Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Jan. 11, 2024, 10:09 a.m. | Jan. 11, 2024, 10:11 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
api.myip.com | 172.67.75.163 | |
vk.com | 93.186.225.194 | |
sun6-23.userapi.com | 95.142.206.3 | |
ipinfo.io | 34.117.186.192 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49188 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49179 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
TLSv1 192.168.56.102:49189 95.142.206.3:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
suspicious_features | Connection to IP address | suspicious_request | GET http://195.20.16.45/api/bing_release.php | ||||||
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://195.20.16.45/api/flash.php |
request | GET http://195.20.16.45/api/bing_release.php |
request | POST http://195.20.16.45/api/flash.php |
request | GET https://api.myip.com/ |
request | GET https://vk.com/doc418490229_670513616?hash=Rnz6mh1plmmQeRvLs9F8CK7xp1IzayhFDkq5VtfO7zL&dl=vqdYEy1z0yzb7VGu1G6kvdqbamVKV6KZryFk0aAy5M0&api=1&no_preview=1 |
request | GET https://sun6-23.userapi.com/c909618/u418490229/docs/d51/1e80248cc5f3/8jccr.bmp?extra=I1B0d7qHmDrWBBQTgm6DCsfs_HxefbRVRDBMMl1mndN_42h_EOO-DEO4b1R5C8HYMiNVOCOnamxYlk9-My5bAFSfIzgZKrI9NoLJwJbBGG34aojGE1MEDXU_gW3h2-UJPHThE-0hKCfIk70-NA |
request | POST http://195.20.16.45/api/flash.php |
domain | ipinfo.io |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\PROPAMAT\lgc_api — копия (3).dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\setup.exe |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\PROPAMAT\ResIL.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\PROPAMAT\ResIL — копия (2).dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\PROPAMAT\dbghelp.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\PROPAMAT\chrome_elf.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\PROPAMAT\lgc_api — копия (2).dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\PROPAMAT\ResIL — копия (3).dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\PROPAMAT\chrome_elf — копия.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\PROPAMAT\lgc_api.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\PROPAMAT\lgc_api — копия.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC887D668\PROPAMAT\ResIL — копия.dll |
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Run a KeyLogger | rule | KeyLogger |
host | 195.20.16.45 |