Analysis

Category Package Started Completed Duration Log
PCAP 2020-02-12 20:02:37 2020-02-12 20:02:37 0 seconds Show Log

    

MalScore

0.0

Benign


Signatures

No signatures

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 72.21.91.29 [VT] United States
Y 72.21.81.240 [VT] United States
Y 52.178.192.146 [VT] Ireland
Y 40.90.22.188 [VT] United States
Y 40.69.223.198 [VT] Ireland
Y 40.69.220.46 [VT] Ireland
Y 40.69.216.73 [VT] Ireland
Y 23.76.192.108 [VT] United States
Y 184.30.109.136 [VT] United States
Y 104.69.48.191 [VT] Netherlands

DNS

No domains contacted.


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 72.21.91.29 [VT] United States
Y 72.21.81.240 [VT] United States
Y 52.178.192.146 [VT] Ireland
Y 40.90.22.188 [VT] United States
Y 40.69.223.198 [VT] Ireland
Y 40.69.220.46 [VT] Ireland
Y 40.69.216.73 [VT] Ireland
Y 23.76.192.108 [VT] United States
Y 184.30.109.136 [VT] United States
Y 104.69.48.191 [VT] Netherlands

TCP

Source Source Port Destination Destination Port
192.168.240.92 49859 104.69.48.191 80
192.168.240.92 49809 184.30.109.136 443
192.168.240.92 49899 192.168.240.142 7680
192.168.240.92 49902 192.168.240.142 7680
192.168.240.92 49903 192.168.240.142 7680
192.168.240.92 49901 20.36.218.63 443
192.168.240.92 49837 23.76.192.108 80
192.168.240.92 49774 40.69.216.73 443
192.168.240.92 49815 40.69.220.46 443
192.168.240.92 49845 40.69.223.198 443
192.168.240.92 49829 40.90.22.188 443
192.168.240.92 49776 52.178.192.146 443
192.168.240.92 49777 52.178.192.146 443
192.168.240.92 49689 72.21.81.240 80
192.168.240.92 49690 72.21.91.29 80
72.21.91.29 80 192.168.240.92 49821
72.21.91.29 80 192.168.240.92 49831

UDP

Source Source Port Destination Destination Port
192.168.240.92 58456 8.8.8.8 53
192.168.240.92 63757 8.8.8.8 53

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-02-13 01:06:13.837 192.168.240.92 [VT] 49899 192.168.240.142 [VT] 7680 TCP 1 2027766 2 ET POLICY Windows Update P2P Activity Not Suspicious Traffic 3
2020-02-13 01:06:54.084 192.168.240.92 [VT] 49902 192.168.240.142 [VT] 7680 TCP 1 2027766 2 ET POLICY Windows Update P2P Activity Not Suspicious Traffic 3
2020-02-13 01:06:54.085 192.168.240.92 [VT] 49903 192.168.240.142 [VT] 7680 TCP 1 2027766 2 ET POLICY Windows Update P2P Activity Not Suspicious Traffic 3

Suricata TLS

Timestamp Source IP Source Port Destination IP Destination Port Subject Issuer Fingerprint Version
2020-02-13 01:06:00.666 192.168.240.92 [VT] 49898 184.28.88.82 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=officecdn.microsoft.com 61:74:54:f9:a8:9f:0c:a5:e1:bb:37:97:9f:4a:fe:47:e5:36:dc:60 TLS 1.2
2020-02-13 01:06:20.882 192.168.240.92 [VT] 49901 20.36.218.63 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=settings-win.data.microsoft.com 77:f0:b6:13:2c:13:ce:2f:98:41:ff:2a:bf:a2:dc:0d:38:6f:06:df TLS 1.2

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.240.92 49898 184.28.88.82 443 c00f5ca6c7d885d07ba83833be920579 unknown
192.168.240.92 49901 20.36.218.63 443 c00f5ca6c7d885d07ba83833be920579 unknown
Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
JSON Report Download
MAEC Report Download

Comments



No comments posted

Processing ( 5.181 seconds )

  • 5.028 Suricata
  • 0.091 NetworkAnalysis
  • 0.034 CAPE
  • 0.017 BehaviorAnalysis
  • 0.008 AnalysisInfo
  • 0.003 Debug

Signatures ( 0.029 seconds )

  • 0.007 antiav_detectreg
  • 0.005 ransomware_files
  • 0.003 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.002 ransomware_extensions
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_bitcoin
  • 0.001 infostealer_ftp
  • 0.001 infostealer_im
  • 0.001 infostealer_mail

Reporting ( 0.007 seconds )

  • 0.007 JsonDump
Task ID 12727
Mongo ID 5e4459e7542a6c44a0667b27
Cuckoo release 1.3-CAPE
Delete