| | Attack port | Ports |
|---|
| 445 (100%) | 12045 (43%)
44445 (38%) |
|
| | Drops | Processes |
|---|
cmd.exe (100%)
csrss.exe (100%)
explorer.exe (100%)
lsass.exe (100%)
services.exe (100%)
spoolsv.exe (100%)full list | cmd.exe (100%)
csrss.exe (100%)
explorer.exe (100%)
lsass.exe (100%)
services.exe (100%)
spoolsv.exe (100%)full list |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
1:22000032:6 (100%)
1:22466:7 (100%)
1:292000032:99 (100%)
1:299913:1 (100%) | 1:31000004:99 (62%)
1:5001684:99 (38%)
1:2001683:3 (28%) | 1:52123:3 (100%) |
|
| | Registry keys | Registry values |
|---|
| - | - |
|
| | DNS Lookups | Failed connections | C & C IPs |
|---|
| - | - | - |
|
| | FTP chatter | HTTP chatter | IRC chatter |
|---|
user=a (100%)
pass=a (68%)
exec=iexplorer.exe (27%) | - | - |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
authentium (100%)
stz_like (100%)
suspicious_malware (100%) | diversity: 100.0%
| diversity: N/A
|
|
