Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Aug. 9, 2024, 9:23 a.m. | Aug. 9, 2024, 9:27 a.m. |
-
-
-
BTzo3BvtVSNmg8v5fXvV45J7.exe "C:\Users\test22\Pictures\BTzo3BvtVSNmg8v5fXvV45J7.exe"
2288
-
-
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49165 104.20.3.235:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=pastebin.com | 82:49:c5:04:9a:bd:a9:c1:ab:4d:ff:95:b9:94:74:cc:40:bc:09:7f |
TLS 1.2 192.168.56.103:49166 172.67.169.89:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=yip.su | cd:f2:dd:c5:ee:57:d1:5f:01:8c:10:00:ac:b5:85:96:0e:f7:0a:32 |
TLS 1.2 192.168.56.103:49167 20.200.245.247:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA | CN=github.com | e7:03:5b:cc:1c:18:77:1f:79:2f:90:86:6b:6c:1d:f8:df:aa:bd:c0 |
TLS 1.2 192.168.56.103:49170 162.159.135.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=discordapp.com | 97:8b:ee:ad:1e:bf:a1:69:e7:94:29:f7:55:7a:29:64:19:c7:81:39 |
TLS 1.2 192.168.56.103:49171 185.199.111.133:443 |
C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 | C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io | 97:d8:c5:70:0f:12:24:6c:88:bc:fa:06:7e:8c:a7:4d:a8:62:67:28 |
section | .managed |
section | hydrated |
resource name | BINARY |
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://194.58.114.223/d/385104 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://ironmanrecycling.com/get/setup1.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://pastebin.com/raw/E0rY26ni | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://yip.su/RNWPd.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://github.com/evan9908/Setup/raw/main/Umar.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://cdn.discordapp.com/attachments/1271038807315185718/1271141416722235504/setup.exe?ex=66b64232&is=66b4f0b2&hm=54ce8f39d23ca603ff6f30c94a6a47d0c4b423d21c32cc49cdd2dfd3da22283e& |
request | GET http://194.58.114.223/d/385104 |
request | GET http://ironmanrecycling.com/get/setup1.exe |
request | GET http://cacerts.digicert.com/DigiCertGlobalRootG2.crt |
request | GET https://pastebin.com/raw/E0rY26ni |
request | GET https://yip.su/RNWPd.exe |
request | GET https://github.com/evan9908/Setup/raw/main/Umar.exe |
request | GET https://cdn.discordapp.com/attachments/1271038807315185718/1271141416722235504/setup.exe?ex=66b64232&is=66b4f0b2&hm=54ce8f39d23ca603ff6f30c94a6a47d0c4b423d21c32cc49cdd2dfd3da22283e& |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BYAZ7pdl5rK2PvyyEe50nTvj.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8ImS7r4f6TvY2QZlsG10cxIi.bat |
file | C:\Users\test22\AppData\Local\C2BMvIQsna2roqUBOAHQ6Tht.exe |
file | C:\Users\test22\Pictures\gPAxR3dKu8yeRVfwOVVEpBSr.exe |
file | C:\Users\test22\AppData\Local\0u303Rucbs7Qvz3ic0rFrq94.exe |
file | C:\Users\test22\Pictures\BTzo3BvtVSNmg8v5fXvV45J7.exe |
file | C:\Users\test22\AppData\Local\C2BMvIQsna2roqUBOAHQ6Tht.exe |