| | Attack port | Ports |
|---|
| 445 (100%) | - |
|
| | Drops | Processes |
|---|
cmd.exe (100%)
csrss.exe (100%)
explorer.exe (100%)
lsass.exe (100%)
services.exe (100%)
spoolsv.exe (100%)full list | cmd.exe (100%)
csrss.exe (100%)
explorer.exe (100%)
lsass.exe (100%)
services.exe (100%)
spoolsv.exe (100%)full list |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
1:1390:5 (66%)
1:2001944:3 (66%)
1:99998:2 (66%)
1:3003:4 (63%)
1:21390:5 (34%)
1:299998:1 (34%) | 1:3000006:99 (100%)
1:2001684:3 (50%) | - |
|
| | Registry keys | Registry values |
|---|
| - | - |
|
| | DNS Lookups | Failed connections | C & C IPs |
|---|
| - | - | - |
|
| | FTP chatter | HTTP chatter | IRC chatter |
|---|
pass=a (100%)
user=a (100%)
exec=msnmanegers.exe (78%) | - | - |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
| - | diversity: N/A
| diversity: N/A
|
|
