Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 10, 2023, 5:50 p.m. | April 10, 2023, 5:52 p.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
ipinfo.io | 34.117.59.81 | |
api.db-ip.com | 172.67.75.166 | |
www.maxmind.com | 104.17.215.67 | |
db-ip.com | 172.67.75.166 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49179 104.26.5.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 8d:c8:6e:29:ea:e9:15:f8:85:80:ae:fd:51:f0:44:ca:8c:7d:0c:dc |
TLSv1 192.168.56.102:49178 104.26.5.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 8d:c8:6e:29:ea:e9:15:f8:85:80:ae:fd:51:f0:44:ca:8c:7d:0c:dc |
suspicious_features | Connection to IP address | suspicious_request | GET http://94.142.138.131/api/tracemap.php |
request | GET http://94.142.138.131/api/tracemap.php |
request | GET http://www.maxmind.com/geoip/v2.1/city/me |
request | GET https://db-ip.com/ |
request | POST https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self |
request | POST https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self |
domain | ipinfo.io |
file | C:\Users\test22\AppData\Local\Temp\7zE0B3E9F1B\Install.exe |
file | C:\Users\test22\AppData\Local\Temp\7zE0B3E9F1B\miutils.dll |
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Run a KeyLogger | rule | KeyLogger |
host | 94.142.138.131 |