bd |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies-wal |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data1-wal |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data1 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data1-journal |
cmdline | cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\setup.exe" |
file | C:\Users\test22\AppData\Local\Temp\setup.exe |
cmdline | cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\setup.exe" |
cmdline | ping 1.1.1.1 -n 1 -w 3000 |
host | 172.217.25.14 |