Analysis

Category Package Started Completed Duration Log
PCAP 2019-12-29 21:45:00 2019-12-29 21:45:00 0 seconds Show Log

    

MalScore

0.0

Benign


Signatures

No signatures

Hosts

Direct IP Country Name
Y 172.104.233.225 [VT] United States

DNS

Name Response Post-Analysis Lookup
wpad.ZEWI84583952745.local [VT] NXDOMAIN [VT]

Hosts

Direct IP Country Name
Y 172.104.233.225 [VT] United States

TCP

Source Source Port Destination Destination Port
192.168.180.31 1028 172.104.233.225 8080

UDP

Source Source Port Destination Destination Port
192.168.180.31 1026 192.168.180.250 53

DNS

Name Response Post-Analysis Lookup
wpad.ZEWI84583952745.local [VT] NXDOMAIN [VT]

HTTP Requests

URI Data
http://172.104.233.225:8080/enabled/pnp/sess/merge/
POST /enabled/pnp/sess/merge/ HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Host: 172.104.233.225:8080
Content-Length: 436
Connection: Keep-Alive
Pragma: no-cache

jMN1yBKqDxoVPGbNBBF=3UAE5StTz%2FazbmPw2AOxwdT0t3KNPHIik0HFa9fCOOHfhd8aeDmrumVe4hVLUjWgVjrffmCQ8A171Z8NB7Ef1UcNjCWqACYhPi18O1Og8bm8dx3g4veJKm3CMwzAncXnmKBdO4GFvuG%2FwJuX7r%2FuV53wVkzsC4c7iyud21FOcBavc9cUR8ENXnHW%2FDm1k88%2FmgmAp0XH0KqD956Bzm2QnWpHNRENgkcQciGOw8sYwtYDd9XVLQpcsYN5gOtiFS8H0dS3z%2FZhZqqlLhjFEo16%2FBQG0cvy7ex5sTvQZSGO9xY%2Fe7I2so9mnScSyRYfPNzDP7vn2KyAEmui8gRIb1RG%2FAzLIuL0c02MeuXyD9j8FfOh1phL8MNuQpPNBDziX%2FLwEl7QbA%3D%3D

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2019-11-19 19:31:28.305 192.168.180.31 [VT] 1028 172.104.233.225 [VT] 8080 TCP 1 2018358 8 ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic 2

Suricata TLS

No Suricata TLS

Suricata HTTP

Timestamp Source IP Source Port Destination IP Destination Port Method Status Hostname URI Content Type User Agent Referrer Length
2019-11-19 19:31:21.644 192.168.180.31 [VT] 1028 172.104.233.225 [VT] 8080 POST 200 172.104.233.225 [VT] /enabled/pnp/sess/merge/ text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E) None 0
Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
JSON Report Download
MAEC Report Download

Comments



No comments posted

Processing ( 15.126 seconds )

  • 10.064 NetworkAnalysis
  • 5.033 Suricata
  • 0.022 CAPE
  • 0.006 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.02 seconds )

  • 0.004 ransomware_files
  • 0.003 antiav_detectreg
  • 0.002 antiav_detectfile
  • 0.002 ransomware_extensions
  • 0.001 persistence_autorun
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 browser_security
  • 0.001 infostealer_bitcoin
  • 0.001 infostealer_ftp
  • 0.001 infostealer_im
  • 0.001 infostealer_mail
  • 0.001 network_torgateway

Reporting ( 0.009 seconds )

  • 0.009 JsonDump
Task ID 10167
Mongo ID 5e091e6dda7635029fc9da5a
Cuckoo release 1.3-CAPE
Delete