Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | April 1, 2024, 7:34 a.m. | April 1, 2024, 7:38 a.m. |
-
-
-
1EqK5UBmfgkna1y9f5Pn8uBm.exe "C:\Users\test22\Pictures\1EqK5UBmfgkna1y9f5Pn8uBm.exe"
648 -
SpSZpljeAgBOd5nDtyvjI8FY.exe "C:\Users\test22\Pictures\SpSZpljeAgBOd5nDtyvjI8FY.exe"
1272 -
XTGRVHcKTRAVMPxb8cY2suul.exe "C:\Users\test22\Pictures\XTGRVHcKTRAVMPxb8cY2suul.exe"
1892 -
e6bOWUu0g4v8btuvKGWKflI4.exe "C:\Users\test22\Pictures\e6bOWUu0g4v8btuvKGWKflI4.exe"
2296
-
-
IP Address | Status | Action |
---|---|---|
104.21.13.170 | Active | Moloch |
104.21.15.5 | Active | Moloch |
104.21.32.142 | Active | Moloch |
104.21.63.71 | Active | Moloch |
104.21.79.77 | Active | Moloch |
107.167.110.211 | Active | Moloch |
15.204.49.148 | Active | Moloch |
152.195.38.76 | Active | Moloch |
162.159.130.233 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.146.202 | Active | Moloch |
172.67.164.28 | Active | Moloch |
172.67.170.65 | Active | Moloch |
172.67.200.219 | Active | Moloch |
172.67.34.170 | Active | Moloch |
185.172.128.144 | Active | Moloch |
193.233.132.150 | Active | Moloch |
23.210.247.48 | Active | Moloch |
91.92.250.47 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.101:49176 172.67.200.219:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=sty.ink | 04:26:33:35:60:d1:f5:25:d0:36:d3:b3:77:b5:a1:0c:0c:02:8e:18 |
TLS 1.2 192.168.56.101:49174 162.159.130.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=discordapp.com | 97:8b:ee:ad:1e:bf:a1:69:e7:94:29:f7:55:7a:29:64:19:c7:81:39 |
TLS 1.2 192.168.56.101:49173 104.21.32.142:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=shipofdestiny.com | e5:3d:dd:1e:cc:3d:fe:a7:68:cc:b6:93:8f:07:8c:8d:72:d0:79:30 |
TLS 1.2 192.168.56.101:49171 104.21.32.142:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=shipofdestiny.com | e5:3d:dd:1e:cc:3d:fe:a7:68:cc:b6:93:8f:07:8c:8d:72:d0:79:30 |
TLS 1.2 192.168.56.101:49177 104.21.13.170:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=sty.ink | 04:26:33:35:60:d1:f5:25:d0:36:d3:b3:77:b5:a1:0c:0c:02:8e:18 |
TLS 1.2 192.168.56.101:49178 104.21.79.77:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=yip.su | b1:73:ed:bb:05:91:b3:14:34:7d:d1:3c:92:7f:db:a1:84:c3:2f:a9 |
TLS 1.2 192.168.56.101:49182 104.21.63.71:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=lawyerbuyer.org | 25:ed:e3:0d:c2:97:7f:8c:70:54:9f:be:63:e9:c7:7a:00:fa:04:aa |
TLS 1.2 192.168.56.101:49175 172.67.164.28:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=namecloudvideo.org | 64:a9:49:8d:88:8e:5c:14:98:b7:7e:a9:3f:11:a9:e4:1f:d1:ee:aa |
TLS 1.2 192.168.56.101:49184 107.167.110.211:443 |
C=US, O=DigiCert Inc, CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1 | C=NO, ST=Oslo, L=Oslo, O=Opera Norway AS, CN=net.geo.opera.com | c0:94:e3:ed:b1:ae:5a:e8:e1:06:b2:20:8f:c1:d4:af:5b:25:65:0f |
TLS 1.2 192.168.56.101:49165 172.67.34.170:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 55:c8:82:61:30:05:42:80:db:47:5e:d0:66:b5:df:ac:14:5b:19:6f |
TLS 1.2 192.168.56.101:49172 104.21.15.5:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=operandotwo.com | dc:13:e0:0f:10:db:3f:8d:e5:db:4d:1e:f7:4e:de:dd:66:84:97:be |
TLS 1.2 192.168.56.101:49181 172.67.170.65:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=lawyerbuyer.org | 25:ed:e3:0d:c2:97:7f:8c:70:54:9f:be:63:e9:c7:7a:00:fa:04:aa |
TLS 1.2 192.168.56.101:49183 172.67.146.202:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=shipbank.org | 87:3f:1d:95:3c:42:06:99:73:d8:4f:34:44:de:48:4f:26:b1:a1:a7 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
pdb_path | C:\Windows\Containers\Confidential\DotnetGenerator\Stub\Projects\WorkHardKeepTrying\obj\Release\WorkHardKeepTrying.pdb |
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://15.204.49.148/files/Amadey.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.172.128.144/ISetup10.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://193.233.132.150/Second2.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767_789 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://pastebin.com/raw/xYhKBupz | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://cdn.discordapp.com/attachments/1211836107881447426/1222381674403201055/crypted.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://sty.ink/j903q | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://namecloudvideo.org/3eef203fb515bda85f514e168abb5973.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://sty.ink/ieer6 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://yip.su/RNWPd.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://lawyerbuyer.org/7be3fd16e688515edcc0939fa9cb026c/baf14778c246e15550645e30ba78ce1c.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://shipbank.org/7be3fd16e688515edcc0939fa9cb026c/3eef203fb515bda85f514e168abb5973.exe |
request | GET http://15.204.49.148/files/Amadey.exe |
request | GET http://185.172.128.144/ISetup10.exe |
request | GET http://193.233.132.150/Second2.exe |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
request | GET http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767_789 |
request | GET http://cacerts.digicert.com/DigiCertGlobalRootG3.crt |
request | GET https://pastebin.com/raw/xYhKBupz |
request | GET https://cdn.discordapp.com/attachments/1211836107881447426/1222381674403201055/crypted.exe |
request | GET https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe |
request | GET https://sty.ink/j903q |
request | GET https://namecloudvideo.org/3eef203fb515bda85f514e168abb5973.exe |
request | GET https://sty.ink/ieer6 |
request | GET https://yip.su/RNWPd.exe |
request | GET https://lawyerbuyer.org/7be3fd16e688515edcc0939fa9cb026c/baf14778c246e15550645e30ba78ce1c.exe |
request | GET https://shipbank.org/7be3fd16e688515edcc0939fa9cb026c/3eef203fb515bda85f514e168abb5973.exe |
file | C:\Users\test22\AppData\Local\Km16ZdNifRZqZC383k9UsxfF.exe |
file | C:\Users\test22\AppData\Local\Wuz0vjuwIqzywLIIoA8dNu8B.exe |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PKBUVV1GZCyfuckhCDUlnyFs.bat |
file | C:\Users\test22\Pictures\bPUK4cVaayh1kcBs6MD682U7.exe |
file | C:\Users\test22\Pictures\XTGRVHcKTRAVMPxb8cY2suul.exe |
file | C:\Users\test22\AppData\Local\ZaaJZWXbESbfhMRJZMt5199m.exe |
file | C:\Users\test22\Pictures\4I1LPjSWHw0dRdm14B8cpxsz.exe |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miw4ZVVPblOYycNZaJhP86Pm.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\G6Mu6oXYs7XFPDNPe2B5VTyg.bat |
file | C:\Users\test22\AppData\Local\u73syWWCN2v7vXbbd0n85kol.exe |
file | C:\Users\test22\Pictures\1EqK5UBmfgkna1y9f5Pn8uBm.exe |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LkmrRZnnjeGWTflQ08KYg2vW.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HyTw2Tni4XMk7n8qK0ia81rv.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cj4DmDxGCDVoe7yHhUg36AVC.bat |
file | C:\Users\test22\AppData\Local\8TescunqSJdJBKV9Px7A5Wy8.exe |
file | C:\Users\test22\AppData\Local\K9y6iDbBLxt5pm8baeXZ1Uc4.exe |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcJHPw3Tj3orr1poJ8BkKpRW.bat |
file | C:\Users\test22\Pictures\e6bOWUu0g4v8btuvKGWKflI4.exe |
file | C:\Users\test22\AppData\Local\zQzExX9PHh5xndnkVjFaCUQT.exe |
file | C:\Users\test22\Pictures\2zyozPmmwykliZbwysYuXnYM.exe |
file | C:\Users\test22\Pictures\SpSZpljeAgBOd5nDtyvjI8FY.exe |
url | https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Bypass DEP | rule | disable_dep |
buffer | Buffer with sha1: 766f72a8de8b2d077c470a9fd12e54be042c986a |
buffer | Buffer with sha1: 40e255f1e8e57255424d43f33fe768e40242e736 |
host | 15.204.49.148 | |||
host | 185.172.128.144 | |||
host | 193.233.132.150 | |||
host | 91.92.250.47 |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miw4ZVVPblOYycNZaJhP86Pm.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LkmrRZnnjeGWTflQ08KYg2vW.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HyTw2Tni4XMk7n8qK0ia81rv.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cj4DmDxGCDVoe7yHhUg36AVC.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcJHPw3Tj3orr1poJ8BkKpRW.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PKBUVV1GZCyfuckhCDUlnyFs.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\G6Mu6oXYs7XFPDNPe2B5VTyg.bat |
file | C:\Users\test22\Pictures\4I1LPjSWHw0dRdm14B8cpxsz.exe |
file | C:\Users\test22\Pictures\1EqK5UBmfgkna1y9f5Pn8uBm.exe |
file | C:\Users\test22\Pictures\XTGRVHcKTRAVMPxb8cY2suul.exe |
file | C:\Users\test22\Pictures\e6bOWUu0g4v8btuvKGWKflI4.exe |