Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Jan. 15, 2024, 7:53 a.m. | Jan. 15, 2024, 7:57 a.m. |
-
4.exe "C:\Users\test22\AppData\Local\Temp\4.exe"
2552
Name | Response | Post-Analysis Lookup |
---|---|---|
t.me | 149.154.167.99 | |
steamcommunity.com | 104.76.78.101 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49166 104.76.78.101:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com | 10:20:2b:ee:30:69:cc:b6:ac:5e:47:04:71:ca:b0:75:78:51:58:f5 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
suspicious_features | GET method with no useragent header | suspicious_request | GET https://steamcommunity.com/profiles/76561199601319247 |
request | GET https://steamcommunity.com/profiles/76561199601319247 |
host | 65.109.241.139 |
wmi | |
wmi | Select * From AntiVirusProduct root\SecurityCente |
process | 4.exe | useragent | |||||||
process | 4.exe | useragent | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0 uacq |