Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Jan. 24, 2024, 7:53 a.m. | Jan. 24, 2024, 8:04 a.m. |
-
rty37.exe "C:\Users\test22\AppData\Local\Temp\rty37.exe"
2556
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.50.121.153 |
i.alie3ksgaa.com | 154.92.15.189 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49162 -> 154.92.15.189:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49162 154.92.15.189:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=i.alie3ksgaa.com | e3:88:72:04:24:5c:12:17:a4:e2:c1:d9:33:f0:d9:60:91:71:d3:dc |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
pdb_path | c:\Users\Administrator\Jenkins\workspace\ccx-libraries-windows\build\Release\CCLibrary.pdb |
resource name | MUI |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |