| | Attack port | Ports |
|---|
| 135 (100%) | 707 (88%)
69 (88%)
1031 (86%)
1027 (51%)
1034 (37%) |
|
| | Drops | Processes |
|---|
dllhost.exe (95%)
cmd.exe (40%)
csrss.exe (40%)
explorer.exe (40%)
lsass.exe (40%)
services.exe (40%)full list | dllhost.exe (100%)
cmd.exe (42%)
csrss.exe (42%)
explorer.exe (42%)
lsass.exe (42%)
services.exe (42%)full list |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
| 1:299913:1 (100%) | 1:1444:3 (100%)
1:2008120:1 (100%)
1:3001441:1 (100%)
1:3000003:99 (34%) | 1:52123:3 (100%) |
|
| | Registry keys | Registry values |
|---|
...microsoft/downloadmanager (100%)
...internetsettings/5.0 (58%)
...internetsettings/connections (58%)full list | defaultconnectionsettings (87%)
filename (28%)
flags (28%)
installed (28%)
installeddate (28%) |
|
| | DNS Lookups | C & C IPs |
|---|
US:download.microsoft.com (100%)
US:microsoft.com (100%) | - |
|
| | FTP chatter | HTTP chatter | IRC chatter |
|---|
| - | sourceIP=download.microso... (100%)
sourceport= keep-alive (100%)
version=1.0 (100%)
UA=mozilla/4.0 (compatibl... (62%)
filename=/download/0/1/f/... (62%)
UA=mozilla/4.0 (compatibl... (38%)full list | - |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
sophos (90%)
authentium (79%)
fortinet (78%)
kaspersky (78%)
microsoft (78%)
webwasher (78%)full list | 53bfe1... (75%) diversity: 16.8%
full list | 73f108... (34%)
a08f3b... (28%)
57ce4a... (7%)diversity: 14.8%
full list |
|
