Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | March 25, 2021, 9:21 a.m. | March 25, 2021, 9:23 a.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\44279.7753403935.dat.dll,DllRegisterServer
1896-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\44279.7753403935.dat.dll,DllRegisterServer
584
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\44279.7753403935.dat.dll,
2852
Name | Response | Post-Analysis Lookup |
---|---|---|
feaser2347.club | ||
aws.amazon.com | 13.225.123.73 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49199 -> 13.225.123.73:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49199 13.225.123.73:443 |
C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=aws.amazon.com | f7:53:97:5e:76:1e:fb:f6:70:72:02:95:d5:9f:2f:05:52:79:5d:ae |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
suspicious_features | GET method with no useragent header | suspicious_request | GET https://aws.amazon.com/ |
request | GET https://aws.amazon.com/ |
description | rundll32.exe tried to sleep 178 seconds, actually delayed analysis time by 178 seconds |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob |