Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | June 17, 2024, 1:25 p.m. | June 17, 2024, 1:33 p.m. |
-
-
-
b2c2c1.exe "C:\Users\test22\AppData\Local\Temp\1000003001\b2c2c1.exe"
2268 -
FirstZ.exe "C:\Users\test22\AppData\Local\Temp\1000004001\FirstZ.exe"
2384
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1236
Name | Response | Post-Analysis Lookup |
---|---|---|
xmr-eu1.nanopool.org | 162.19.224.121 | |
zeph-eu2.nanopool.org | 51.15.61.114 | |
pastebin.com | 172.67.19.24 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.3 192.168.56.103:49170 163.172.171.111:10943 |
None | None | None |
TLS 1.3 192.168.56.103:49171 104.20.3.235:443 |
None | None | None |
TLS 1.3 192.168.56.103:49172 51.15.58.224:14433 |
None | None | None |
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://185.172.128.116/Mb3GvQs8/index.php | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.172.128.116/b2c2c1.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.172.128.19/FirstZ.exe |
request | POST http://185.172.128.116/Mb3GvQs8/index.php |
request | GET http://185.172.128.116/b2c2c1.exe |
request | GET http://185.172.128.19/FirstZ.exe |
request | POST http://185.172.128.116/Mb3GvQs8/index.php |
file | C:\Users\test22\AppData\Local\Temp\1000003001\b2c2c1.exe |
file | C:\Users\test22\AppData\Local\Temp\1000004001\FirstZ.exe |
file | C:\Users\test22\AppData\Local\Temp\b66a8ae076\Hkbsse.exe |
file | C:\Users\test22\AppData\Local\Temp\1000003001\b2c2c1.exe |
file | C:\Users\test22\AppData\Local\Temp\1000004001\FirstZ.exe |
file | C:\Users\test22\AppData\Local\Temp\b66a8ae076\Hkbsse.exe |
file | C:\Users\test22\AppData\Local\Temp\1000003001\b2c2c1.exe |