Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 24, 2021, 6:50 p.m. | June 24, 2021, 6:53 p.m. |
-
-
-
4P-DESKTOP.exe "C:\Users\test22\AppData\Roaming\4P-DESKTOP\4P-DESKTOP.exe" /restart
4384
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1848
Name | Response | Post-Analysis Lookup |
---|---|---|
www.netikus.net |
CNAME
netikus.net
|
216.92.199.161 |
r3.i.lencr.org | 104.74.168.254 | |
community.iw4play.de | 195.90.200.240 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49820 -> 216.92.199.161:80 | 2030187 | ET POLICY External IP Lookup (www. netikus .net) | Device Retrieving External IP Address Detected |
TCP 192.168.56.102:49816 -> 195.90.200.240:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49828 -> 216.92.199.161:80 | 2030187 | ET POLICY External IP Lookup (www. netikus .net) | Device Retrieving External IP Address Detected |
TCP 192.168.56.102:49821 -> 195.90.200.240:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49809 -> 195.90.200.240:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49822 -> 195.90.200.240:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49819 -> 216.92.199.161:80 | 2030187 | ET POLICY External IP Lookup (www. netikus .net) | Device Retrieving External IP Address Detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49816 195.90.200.240:443 |
None | None | None |
TLSv1 192.168.56.102:49821 195.90.200.240:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=community.iw4play.de | ee:a8:dd:89:b5:9b:d0:04:00:a8:12:47:e5:15:d2:c4:c4:bf:81:3b |
TLSv1 192.168.56.102:49809 195.90.200.240:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=community.iw4play.de | ee:a8:dd:89:b5:9b:d0:04:00:a8:12:47:e5:15:d2:c4:c4:bf:81:3b |
TLSv1 192.168.56.102:49822 195.90.200.240:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=community.iw4play.de | ee:a8:dd:89:b5:9b:d0:04:00:a8:12:47:e5:15:d2:c4:c4:bf:81:3b |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
section | . |
request | GET http://r3.i.lencr.org/ |
request | GET http://www.netikus.net/show_ip.html |
request | GET https://community.iw4play.de/4p_games/data/games.ini |
request | GET https://community.iw4play.de/4p_games/data/settings.ini |
request | GET https://community.iw4play.de/4p_games/sprachen/uk.txt |
request | GET https://community.iw4play.de/4p_games/version.txt |
request | GET https://community.iw4play.de/4p_games/pictures/bobg.jpg |
request | GET https://community.iw4play.de/4p_games/pictures/bgblack.png |
request | GET https://community.iw4play.de/4p_games/pictures/logo.png |
request | GET https://community.iw4play.de/4p_games/4p-games.md5 |
request | GET https://community.iw4play.de/4p_games/pictures/anmelden.png |
request | GET https://community.iw4play.de/4p_games/pictures/bgblack100.png |
request | GET https://community.iw4play.de/4p_games/pictures/drag.png |
request | GET https://community.iw4play.de/4p_games/pictures/eingabe.png |
request | GET https://community.iw4play.de/4p_games/pictures/freundeauswahl.png |
request | GET https://community.iw4play.de/4p_games/pictures/leisteblack.png |
request | GET https://community.iw4play.de/4p_games/pictures/liniegrau.png |
request | GET https://community.iw4play.de/4p_games/data/connect.dll |
request | GET https://community.iw4play.de/4p_games/data/pconnect.dll |
request | GET https://community.iw4play.de/4p_games/pictures/verwalten.png |
request | GET https://community.iw4play.de/4p_games/werbung/werbung.txt |
request | GET https://community.iw4play.de/4p_games/werbung/musterwerbung.jpg |
file | C:\Users\test22\Desktop\4P-DESKTOP.lnk |
file | C:\Users\test22\AppData\Roaming\4P-DESKTOP\data\connect.dll |
file | C:\Users\test22\AppData\Roaming\4P-DESKTOP\data\pconnect.dll |
file | C:\Users\test22\Desktop\4P-DESKTOP.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk |
section | {u'size_of_data': u'0x0004f600', u'virtual_address': u'0x00001000', u'entropy': 7.999429772675123, u'name': u'.', u'virtual_size': u'0x0029e000'} | entropy | 7.99942977268 | description | A section with a high entropy has been found |
buffer | Buffer with sha1: 826f27eea89e7540d4e33515ed5dde67383d96c6 |
host | 172.217.25.14 |
file | C:\Users\test22\AppData\Roaming\4P-DESKTOP\data\connect.dll |
Bkav | W32.AIDetect.malware2 |
FireEye | Generic.mg.2020ddf1aac56d93 |
McAfee | FakeAlert-FJU!2020DDF1AAC5 |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Wacatac.B |
CrowdStrike | win/malicious_confidence_70% (W) |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Avast | FileRepMalware |
Cynet | Malicious (score: 100) |
BitDefender | Gen:Trojan.Heur.JP.fouaai2Rkbdi |
Paloalto | generic.ml |
MicroWorld-eScan | Gen:Trojan.Heur.JP.fouaai2Rkbdi |
Ad-Aware | Gen:Trojan.Heur.JP.fouaai2Rkbdi |
Sophos | ML/PE-A |
Emsisoft | Gen:Trojan.Heur.JP.fouaai2Rkbdi (B) |
MAX | malware (ai score=87) |
Gridinsoft | Trojan.Heur!.03012061 |
Microsoft | Trojan:Win32/Wacatac.B!ml |
GData | Gen:Trojan.Heur.JP.fouaai2Rkbdi |
AhnLab-V3 | Trojan/Win.FJU.C4530095 |
BitDefenderTheta | AI:Packer.6BED88F21F |
ALYac | Gen:Trojan.Heur.JP.fouaai2Rkbdi |
VBA32 | BScope.TrojanSpy.AutoHK |
Malwarebytes | Malware.AI.31658 |
TrendMicro-HouseCall | TROJ_GEN.R002H06FO21 |
Rising | Malware.Heuristic!ET#79% (RDMK:cmRtazpb+R4haCvBUFMfk1caOmUG) |
SentinelOne | Static AI - Suspicious PE |
eGambit | Unsafe.AI_Score_89% |
Fortinet | W32/FakeAlert.FJU!tr |
MaxSecure | Trojan.Malware.300983.susgen |
AVG | FileRepMalware |