Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | March 23, 2021, 10:42 a.m. | March 23, 2021, 10:44 a.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\44277.730641088.dat.dll,DllRegisterServer
2864-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\44277.730641088.dat.dll,DllRegisterServer
5540
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\44277.730641088.dat.dll,
6204
Name | Response | Post-Analysis Lookup |
---|---|---|
aws.amazon.com | 13.225.123.73 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49808 -> 13.225.123.73:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49808 13.225.123.73:443 |
C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=aws.amazon.com | f7:53:97:5e:76:1e:fb:f6:70:72:02:95:d5:9f:2f:05:52:79:5d:ae |