File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
79fc284390906dc4f597eb2d0193a109 | 18af6e835c801b120065b2ee848cd3d48eefcdca | bed1439e31b50158d556c123c356d46e66a415c927efcc0c6f1ba62264670e81 | 12288:buzINQlsd0Gywxwu0wWm/eitG0jwZ6NEaTC:buzOKswkwRdAeitG08ZF9 | 443950 |
File Name |
---|
cb.exe |
Snort Class | Snort Alert | Count |
---|---|---|
Misc Attack | ET RBN Known Russian Business Network IP TCP (86) | 1 |
Misc Attack | ET RBN Known Russian Business Network IP TCP (382) | 1 |
Misc Attack | ET RBN Known Russian Business Network IP TCP (369) | 1 |
Misc Attack | ET RBN Known Russian Business Network IP TCP (367) | 1 |
AV Alert | AV Vendor |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | C9 7A A6 D4 BD 85 4F 09 C8 80 D8 AF 4F 33 6A 2E 22 80 38 20 AD 4F 03 EB 6F 71 04 | 37 86 07 79 0E 4D 2F C9 1A 01 D0 4B A7 96 10 2E 94 E1 29 DB 0D DB 9F 29 E4 90 A |
modified | HKLM/SOFTWARE/Microsoft/DirectDraw/MostRecentApplication | Name | "msoobe.exe" | "svchost.exe" |
modified | HKLM/SOFTWARE/Microsoft/DirectDraw/MostRecentApplication | ID | 0x3B7D853E | 0x41107ED6 |
modified | HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19 | RefCount | 0x00000002 | 0x00000001 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/ControlSet001/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3 | CurrentLevel | 0x00011000 | 0x00000000 |
modified | HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3 | 1601 | 0x00000001 | 0x00000000 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 19 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
modified | HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3 | CurrentLevel | 0x00011000 | 0x00000000 |
modified | HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3 | 1601 | 0x00000001 | 0x00000000 |
DNS | DNS Response |
---|---|
tinypic.com | Standard query response A 209.17.70.143 |
match.com | Standard query response A 208.83.243.15 |
daum.net | Standard query response A 110.45.215.23 A 114.108.157.19 A 114.108.157.50 A 61.111.62.173 |
mastrubas.in | Standard query response A 66.23.234.100 |
caperiod.com | Standard query response A 195.2.240.78 |
myavava.in | Standard query response A 91.217.153.61 |
w.nucleardiscover.com | Standard query response A 60.190.223.75 |
clashjamwallop.in | Standard query response A 64.158.56.57 A 63.251.179.57 |
211107db060f.wordxs.net | Standard query response A 202.150.208.66 |
cr0wd-wal1.com | Standard query response A 91.213.29.63 A 188.95.52.161 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 147 | 132 | 13176 | 18051 |
17 | 1 | 0 | 175 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 80 | 70 | 8015 | 14321 |
443 | 6 | 22 | 20 | 1435 | 1204 |
888 | 6 | 45 | 42 | 3726 | 2526 |
1900 | 17 | 1 | 0 | 175 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
17:15:25 | 2011-06-11 | 6 | 10.10.10.7 | 66.23.234.100 | -> | e | 227 | 80 | 13 | 2401 |
17:15:27 | 2011-06-11 | 6 | 10.10.10.7 | 195.2.240.78 | -> | e | 439 | 80 | 9 | 975 |
17:15:28 | 2011-06-11 | 6 | 10.10.10.7 | 195.2.240.78 | -> | e | 451 | 80 | 9 | 973 |
17:15:30 | 2011-06-11 | 6 | 10.10.10.7 | 195.2.240.78 | -> | e | 42 | 80 | 9 | 1005 |
17:15:30 | 2011-06-11 | 6 | 10.10.10.7 | 66.23.234.100 | -> | e | 227 | 80 | 11 | 2298 |
17:15:35 | 2011-06-11 | 6 | 10.10.10.7 | 66.23.234.100 | -> | e | 227 | 80 | 5 | 300 |
17:15:38 | 2011-06-11 | 6 | 10.10.10.7 | 91.217.153.61 | -> | e | 412 | 80 | 13 | 2399 |
17:15:43 | 2011-06-11 | 6 | 10.10.10.7 | 91.217.153.61 | -> | e | 412 | 80 | 11 | 2298 |
17:15:45 | 2011-06-11 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 44 | 888 | 13 | 1124 |
17:15:48 | 2011-06-11 | 6 | 10.10.10.7 | 91.217.153.61 | -> | e | 412 | 80 | 5 | 300 |
17:15:49 | 2011-06-11 | 6 | 10.10.10.7 | 64.158.56.57 | -> | e | 311 | 80 | 14 | 2739 |
17:15:50 | 2011-06-11 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 44 | 888 | 10 | 600 |
17:15:54 | 2011-06-11 | 6 | 10.10.10.7 | 64.158.56.57 | -> | e | 311 | 80 | 11 | 2025 |
17:15:55 | 2011-06-11 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 44 | 888 | 6 | 360 |
17:15:59 | 2011-06-11 | 6 | 10.10.10.7 | 202.150.208.66 | -> | e | 6 | 80 | 9 | 1408 |
17:16:00 | 2011-06-11 | 6 | 10.10.10.7 | 64.158.56.57 | -> | e | 311 | 80 | 4 | 240 |
17:16:58 | 2011-06-11 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 504 | 888 | 13 | 1124 |
17:17:03 | 2011-06-11 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 504 | 888 | 11 | 660 |
17:17:08 | 2011-06-11 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 504 | 888 | 5 | 300 |
17:18:10 | 2011-06-11 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 620 | 888 | 13 | 1124 |
17:18:15 | 2011-06-11 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 620 | 888 | 11 | 660 |
17:18:20 | 2011-06-11 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 620 | 888 | 5 | 300 |
17:18:42 | 2011-06-11 | 6 | 10.10.10.7 | 91.213.29.63 | -> | e | 353 | 443 | 13 | 856 |
17:18:42 | 2011-06-11 | 6 | 10.10.10.7 | 95.143.193.138 | -> | e | 352 | 80 | 9 | 987 |
17:18:48 | 2011-06-11 | 6 | 10.10.10.7 | 91.213.29.63 | -> | e | 353 | 443 | 11 | 660 |
17:18:53 | 2011-06-11 | 6 | 10.10.10.7 | 91.213.29.63 | -> | e | 353 | 443 | 5 | 300 |
17:18:54 | 2011-06-11 | 6 | 10.10.10.7 | 91.213.29.63 | -> | e | 647 | 443 | 13 | 823 |
17:18:56 | 2011-06-11 | 6 | 10.10.10.7 | 95.143.193.138 | -> | e | 648 | 80 | 9 | 1015 |
17:20:52 | 2011-06-11 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 1 | 175 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|