Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Aug. 18, 2023, 5:53 p.m. | Aug. 18, 2023, 5:56 p.m. |
IP Address | Status | Action |
---|---|---|
103.100.211.218 | Active | Moloch |
104.17.214.67 | Active | Moloch |
104.192.141.1 | Active | Moloch |
104.21.9.89 | Active | Moloch |
144.76.136.153 | Active | Moloch |
149.202.0.242 | Active | Moloch |
148.251.234.83 | Active | Moloch |
148.251.234.93 | Active | Moloch |
156.236.72.121 | Active | Moloch |
163.123.143.4 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.75.163 | Active | Moloch |
172.67.75.166 | Active | Moloch |
185.244.181.112 | Active | Moloch |
193.233.254.61 | Active | Moloch |
194.169.175.128 | Active | Moloch |
194.169.175.233 | Active | Moloch |
194.26.135.162 | Active | Moloch |
208.67.104.60 | Active | Moloch |
23.219.70.2 | Active | Moloch |
23.67.53.17 | Active | Moloch |
34.117.59.81 | Active | Moloch |
45.15.156.229 | Active | Moloch |
61.111.58.34 | Active | Moloch |
77.91.124.231 | Active | Moloch |
77.91.124.54 | Active | Moloch |
87.121.221.58 | Active | Moloch |
93.186.225.194 | Active | Moloch |
94.142.138.131 | Active | Moloch |
95.142.206.1 | Active | Moloch |
95.142.206.2 | Active | Moloch |
95.142.206.3 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | Connection to IP address | suspicious_request | GET http://94.142.138.131/api/tracemap.php | ||||||
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://94.142.138.131/api/firegate.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://77.91.124.231/info/photo551.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://87.121.221.58/g.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://87.121.221.58/g.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://77.91.124.231/info/photo551.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://45.15.156.229/api/tracemap.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://208.67.104.60/api/tracemap.php | ||||||
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://193.233.254.61/loghub/master | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://transfer.sh/get/Els5w2XD23/1ds3y.exe |
request | GET http://94.142.138.131/api/tracemap.php |
request | POST http://94.142.138.131/api/firegate.php |
request | HEAD http://77.91.124.231/info/photo551.exe |
request | HEAD http://87.121.221.58/g.exe |
request | GET http://87.121.221.58/g.exe |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
request | GET http://77.91.124.231/info/photo551.exe |
request | HEAD http://zzz.fhauiehgha.com/m/okka25.exe |
request | GET http://zzz.fhauiehgha.com/m/okka25.exe |
request | GET http://45.15.156.229/api/tracemap.php |
request | GET http://208.67.104.60/api/tracemap.php |
request | POST http://193.233.254.61/loghub/master |
request | GET http://www.maxmind.com/geoip/v2.1/city/me |
request | GET http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=GPe3xmuleVDaoOMEldmdr3MP.exe&platform=0009&osver=5&isServer=0 |
request | GET https://api.myip.com/ |
request | GET https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 |
request | GET https://busell.store/setup294.exe |
request | GET https://vk.com/doc647736509_665757334?hash=BLle7vdX3iFMB4azpVJZYs9WrN6tEhp1wsHXrbQ6Ufz&dl=vr8PySakhGw7js63wfoBEncgnNsFZVbFO8czAHxd9Bk&api=1&no_preview=1#WW1 |
request | GET https://sun6-22.userapi.com/c237231/u647736509/docs/d56/ff6bde39d062/WWW1.bmp?extra=s__W1ni87TI6Duoswc_5WTp-ZIO2Qd59SKzhEqRFcQl-k1J4KAcBfVMo-bPsw0dFD9VXVx7H98KchsBhY5pJ34s_2Pecy9ZUMezwbbMr7285OlnifZTf678xl_FtoUV2KZ57GsxX98HPQN8_MQ |
request | GET https://vk.com/doc647736509_665757351?hash=xRNMJvtBxeMy9F0ahVhVsVflJbZD3QhaFKB8SVYcH0D&dl=kYv4t3v9Ds2wZeYJd9j0pkiCfCSj0PVEWEjq6i56Xf0&api=1&no_preview=1 |
request | GET https://transfer.sh/get/S8wmOYi1yh/s28a1f.exe |
request | GET https://sun6-21.userapi.com/c909628/u647736509/docs/d12/fd5c7be24aa4/PMmp.bmp?extra=QnkMoPcHh8Pcl9kFUIDvMGE9HrYxZTxMWrVO2SS1Sx4yHP5Q5kT-e7Goat-vWaxmZ-PrrfXp6boVtQQQstdn1i8BSip7NETyr912uQxRlY6BUbMA12qEMoVwuodJKRgPCPb3fkIKpOycnGY0kg |
request | GET https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#stats |
request | GET https://vk.com/doc647736509_665757320?hash=dfBBWeSNlNkIvHcK2uMdd2AbZmqfwD2ZZg0vYymBkR0&dl=gjNC6HkPkk10dAOYzHDYqNL4zQsWEaKk2Lm1A39kSP0&api=1&no_preview=1#rise |
request | GET https://sun6-23.userapi.com/c909628/u647736509/docs/d6/739bc3acf24e/RisePro.bmp?extra=4CuDyfIZuYP0bK3ZthEhDyIY7JTcPdNDWB-xWugKYKMzm7GYkAaCWBmMPL-CeiDi5CKnAyxfeLzY30Q5g8hsgJz_kOpQ4VpvA10LWfEQdi1KZEwr-PlrVfsWuYLypMmNjbUlSwPqmc2w3ipuOQ |
request | GET https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#test |
request | GET https://vk.com/doc647736509_665789779?hash=apIBNy1YzIlgOTOme2DjZEPMlC8mQMOrnNK6KuFrvTc&dl=KncEUWyJtdzd8EZ0lpauSTMDceKmPJX1qASzGUdtBnw&api=1&no_preview=1#nudik |
request | GET https://sun6-21.userapi.com/c235131/u647736509/docs/d12/1252c115442f/nudik.bmp?extra=DGoaqLEDsZ3vggeRfdmskz6ZM5azb77zzwL--59fZ45MDdw0qPOQf4y41LDFhStRPPoi2amvgrWPc6qnVp05BabutIeih26aH5tGiyYUTSF4JVORJU74v-DDmHCRMMAC6I3T2FLrjzABvjQEBQ |
request | GET https://db-ip.com/ |
request | GET https://db-ip.com/demo/home.php?s=175.208.134.152 |
request | POST https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self |
request | GET https://transfer.sh/get/Els5w2XD23/1ds3y.exe |
request | POST http://94.142.138.131/api/firegate.php |
request | POST http://193.233.254.61/loghub/master |
request | POST https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self |
ip | 149.202.0.242 |
ip | 185.244.181.112 |
ip | 194.169.175.128 |
ip | 194.169.175.233 |
ip | 194.26.135.162 |
ip | 77.91.124.54 |
domain | ipinfo.io |
file | C:\Users\test22\AppData\Local\Temp\7zEC98DD4AA\File.exe |
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Run a KeyLogger | rule | KeyLogger |
host | 149.202.0.242 | |||
host | 163.123.143.4 | |||
host | 185.244.181.112 | |||
host | 193.233.254.61 | |||
host | 194.169.175.128 | |||
host | 194.169.175.233 | |||
host | 194.26.135.162 | |||
host | 208.67.104.60 | |||
host | 45.15.156.229 | |||
host | 77.91.124.231 | |||
host | 77.91.124.54 | |||
host | 87.121.221.58 | |||
host | 94.142.138.131 |
dead_host | 192.168.56.102:49185 |
dead_host | 144.76.136.153:80 |
dead_host | 163.123.143.4:80 |
dead_host | 194.169.175.233:80 |