Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Sept. 16, 2022, 10:27 a.m. | Sept. 16, 2022, 10:29 a.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\MUFG_JOB_DESCRIPTION.docx
2128
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.43.165.105 |
verify.azure-protect.online | 152.89.247.87 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49170 -> 152.89.247.87:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49162 -> 152.89.247.87:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49167 -> 152.89.247.87:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49169 -> 152.89.247.87:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49170 152.89.247.87:443 |
None | None | None |
TLSv1 192.168.56.102:49167 152.89.247.87:443 |
None | None | None |
TLSv1 192.168.56.102:49162 152.89.247.87:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=verify.azure-protect.online | 05:f0:61:22:2c:09:b8:63:2f:b8:30:fd:ab:d9:06:35:82:f3:e3:e6 |
TLSv1 192.168.56.102:49169 152.89.247.87:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=verify.azure-protect.online | 05:f0:61:22:2c:09:b8:63:2f:b8:30:fd:ab:d9:06:35:82:f3:e3:e6 |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
request | OPTIONS https://verify.azure-protect.online/EcCm9WiaysW/D%2BsYq1Io/yVMuSbkgQZ/Vp6bzP5LXe/Ec08P4lt6g/ |
file | C:\Users\test22\AppData\Local\Temp\~$FG_JOB_DESCRIPTION.docx |
MicroWorld-eScan | Trojan.Groooboor.Gen.33 |
FireEye | Trojan.Groooboor.Gen.33 |
Arcabit | Trojan.Groooboor.Gen.33 |
BitDefender | Trojan.Groooboor.Gen.33 |
NANO-Antivirus | Exploit.Xml.CVE-2017-0199.equmby |
Emsisoft | Trojan.Groooboor.Gen.33 (B) |
VIPRE | Trojan.Groooboor.Gen.33 |
McAfee-GW-Edition | Artemis |
MAX | malware (ai score=89) |
GData | Trojan.Groooboor.Gen.33 |