Analysis

Category Package Started Completed Duration Log
PCAP 2020-04-07 08:23:39 2020-04-07 08:23:39 0 seconds Show Log

    


Signatures

Created network traffic indicative of malicious activity
signature: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
signature: SURICATA HTTP unable to match response to request

Hosts

No hosts contacted.

DNS

No domains contacted.


Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
1970-01-01 00:00:00.000 185.181.100.2 [VT] 80 172.16.1.209 [VT] 49165 TCP 1 2018959 4 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation 1
1970-01-01 00:00:00.000 185.181.100.2 [VT] 80 172.16.1.209 [VT] 49165 TCP 1 2008438 23 ET MALWARE Possible Windows executable sent when remote host claims to send a Text File A Network Trojan was detected 1
1970-01-01 00:00:00.000 185.181.100.2 [VT] 80 172.16.1.209 [VT] 49165 TCP 1 2221010 1 SURICATA HTTP unable to match response to request Generic Protocol Command Decode 3

Suricata TLS

No Suricata TLS

Suricata HTTP

Timestamp Source IP Source Port Destination IP Destination Port Method Status Hostname URI Content Type User Agent Referrer Length
1970-01-01 00:00:00.000 172.16.1.209 [VT] 49165 185.181.100.2 [VT] 80 200 moto4fun.ro [VT] /a/mwininilog.txt text/plain Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) None 25847
1970-01-01 00:00:00.000 172.16.1.209 [VT] 49165 185.181.100.2 [VT] 80 None None [VT] /libhtp::request_uri_not_seen None None None 2277
Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Processing ( 5.41 seconds )

  • 5.32 Suricata
  • 0.067 CAPE
  • 0.015 AnalysisInfo
  • 0.007 Debug
  • 0.001 BehaviorAnalysis

Signatures ( 0.04700000000000001 seconds )

  • 0.01 ransomware_files
  • 0.006 antiav_detectreg
  • 0.005 ransomware_extensions
  • 0.004 antiav_detectfile
  • 0.003 persistence_autorun
  • 0.003 infostealer_ftp
  • 0.002 antianalysis_detectfile
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 geodo_banking_trojan
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name
  • 0.001 revil_mutexes

Reporting ( 0.021 seconds )

  • 0.021 JsonDump