Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Feb. 1, 2024, 7:50 a.m. | Feb. 1, 2024, 7:58 a.m. |
-
Apple.exe "C:\Users\test22\AppData\Local\Temp\Apple.exe"
2548
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.67.53.17 |
astervell.fun | 87.236.16.21 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49162 -> 87.236.16.21:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49162 87.236.16.21:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=astervell.fun | 8d:22:5a:06:6f:f0:0f:f7:ed:7b:49:fb:c4:3b:8b:91:e7:56:71:3d |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
pdb_path | C:\Users\Admin\source\repos\Apple\x64\Release\Apple.pdb |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
file | C:\Users\test22\AppData\Local\Temp\ DR12.exe |