Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 13, 2023, 9:51 a.m. | April 13, 2023, 9:53 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
ipinfo.io | 34.117.59.81 | |
api.db-ip.com | 172.67.75.166 | |
www.maxmind.com | 104.17.215.67 | |
db-ip.com | 104.26.5.15 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49181 104.26.5.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 8d:c8:6e:29:ea:e9:15:f8:85:80:ae:fd:51:f0:44:ca:8c:7d:0c:dc |
TLSv1 192.168.56.102:49182 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 8d:c8:6e:29:ea:e9:15:f8:85:80:ae:fd:51:f0:44:ca:8c:7d:0c:dc |
suspicious_features | Connection to IP address | suspicious_request | GET http://208.67.104.60/api/tracemap.php |
request | GET http://208.67.104.60/api/tracemap.php |
request | GET http://www.maxmind.com/geoip/v2.1/city/me |
request | GET https://db-ip.com/ |
request | POST https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self |
request | POST https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self |
domain | ipinfo.io |
file | C:\Users\test22\AppData\Local\Temp\7zE8380E05D\mlang.dll |
file | C:\Users\test22\AppData\Local\Temp\7zE8380E05D\Install.exe |
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Run a KeyLogger | rule | KeyLogger |
host | 208.67.104.60 |