Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Sept. 16, 2022, 10:52 a.m. | Sept. 16, 2022, 10:54 a.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\test22\AppData\Local\Temp\Global Brain Pitch Deck.docx"
2140
Name | Response | Post-Analysis Lookup |
---|---|---|
download.azure-service.com | 204.11.56.48 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49162 -> 204.11.56.48:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49172 -> 204.11.56.48:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49168 -> 204.11.56.48:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49176 204.11.56.48:443 |
C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | 1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68 |
TLSv1 192.168.56.102:49183 204.11.56.48:443 |
C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | 1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68 |
TLSv1 192.168.56.102:49162 204.11.56.48:443 |
C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | 1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68 |
TLSv1 192.168.56.102:49172 204.11.56.48:443 |
C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | 1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68 |
TLSv1 192.168.56.102:49185 204.11.56.48:443 |
C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | 1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68 |
TLSv1 192.168.56.102:49181 204.11.56.48:443 |
C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | 1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68 |
TLSv1 192.168.56.102:49180 204.11.56.48:443 |
C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | 1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68 |
TLSv1 192.168.56.102:49168 204.11.56.48:443 |
C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | 1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68 |
TLSv1 192.168.56.102:49175 204.11.56.48:443 |
C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | 1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68 |
TLSv1 192.168.56.102:49178 204.11.56.48:443 |
C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | 1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68 |
TLSv1 192.168.56.102:49177 204.11.56.48:443 |
C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | C=US, ST=California, L=test, O=testexample, OU=testexample, CN=testexp | 1a:42:b0:7f:5f:73:d2:53:5e:40:25:cc:97:6b:8e:88:ba:45:71:68 |
request | OPTIONS https://download.azure-service.com/Jsh_kieSeQ4/itiflr82fj/DteCYSywiF/LBU0A2Xtq_/F%2BP9OQEh/ |
request | HEAD https://download.azure-service.com/Jsh_kieSeQ4/itiflr82fj/DteCYSywiF/LBU0A2Xtq_/F%2BP9OQEh/Wn7hg%3D%3D |
request | GET https://download.azure-service.com/Jsh_kieSeQ4/itiflr82fj/DteCYSywiF/LBU0A2Xtq_/F%2BP9OQEh/Wn7hg%3D%3D |
file | C:\Users\test22\AppData\Local\Temp\~$obal Brain Pitch Deck.docx |
Lionic | Trojan.MSOffice.Agent.a!c |
CAT-QuickHeal | XML.Trojan.43227 |
McAfee | Generic .ql |
Arcabit | Trojan.Generic.D23853EA |
Cyren | URL/CVE170199.R.gen!Eldorado |
ESET-NOD32 | DOC/TrojanDownloader.Agent.ARJ |
TrendMicro-HouseCall | TROJ_FRS.0NA103K521 |
Avast | OLE:RemoteTemplateInj [Trj] |
Kaspersky | HEUR:Trojan-Downloader.MSOffice.Agent.gen |
BitDefender | Trojan.GenericKD.37245930 |
NANO-Antivirus | Exploit.Xml.CVE-2017-0199.equmby |
MicroWorld-eScan | Trojan.GenericKD.37245930 |
Tencent | Trojan.Win32.Office_Dl.11007109 |
Ad-Aware | Trojan.GenericKD.37245930 |
Emsisoft | Trojan.GenericKD.37245930 (B) |
TrendMicro | TROJ_FRS.0NA103K521 |
McAfee-GW-Edition | Generic trojan.ql |
FireEye | Trojan.GenericKD.37245930 |
Sophos | Troj/DocDl-AERI |
GData | Trojan.GenericKD.37245930 |
ViRobot | W97M.S.Downloader.2802218 |
ZoneAlarm | HEUR:Trojan-Downloader.MSOffice.Agent.gen |
AhnLab-V3 | Downloader/DOC.Generic |
ALYac | Trojan.Downloader.DOC.Gen |
MAX | malware (ai score=100) |
AVG | OLE:RemoteTemplateInj [Trj] |