Analysis

Category Package Started Completed Duration Log
PCAP 2020-09-17 19:09:22 2020-09-17 19:09:22 0 seconds Show Log

    


Signatures

Created network traffic indicative of malicious activity
signature: ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269)
signature: SURICATA IPv4 invalid checksum

Hosts

No hosts contacted.

DNS

No domains contacted.


Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-07-16 20:19:36.749 192.168.68.21 [VT] 36237 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:41.754 192.168.68.1 [VT] 53 192.168.68.21 [VT] 35116 UDP 1 2200073 2 SURICATA IPv4 invalid checksum Generic Protocol Command Decode 3
2020-07-16 20:19:47.074 192.168.68.1 [VT] 53 192.168.68.21 [VT] 56770 UDP 1 2200073 2 SURICATA IPv4 invalid checksum Generic Protocol Command Decode 3
2020-07-16 20:19:53.401 192.168.68.21 [VT] 44241 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.429 192.168.68.21 [VT] 46587 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.441 192.168.68.21 [VT] 33135 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.449 192.168.68.21 [VT] 38149 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.466 192.168.68.21 [VT] 46433 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.475 192.168.68.21 [VT] 39387 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.481 192.168.68.21 [VT] 34077 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.491 192.168.68.21 [VT] 46435 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.498 192.168.68.21 [VT] 40101 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.505 192.168.68.21 [VT] 42555 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.512 192.168.68.21 [VT] 38739 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.518 192.168.68.21 [VT] 36993 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.525 192.168.68.21 [VT] 39577 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.547 192.168.68.21 [VT] 33901 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.563 192.168.68.21 [VT] 45101 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.568 192.168.68.21 [VT] 40697 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.780 192.168.68.21 [VT] 38117 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.784 192.168.68.21 [VT] 43975 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.788 192.168.68.21 [VT] 36559 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.792 192.168.68.21 [VT] 34351 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.796 192.168.68.21 [VT] 33417 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.801 192.168.68.21 [VT] 40489 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.805 192.168.68.21 [VT] 46199 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.809 192.168.68.21 [VT] 46135 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.813 192.168.68.21 [VT] 46323 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.817 192.168.68.21 [VT] 35289 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.822 192.168.68.21 [VT] 41021 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.826 192.168.68.21 [VT] 44903 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.841 192.168.68.21 [VT] 35541 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.845 192.168.68.21 [VT] 42777 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.848 192.168.68.21 [VT] 46503 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.852 192.168.68.21 [VT] 41937 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.857 192.168.68.21 [VT] 44311 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.860 192.168.68.21 [VT] 40863 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.864 192.168.68.21 [VT] 33911 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.868 192.168.68.21 [VT] 41723 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.871 192.168.68.21 [VT] 35207 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.874 192.168.68.21 [VT] 38513 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.878 192.168.68.21 [VT] 44215 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.882 192.168.68.21 [VT] 34699 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.885 192.168.68.21 [VT] 39383 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.889 192.168.68.21 [VT] 42745 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.893 192.168.68.21 [VT] 40121 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.896 192.168.68.21 [VT] 38157 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.900 192.168.68.21 [VT] 40465 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.903 192.168.68.21 [VT] 34959 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.906 192.168.68.21 [VT] 43669 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.910 192.168.68.21 [VT] 33663 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.916 192.168.68.21 [VT] 40583 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.922 192.168.68.21 [VT] 33891 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.927 192.168.68.21 [VT] 34609 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.930 192.168.68.21 [VT] 42063 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.933 192.168.68.21 [VT] 36273 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.937 192.168.68.21 [VT] 39061 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.984 192.168.68.21 [VT] 43711 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.986 192.168.68.21 [VT] 40899 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1
2020-07-16 20:19:53.989 192.168.68.21 [VT] 44685 192.168.68.1 [VT] 80 TCP 1 2024107 3 ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) Attempted User Privilege Gain 1

Suricata TLS

No Suricata TLS

Suricata HTTP

Timestamp Source IP Source Port Destination IP Destination Port Method Status Hostname URI Content Type User Agent Referrer Length
2020-07-16 20:19:36.749 192.168.68.21 [VT] 36237 192.168.68.1 [VT] 80 None 192.168.68.1 [VT] / None Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 0
2020-07-16 20:19:41.820 192.168.68.21 [VT] 34078 192.168.68.1 [VT] 80 200 it-dept.reynholm-industries.com [VT] / text/html Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 None 10647
2020-07-16 20:19:42.073 192.168.68.21 [VT] 34078 192.168.68.1 [VT] 80 200 it-dept.reynholm-industries.com [VT] /it.css text/css Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 http://it-dept.reynholm-industries.com/ 2093
2020-07-16 20:19:42.077 192.168.68.21 [VT] 34078 192.168.68.1 [VT] 80 200 it-dept.reynholm-industries.com [VT] /roy.jpg image/jpeg Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 http://it-dept.reynholm-industries.com/ 8351
2020-07-16 20:19:42.082 192.168.68.21 [VT] 34078 192.168.68.1 [VT] 80 200 it-dept.reynholm-industries.com [VT] /richmond.jpg image/jpeg Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 http://it-dept.reynholm-industries.com/ 8031
2020-07-16 20:19:42.090 192.168.68.21 [VT] 34078 192.168.68.1 [VT] 80 200 it-dept.reynholm-industries.com [VT] /moss.jpg image/jpeg Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 http://it-dept.reynholm-industries.com/ 9722
2020-07-16 20:19:42.316 192.168.68.21 [VT] 34078 192.168.68.1 [VT] 80 404 it-dept.reynholm-industries.com [VT] /favicon.ico text/html Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 None 1635
2020-07-16 20:19:47.087 192.168.68.21 [VT] 34080 192.168.68.1 [VT] 80 200 it-dept.reynholm-industries.com [VT] /jen.jpg image/jpeg Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 http://it-dept.reynholm-industries.com/ 6872
2020-07-16 20:19:47.087 192.168.68.21 [VT] 34082 192.168.68.1 [VT] 80 200 it-dept.reynholm-industries.com [VT] /denholm.jpg image/jpeg Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 http://it-dept.reynholm-industries.com/ 11157
2020-07-16 20:19:53.366 192.168.68.21 [VT] 37507 192.168.68.1 [VT] 80 207 192.168.68.1 [VT] / text/xml Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 761
2020-07-16 20:19:53.401 192.168.68.21 [VT] 44241 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.429 192.168.68.21 [VT] 46587 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.441 192.168.68.21 [VT] 33135 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.449 192.168.68.21 [VT] 38149 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.466 192.168.68.21 [VT] 46433 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.475 192.168.68.21 [VT] 39387 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.481 192.168.68.21 [VT] 34077 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.491 192.168.68.21 [VT] 46435 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.498 192.168.68.21 [VT] 40101 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.505 192.168.68.21 [VT] 42555 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.512 192.168.68.21 [VT] 38739 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.518 192.168.68.21 [VT] 36993 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.525 192.168.68.21 [VT] 39577 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.547 192.168.68.21 [VT] 33901 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.563 192.168.68.21 [VT] 45101 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.568 192.168.68.21 [VT] 40697 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.780 192.168.68.21 [VT] 38117 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.784 192.168.68.21 [VT] 43975 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.788 192.168.68.21 [VT] 36559 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.792 192.168.68.21 [VT] 34351 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.796 192.168.68.21 [VT] 33417 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.801 192.168.68.21 [VT] 40489 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.805 192.168.68.21 [VT] 46199 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.809 192.168.68.21 [VT] 46135 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.813 192.168.68.21 [VT] 46323 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.817 192.168.68.21 [VT] 35289 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.822 192.168.68.21 [VT] 41021 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.826 192.168.68.21 [VT] 44903 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.841 192.168.68.21 [VT] 35541 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.845 192.168.68.21 [VT] 42777 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.848 192.168.68.21 [VT] 46503 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.852 192.168.68.21 [VT] 41937 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.857 192.168.68.21 [VT] 44311 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.860 192.168.68.21 [VT] 40863 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.864 192.168.68.21 [VT] 33911 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.868 192.168.68.21 [VT] 41723 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.871 192.168.68.21 [VT] 35207 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.874 192.168.68.21 [VT] 38513 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.878 192.168.68.21 [VT] 44215 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.882 192.168.68.21 [VT] 34699 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.885 192.168.68.21 [VT] 39383 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.889 192.168.68.21 [VT] 42745 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.893 192.168.68.21 [VT] 40121 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.896 192.168.68.21 [VT] 38157 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.900 192.168.68.21 [VT] 40465 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.903 192.168.68.21 [VT] 34959 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.906 192.168.68.21 [VT] 43669 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.910 192.168.68.21 [VT] 33663 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.916 192.168.68.21 [VT] 40583 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.922 192.168.68.21 [VT] 33891 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.927 192.168.68.21 [VT] 34609 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.930 192.168.68.21 [VT] 42063 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.933 192.168.68.21 [VT] 36273 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.937 192.168.68.21 [VT] 39061 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.984 192.168.68.21 [VT] 43711 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.986 192.168.68.21 [VT] 40899 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
2020-07-16 20:19:53.989 192.168.68.21 [VT] 44685 192.168.68.1 [VT] 80 500 192.168.68.1 [VT] / text/html Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) None 67
Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No process dumps.

Processing ( 5.693 seconds )

  • 5.318 Suricata
  • 0.277 CAPE
  • 0.092 AnalysisInfo
  • 0.005 Debug
  • 0.001 BehaviorAnalysis

Signatures ( 0.05600000000000001 seconds )

  • 0.011 ransomware_files
  • 0.007 ransomware_extensions
  • 0.006 antiav_detectreg
  • 0.004 antiav_detectfile
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_ftp
  • 0.003 territorial_disputes_sigs
  • 0.002 infostealer_im
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 geodo_banking_trojan
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 azorult_mutexes
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name
  • 0.001 revil_mutexes

Reporting ( 0.0 seconds )