Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 5, 2024, 10:36 a.m. | Aug. 5, 2024, 10:45 a.m. |
-
-
powershell.exe "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'systems';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'systems' -Value '"C:\Users\test22\AppData\Roaming\systems.exe"' -PropertyType 'String'
2748
-
Name | Response | Post-Analysis Lookup |
---|---|---|
access.samp-global.com | 91.217.76.162 | |
api.telegram.org | 149.154.167.220 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49164 91.217.76.162:56006 |
CN=Vhhapuzwu | CN=Vhhapuzwu | f8:24:08:fd:df:c8:96:5d:47:e5:8f:24:25:9d:00:87:02:87:70:cd |