Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | July 3, 2021, 6:24 p.m. | July 3, 2021, 6:29 p.m. |
-
-
app.exe "app.exe" (null)
1396
-
Name | Response | Post-Analysis Lookup |
---|---|---|
fikerty.info | 104.21.76.249 | |
touchook.info | 172.67.145.198 | |
fackerty.info | 104.21.89.3 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49203 -> 172.67.155.53:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49199 -> 172.67.145.198:80 | 2007837 | ET USER_AGENTS Suspicious User-Agent - Possible Trojan Downloader (WinInet) | A Network Trojan was detected |
TCP 192.168.56.101:49200 -> 172.67.202.130:80 | 2007837 | ET USER_AGENTS Suspicious User-Agent - Possible Trojan Downloader (WinInet) | A Network Trojan was detected |
TCP 192.168.56.101:49200 -> 172.67.202.130:80 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | Potentially Bad Traffic |
TCP 192.168.56.101:49199 -> 172.67.145.198:80 | 2007837 | ET USER_AGENTS Suspicious User-Agent - Possible Trojan Downloader (WinInet) | A Network Trojan was detected |
TCP 192.168.56.101:49199 -> 172.67.145.198:80 | 2007837 | ET USER_AGENTS Suspicious User-Agent - Possible Trojan Downloader (WinInet) | A Network Trojan was detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49203 172.67.155.53:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.fackerty.info | bf:19:31:33:38:10:41:9d:0e:a5:85:db:79:b1:e5:0d:b9:03:12:33 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\MachineGuid |
suspicious_features | POST method with no referer header | suspicious_request | POST http://touchook.info/ |
request | POST http://touchook.info/ |
request | GET http://fikerty.info/app.exe |
request | GET https://fackerty.info/app.exe |
request | POST http://touchook.info/ |
file | C:\Users\test22\AppData\Local\Temp\app.exe |
file | C:\Users\test22\AppData\Local\Temp\app.exe |