Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Nov. 19, 2022, 9:39 a.m. | Nov. 19, 2022, 9:51 a.m. |
-
-
Bolt.tmp "C:\Users\test22\AppData\Local\Temp\is-G4CRF.tmp\Bolt.tmp" /SL5="$80178,140559,56832,C:\Users\test22\AppData\Local\Temp\Bolt.exe"
2720-
-
SHykigusena.exe "C:\Users\test22\AppData\Local\Temp\dc-1b113-c03-fcb87-222b96c802939\SHykigusena.exe"
2220-
iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" https://www.profitabletrustednetwork.com/e2q8zu9hu?key=a971bbe4a40a7216a1a87d8f455f71e6
2296-
iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2296 CREDAT:145409
1380
-
-
-
Laetymaerifae.exe "C:\Users\test22\AppData\Local\Temp\4b-cbf10-263-922b1-a9940130e9e54\Laetymaerifae.exe"
2232
-
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1452
IP Address | Status | Action |
---|---|---|
142.251.220.4 | Active | Moloch |
151.115.10.1 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.26.238 | Active | Moloch |
192.243.59.13 | Active | Moloch |
23.43.165.105 | Active | Moloch |
23.43.165.66 | Active | Moloch |
37.230.138.123 | Active | Moloch |
37.230.138.66 | Active | Moloch |
52.219.169.154 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49167 37.230.138.123:443 |
C=CH, L=Schaffhausen, O=Plesk, CN=Plesk/emailAddress=info@plesk.com | C=CH, L=Schaffhausen, O=Plesk, CN=Plesk/emailAddress=info@plesk.com | a9:58:92:78:d9:50:a8:fa:c0:a9:d2:11:99:c2:6d:53:0e:1f:6d:49 |
TLS 1.2 192.168.56.101:49171 151.115.10.1:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=s3.pl-waw.scw.cloud | 13:5a:26:76:9b:02:b0:88:8d:ed:ac:89:e9:f3:d1:bd:f4:6d:ff:fd |
TLS 1.2 192.168.56.101:49172 52.219.169.154:443 |
C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.s3.eu-central-1.amazonaws.com | bc:92:6b:62:48:5f:c5:08:60:03:a9:1e:bc:29:58:79:d7:4b:94:fb |
TLS 1.2 192.168.56.101:49176 151.115.10.1:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=s3.pl-waw.scw.cloud | 13:5a:26:76:9b:02:b0:88:8d:ed:ac:89:e9:f3:d1:bd:f4:6d:ff:fd |
TLSv1 192.168.56.101:49180 37.230.138.123:443 |
C=CH, L=Schaffhausen, O=Plesk, CN=Plesk/emailAddress=info@plesk.com | C=CH, L=Schaffhausen, O=Plesk, CN=Plesk/emailAddress=info@plesk.com | a9:58:92:78:d9:50:a8:fa:c0:a9:d2:11:99:c2:6d:53:0e:1f:6d:49 |
TLSv1 192.168.56.101:49182 37.230.138.123:443 |
C=CH, L=Schaffhausen, O=Plesk, CN=Plesk/emailAddress=info@plesk.com | C=CH, L=Schaffhausen, O=Plesk, CN=Plesk/emailAddress=info@plesk.com | a9:58:92:78:d9:50:a8:fa:c0:a9:d2:11:99:c2:6d:53:0e:1f:6d:49 |
TLS 1.2 192.168.56.101:49168 52.219.169.154:443 |
C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.s3.eu-central-1.amazonaws.com | bc:92:6b:62:48:5f:c5:08:60:03:a9:1e:bc:29:58:79:d7:4b:94:fb |
TLSv1 192.168.56.101:49187 192.243.59.13:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=profitabletrustednetwork.com | 6a:48:45:b5:44:ae:75:f4:d2:b3:d4:5e:bc:2f:61:30:ec:d4:3a:99 |
TLSv1 192.168.56.101:49186 192.243.59.13:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=profitabletrustednetwork.com | 6a:48:45:b5:44:ae:75:f4:d2:b3:d4:5e:bc:2f:61:30:ec:d4:3a:99 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
section | CODE |
section | DATA |
section | BSS |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://gg90db2661-715df250cbed8bj4h8vwwr.s3.pl-waw.scw.cloud/sata/pub-dsynf65cgyy6b7uk.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://gg90db2661-715df250cbed8bj4h8vwwr.s3.pl-waw.scw.cloud/sata/up-da-dsynf65cgyy6b7uk.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://gg90db2661-715df250cbed8bj4h8vwwr.s3.pl-waw.scw.cloud/sata/hand-dsynf65cgyy6b7uk.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.google.com/ | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://360devtracking.com/ezzcbmueaa4iwhvb/fmovies | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST https://connectini.net/Series/SuperNitouDisc.php | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://wewewe.s3.eu-central-1.amazonaws.com/WeUninstalled.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://doll.s3.pl-waw.scw.cloud/widgets/powerOff.exe | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST https://connectini.net/Series/Conumer4Publisher.php | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://connectini.net/Series/publisher/1/KR.json | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST https://connectini.net/Series/Conumer2kenpachi.php | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://connectini.net/Series/kenpachi/2/goodchannel/KR.json | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://connectini.net/Series/configPoduct/2/goodchannel.json |
request | HEAD http://gg90db2661-715df250cbed8bj4h8vwwr.s3.pl-waw.scw.cloud/samsung-carrers/poweroff.exe |
request | GET http://gg90db2661-715df250cbed8bj4h8vwwr.s3.pl-waw.scw.cloud/samsung-carrers/poweroff.exe |
request | GET http://gg90db2661-715df250cbed8bj4h8vwwr.s3.pl-waw.scw.cloud/sata/pub-dsynf65cgyy6b7uk.exe |
request | GET http://gg90db2661-715df250cbed8bj4h8vwwr.s3.pl-waw.scw.cloud/sata/up-da-dsynf65cgyy6b7uk.exe |
request | GET http://gg90db2661-715df250cbed8bj4h8vwwr.s3.pl-waw.scw.cloud/sata/hand-dsynf65cgyy6b7uk.exe |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
request | GET http://www.google.com/ |
request | POST http://360devtracking.com/ezzcbmueaa4iwhvb/fmovies |
request | POST https://connectini.net/Series/SuperNitouDisc.php |
request | GET https://wewewe.s3.eu-central-1.amazonaws.com/WeUninstalled.exe |
request | GET https://doll.s3.pl-waw.scw.cloud/widgets/powerOff.exe |
request | POST https://connectini.net/Series/Conumer4Publisher.php |
request | GET https://connectini.net/Series/publisher/1/KR.json |
request | POST https://connectini.net/Series/Conumer2kenpachi.php |
request | GET https://connectini.net/Series/kenpachi/2/goodchannel/KR.json |
request | GET https://connectini.net/Series/configPoduct/2/goodchannel.json |
request | POST http://360devtracking.com/ezzcbmueaa4iwhvb/fmovies |
request | POST https://connectini.net/Series/SuperNitouDisc.php |
request | POST https://connectini.net/Series/Conumer4Publisher.php |
request | POST https://connectini.net/Series/Conumer2kenpachi.php |
description | SHykigusena.exe tried to sleep 201 seconds, actually delayed analysis time by 201 seconds | |||
description | Laetymaerifae.exe tried to sleep 172 seconds, actually delayed analysis time by 172 seconds |
file | C:\Users\test22\AppData\Local\Temp\4b-cbf10-263-922b1-a9940130e9e54\Laetymaerifae.exe |
file | C:\Users\test22\AppData\Local\Temp\is-9I5HS.tmp\_isetup\_shfoldr.dll |
file | C:\Program Files (x86)\Common Files\Sahajavuma.exe |
file | C:\Users\test22\AppData\Local\Temp\is-9I5HS.tmp\idp.dll |
file | C:\Users\test22\AppData\Local\Temp\is-9I5HS.tmp\PowerOff.exe |
file | C:\Users\test22\AppData\Local\Temp\dc-1b113-c03-fcb87-222b96c802939\SHykigusena.exe |
file | C:\Users\test22\AppData\Local\Temp\dc-1b113-c03-fcb87-222b96c802939\SHykigusena.exe |
file | C:\Users\test22\AppData\Local\Temp\4b-cbf10-263-922b1-a9940130e9e54\Laetymaerifae.exe |
file | C:\Users\test22\AppData\Local\Temp\dc-1b113-c03-fcb87-222b96c802939\SHykigusena.exe |
file | C:\Users\test22\AppData\Local\Temp\4b-cbf10-263-922b1-a9940130e9e54\Laetymaerifae.exe |
file | C:\Users\test22\AppData\Local\Temp\is-9I5HS.tmp\_isetup\_shfoldr.dll |
file | C:\Users\test22\AppData\Local\Temp\is-9I5HS.tmp\idp.dll |
file | C:\Users\test22\AppData\Local\Temp\is-9I5HS.tmp\PowerOff.exe |
file | C:\Users\test22\AppData\Local\Temp\is-G4CRF.tmp\Bolt.tmp |