Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Jan. 24, 2024, 8:04 a.m. | Jan. 24, 2024, 8:13 a.m. |
-
FirstZ.exe "C:\Users\test22\AppData\Local\Temp\FirstZ.exe"
2544
Name | Response | Post-Analysis Lookup |
---|---|---|
zeph-eu2.nanopool.org | 51.15.89.13 | |
pastebin.com | 104.20.67.143 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49164 -> 104.20.68.143:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2033268 | ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) | Potential Corporate Privacy Violation |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.3 192.168.56.101:49164 104.20.68.143:443 |
None | None | None |
TLS 1.3 192.168.56.101:49163 51.210.150.92:10943 |
None | None | None |
TLS 1.3 192.168.56.101:49165 51.68.137.186:10943 |
None | None | None |