Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | July 2, 2024, 3:51 p.m. | July 2, 2024, 3:53 p.m. |
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1236 -
foobar2000.exe "C:\Program Files (x86)\foobar2000\foobar2000.exe" /install /quiet /exportshelldata "C:\Users\test22\AppData\Local\Temp\fb2kshelldata.tmp"
452 -
foobar2000 Shell Associations Updater.exe "C:\Program Files (x86)\foobar2000\foobar2000 Shell Associations Updater.exe" "C:\Users\test22\AppData\Local\Temp\fb2kshelldata.tmp"
1704 -
foobar2000.exe "C:\Program Files (x86)\foobar2000\foobar2000.exe"
2516
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
codeonicinc.com | 104.26.8.6 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49167 -> 172.67.69.54:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49164 -> 172.67.69.54:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.102:49167 172.67.69.54:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=codeonicinc.com | 86:da:8b:36:46:21:b9:cf:2c:38:f1:8a:de:64:e9:75:47:0f:ee:47 |
TLS 1.2 192.168.56.102:49164 172.67.69.54:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=codeonicinc.com | 86:da:8b:36:46:21:b9:cf:2c:38:f1:8a:de:64:e9:75:47:0f:ee:47 |
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
file | c:\program files\mozilla firefox\firefox.exe |
suspicious_features | POST method with no referer header | suspicious_request | POST https://codeonicinc.com/ |
request | POST https://codeonicinc.com/ |
request | POST https://codeonicinc.com/ |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-sysinfo-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-file-l2-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-crt-string-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-timezone-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-file-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\msvcp140.dll |
file | C:\Program Files (x86)\foobar2000\vccorlib140.dll |
file | C:\Program Files (x86)\foobar2000\msvcp140_1.dll |
file | C:\Program Files (x86)\foobar2000\foobar2000.exe |
file | C:\Program Files (x86)\foobar2000\sqlite3.dll |
file | C:\Program Files (x86)\foobar2000\components\foo_fileops.dll |
file | C:\Users\test22\AppData\Local\Temp\nsq3332.tmp\UAC.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-localization-l1-2-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-heap-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-processthreads-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-rtlsupport-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-datetime-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\msvcp140_atomic_wait.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-processenvironment-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-crt-utility-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\components\foo_unpack.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-crt-process-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-file-l1-2-0.dll |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk |
file | C:\Program Files (x86)\foobar2000\PP-UWP-Interop.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-crt-runtime-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-synch-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-debug-l1-1-0.dll |
file | C:\Users\test22\AppData\Local\Temp\nsq3332.tmp\System.dll |
file | C:\Program Files (x86)\foobar2000\uninstall.exe |
file | C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-synch-l1-2-0.dll |
file | C:\Users\Public\Desktop\foobar2000.lnk |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-crt-locale-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\avcodec-fb2k-60.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-profile-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-errorhandling-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-console-l1-2-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\ucrtbase.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-crt-conio-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\shared.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-string-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-crt-private-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-util-l1-1-0.dll |
file | C:\Program Files (x86)\foobar2000\runtime\api-ms-win-core-processthreads-l1-1-1.dll |
file | C:\Program Files (x86)\foobar2000\avutil-fb2k-58.dll |
file | C:\Program Files (x86)\foobar2000\components\foo_input_std.dll |
file | C:\Users\test22\AppData\Local\Temp\7zS0FB7451D\setup.exe |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk |
file | C:\Users\test22\Desktop\foobar2000.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk |
file | C:\Users\Public\Desktop\foobar2000.lnk |
file | C:\Program Files (x86)\foobar2000\foobar2000.exe |
file | C:\Users\test22\AppData\Local\Temp\nsq3332.tmp\System.dll |
file | C:\Users\test22\AppData\Local\Temp\nsq3332.tmp\UAC.dll |
file | C:\Users\test22\AppData\Local\Temp\7zS0FB7451D\setup.exe |
file | C:\Users\test22\AppData\Local\Temp\nsq3332.tmp\nsDialogs.dll |
section | {u'size_of_data': u'0x0008e800', u'virtual_address': u'0x0013f000', u'entropy': 7.997112804313907, u'name': u'.data', u'virtual_size': u'0x00091b7c'} | entropy | 7.99711280431 | description | A section with a high entropy has been found | |||||||||
entropy | 0.30587603971 | description | Overall entropy of this PE file is high |
file | C:\Users\test22\AppData\Local\Temp\fb2kshelldata.tmp |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\SpyNet |