Analysis

Category Package Started Completed Duration Log
PCAP 2020-06-11 01:38:41 2020-06-11 01:38:41 0 seconds Show Log

    


Signatures

Generates some ICMP traffic

Hosts

No hosts contacted.

DNS

Name Response Post-Analysis Lookup
_services._dns-sd._udp.local [VT]

Sorry! No behavior.

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.0.33 58425 192.168.0.25 445

UDP

Source Source Port Destination Destination Port
192.168.35.22 50917 192.168.0.33 7
192.168.35.22 50917 192.168.0.33 53
192.168.35.22 50917 192.168.0.33 67
192.168.35.22 50917 192.168.0.33 68
192.168.35.22 50917 192.168.0.33 69
192.168.35.22 50917 192.168.0.33 80
192.168.35.22 50917 192.168.0.33 111
192.168.35.22 50917 192.168.0.33 123
192.168.35.22 50917 192.168.0.33 135
192.168.35.22 50917 192.168.0.33 136
192.168.35.22 50917 192.168.0.33 137
192.168.35.22 50917 192.168.0.33 138
192.168.35.22 50917 192.168.0.33 139
192.168.35.22 50917 192.168.0.33 161
192.168.35.22 50917 192.168.0.33 162
192.168.35.22 50917 192.168.0.33 445
192.168.35.22 50917 192.168.0.33 500
192.168.35.22 50917 192.168.0.33 514
192.168.35.22 50917 192.168.0.33 518
192.168.35.22 50917 192.168.0.33 520
192.168.35.22 50917 192.168.0.33 593
192.168.35.22 50917 192.168.0.33 626
192.168.35.22 50917 192.168.0.33 631
192.168.35.22 50917 192.168.0.33 996
192.168.35.22 50917 192.168.0.33 997
192.168.35.22 50917 192.168.0.33 998
192.168.35.22 50917 192.168.0.33 999
192.168.35.22 50917 192.168.0.33 1025
192.168.35.22 50917 192.168.0.33 1026
192.168.35.22 50917 192.168.0.33 1027
192.168.35.22 50917 192.168.0.33 1433
192.168.35.22 50917 192.168.0.33 1434
192.168.35.22 50917 192.168.0.33 1645
192.168.35.22 50917 192.168.0.33 1646
192.168.35.22 50917 192.168.0.33 1701
192.168.35.22 50917 192.168.0.33 1812
192.168.35.22 50917 192.168.0.33 1900
192.168.35.22 50917 192.168.0.33 2048
192.168.35.22 50917 192.168.0.33 2049
192.168.35.22 50917 192.168.0.33 2222
192.168.35.22 50917 192.168.0.33 3283
192.168.35.22 50917 192.168.0.33 3456
192.168.35.22 50917 192.168.0.33 4500
192.168.35.22 50917 192.168.0.33 5060
192.168.35.22 50917 192.168.0.33 5353
192.168.35.22 50917 192.168.0.33 20031
192.168.35.22 50917 192.168.0.33 32768
192.168.35.22 50917 192.168.0.33 49152
192.168.35.22 50917 192.168.0.33 49153
192.168.35.22 50917 192.168.0.33 49154
192.168.35.22 50928 192.168.0.33 161
192.168.35.22 50929 192.168.0.33 161
192.168.35.22 50930 192.168.0.33 161
192.168.35.22 50931 192.168.0.33 161

DNS

Name Response Post-Analysis Lookup
_services._dns-sd._udp.local [VT]

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

Source Destination ICMP Type Data
192.168.35.22 192.168.0.33 8
192.168.0.33 192.168.35.22 0

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
JSON Report Download

Processing ( 11.008 seconds )

  • 10.584 NetworkAnalysis
  • 0.396 CAPE
  • 0.023 AnalysisInfo
  • 0.004 Debug
  • 0.001 Suricata

Signatures ( 0.055000000000000014 seconds )

  • 0.01 ransomware_files
  • 0.006 antiav_detectreg
  • 0.006 ransomware_extensions
  • 0.004 antiav_detectfile
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_ftp
  • 0.003 territorial_disputes_sigs
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.002 network_torgateway
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 geodo_banking_trojan
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name
  • 0.001 network_dns_opennic
  • 0.001 revil_mutexes

Reporting ( 0.088 seconds )

  • 0.088 PCAP2CERT