Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Aug. 9, 2024, 9:22 a.m. | Aug. 9, 2024, 9:29 a.m. |
-
-
-
apZABzmk5ui9Aj6Ct4yFIjaU.exe "C:\Users\test22\Pictures\apZABzmk5ui9Aj6Ct4yFIjaU.exe"
2260
-
-
IP Address | Status | Action |
---|---|---|
152.195.38.76 | Active | Moloch |
104.20.3.235 | Active | Moloch |
147.45.60.44 | Active | Moloch |
162.159.134.233 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.169.89 | Active | Moloch |
172.67.188.178 | Active | Moloch |
185.199.110.133 | Active | Moloch |
194.58.114.223 | Active | Moloch |
20.200.245.247 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49164 104.20.3.235:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=pastebin.com | 82:49:c5:04:9a:bd:a9:c1:ab:4d:ff:95:b9:94:74:cc:40:bc:09:7f |
TLS 1.2 192.168.56.103:49166 20.200.245.247:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA | CN=github.com | e7:03:5b:cc:1c:18:77:1f:79:2f:90:86:6b:6c:1d:f8:df:aa:bd:c0 |
TLS 1.2 192.168.56.103:49165 172.67.169.89:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=yip.su | cd:f2:dd:c5:ee:57:d1:5f:01:8c:10:00:ac:b5:85:96:0e:f7:0a:32 |
TLS 1.2 192.168.56.103:49173 172.67.188.178:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=iplogger.com | ff:db:b3:bf:95:97:b5:c1:dd:90:3f:4c:9a:d3:69:3b:39:78:66:96 |
TLS 1.2 192.168.56.103:49171 162.159.134.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=discordapp.com | 97:8b:ee:ad:1e:bf:a1:69:e7:94:29:f7:55:7a:29:64:19:c7:81:39 |
TLS 1.2 192.168.56.103:49168 185.199.110.133:443 |
C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 | C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io | 97:d8:c5:70:0f:12:24:6c:88:bc:fa:06:7e:8c:a7:4d:a8:62:67:28 |
pdb_path | mth#ý%IxêÅäKß+}iß%gmY/ë?ßÑÙY<bïÛÎ,O/ß/e~!é$XÞbÌN o\yHíÛGÒêÚ.V§>;5V¥p"ã1^7 |
section | .managed |
section | hydrated |
resource name | BINARY |
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://194.58.114.223/d/385104 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://ironmanrecycling.com/get/setup1.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://pastebin.com/raw/E0rY26ni | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://github.com/evan9908/Setup/raw/main/Umar.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://yip.su/RNWPd.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://cdn.discordapp.com/attachments/1271038807315185718/1271141416722235504/setup.exe?ex=66b64232&is=66b4f0b2&hm=54ce8f39d23ca603ff6f30c94a6a47d0c4b423d21c32cc49cdd2dfd3da22283e& | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://iplogger.com/1lyxz |
request | GET http://194.58.114.223/d/385104 |
request | GET http://cacerts.digicert.com/DigiCertGlobalRootG2.crt |
request | GET http://ironmanrecycling.com/get/setup1.exe |
request | GET https://pastebin.com/raw/E0rY26ni |
request | GET https://github.com/evan9908/Setup/raw/main/Umar.exe |
request | GET https://yip.su/RNWPd.exe |
request | GET https://cdn.discordapp.com/attachments/1271038807315185718/1271141416722235504/setup.exe?ex=66b64232&is=66b4f0b2&hm=54ce8f39d23ca603ff6f30c94a6a47d0c4b423d21c32cc49cdd2dfd3da22283e& |
request | GET https://iplogger.com/1lyxz |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q9nbVFRW39pITNKON8zV4kXC.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DLFALvDucl6O9U7T0jcdlvDF.bat |
file | C:\Users\test22\Pictures\apZABzmk5ui9Aj6Ct4yFIjaU.exe |
file | C:\Users\test22\AppData\Local\lA1TJbLdO332jtliAiMQYbIm.exe |
file | C:\Users\test22\Pictures\tdpPBtCJ2PQ7VLSczJZ8xXjp.exe |
file | C:\Users\test22\AppData\Local\k3az9oBRIARsFxstiwVuDA7p.exe |