Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | June 3, 2024, 9:34 a.m. | June 3, 2024, 9:36 a.m. |
-
-
o_CeSdAw1K73YQlvgMMzEXT2.exe C:\Users\test22\Documents\SimpleAdobe\o_CeSdAw1K73YQlvgMMzEXT2.exe
2816-
MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2876
-
-
IP Address | Status | Action |
---|---|---|
149.88.76.85 | Active | Moloch |
176.111.174.109 | Active | Moloch |
104.237.62.213 | Active | Moloch |
104.26.4.15 | Active | Moloch |
104.26.9.59 | Active | Moloch |
147.45.47.149 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.159.232 | Active | Moloch |
185.172.128.159 | Active | Moloch |
185.172.128.69 | Active | Moloch |
34.117.186.192 | Active | Moloch |
45.130.41.108 | Active | Moloch |
5.42.66.10 | Active | Moloch |
5.42.99.177 | Active | Moloch |
61.111.58.34 | Active | Moloch |
87.240.132.67 | Active | Moloch |
91.202.233.232 | Active | Moloch |
94.232.45.38 | Active | Moloch |
5.42.65.116 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49164 104.26.9.59:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=myip.com | 87:d2:90:92:b6:6a:56:3c:25:f1:ae:56:52:d9:2b:ac:16:44:bb:bc |
TLSv1 192.168.56.103:49170 104.26.4.15:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=db-ip.com | 1f:af:15:cd:f8:f8:ee:30:f9:6e:6e:54:bc:9a:a7:c7:77:70:6d:25 |
TLSv1 192.168.56.103:49190 172.67.159.232:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=foxesjoy.com | 98:61:17:75:9f:9b:34:ec:5e:dd:5b:36:49:5e:1b:7d:2d:22:18:22 |
TLSv1 192.168.56.103:49198 45.130.41.108:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=monoblocked.com | 2c:d3:99:84:08:33:38:25:31:da:34:23:da:07:ec:a6:6f:e6:0a:ac |
TLSv1 192.168.56.103:49199 87.240.132.67:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 65:c4:6f:80:24:02:e8:bf:a9:67:89:c3:4c:f8:46:77:d0:3b:df:fd |
TLSv1 192.168.56.103:49205 87.240.132.67:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 65:c4:6f:80:24:02:e8:bf:a9:67:89:c3:4c:f8:46:77:d0:3b:df:fd |
TLSv1 192.168.56.103:49210 87.240.132.67:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 65:c4:6f:80:24:02:e8:bf:a9:67:89:c3:4c:f8:46:77:d0:3b:df:fd |
TLSv1 192.168.56.103:49213 87.240.132.67:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 65:c4:6f:80:24:02:e8:bf:a9:67:89:c3:4c:f8:46:77:d0:3b:df:fd |
TLSv1 192.168.56.103:49217 87.240.132.67:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 65:c4:6f:80:24:02:e8:bf:a9:67:89:c3:4c:f8:46:77:d0:3b:df:fd |
TLSv1 192.168.56.103:49222 87.240.132.67:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 65:c4:6f:80:24:02:e8:bf:a9:67:89:c3:4c:f8:46:77:d0:3b:df:fd |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
section | _RDATA |
section | .vmpx\xc2\xbd\xc2 |
resource name | UIFILE |
resource name | None |
suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.99.177/api/crazyfish.php | ||||||
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://5.42.99.177/api/twofish.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://185.172.128.69/download.php?pub=inte | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://5.42.66.10/download/th/getimage12.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://5.42.66.10/download/th/retail.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://91.202.233.232/o2i3jroi23joj23ikrjokij3oroi.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://94.232.45.38/eee01/eee01.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://185.172.128.159/dl.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://176.111.174.109/google | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://176.111.174.109/google | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://91.202.233.232/o2i3jroi23joj23ikrjokij3oroi.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://185.172.128.69/download.php?pub=inte | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://185.172.128.159/dl.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://94.232.45.38/eee01/eee01.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.66.10/download/th/getimage12.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://5.42.66.10/download/123p.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://5.42.66.10/download/th/space.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.66.10/download/th/retail.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.66.10/download/123p.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.66.10/download/th/space.php |
request | GET http://5.42.99.177/api/crazyfish.php |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
request | POST http://5.42.99.177/api/twofish.php |
request | HEAD http://185.172.128.69/download.php?pub=inte |
request | HEAD http://5.42.66.10/download/th/getimage12.php |
request | HEAD http://5.42.66.10/download/th/retail.php |
request | HEAD http://91.202.233.232/o2i3jroi23joj23ikrjokij3oroi.exe |
request | HEAD http://94.232.45.38/eee01/eee01.exe |
request | HEAD http://185.172.128.159/dl.php |
request | HEAD http://176.111.174.109/google |
request | GET http://176.111.174.109/google |
request | GET http://91.202.233.232/o2i3jroi23joj23ikrjokij3oroi.exe |
request | GET http://185.172.128.69/download.php?pub=inte |
request | GET http://185.172.128.159/dl.php |
request | GET http://94.232.45.38/eee01/eee01.exe |
request | GET http://5.42.66.10/download/th/getimage12.php |
request | HEAD http://5.42.66.10/download/123p.exe |
request | HEAD http://5.42.66.10/download/th/space.php |
request | GET http://5.42.66.10/download/th/retail.php |
request | GET http://5.42.66.10/download/123p.exe |
request | GET http://5.42.66.10/download/th/space.php |
request | GET https://db-ip.com/demo/home.php?s= |
request | GET https://lop.foxesjoy.com/ssl/crt.exe |
request | GET https://monoblocked.com/525403/setup.exe |
request | POST http://5.42.99.177/api/twofish.php |
description | AppGate2103v01.exe tried to sleep 265 seconds, actually delayed analysis time by 265 seconds |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghpilmjholiicaobfjdkefcogmgaabif |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgffkfbidihjpoaomajlbgchddlicgpn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agoakfejjabomempkjlepdflaleeobhb |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aodkkagnadcbobfpggfnjeongemjbjca |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfgccjchihfkkindfppnaooecgfneiii |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmblappgoiilbgafhjklehhfifbdocee |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ebfidpplhabeedpnhjnobghokpiioolj |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn |
domain | ipinfo.io |
file | C:\Users\test22\Documents\SimpleAdobe\_8yuL8qjJtP5NZqy7PzNyVXU.exe |
file | C:\Users\test22\Documents\SimpleAdobe\o_CeSdAw1K73YQlvgMMzEXT2.exe |
file | C:\Users\test22\Documents\SimpleAdobe\4Ko_aC6s3slEKqtxKW0CJGYX.exe |
file | C:\Users\test22\Documents\SimpleAdobe\HV0uZnmSdVHbUO7nRUiZwFU8.exe |
file | C:\Users\test22\Documents\SimpleAdobe\JLVgQHE0e3zqt0CoYzevdDqB.exe |
file | C:\Users\test22\Documents\SimpleAdobe\vE9E4cuoYSHSDzLpSZTsGcKe.exe |
file | C:\Users\test22\Documents\SimpleAdobe\ivWgK3rxWR3mMHVNHWY3ae5i.exe |
file | C:\Users\test22\Documents\SimpleAdobe\phD32zk70jfeSiOlFqUzmEx4.exe |
file | C:\Users\test22\Documents\SimpleAdobe\ZW7uNr1lwJSS3G43lu8CBjiA.exe |
file | C:\Users\test22\Documents\SimpleAdobe\ueGCmF16p4IowThmgSvN3gQl.exe |
file | C:\Users\test22\Documents\SimpleAdobe\Eek13wjutSlE27l5yJOzFEvs.exe |