Index of /publicDatasets/CTU-Mixed-Capture-3

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]2015-03-19_winnormal.biargus2016-08-29 06:38 1.5M 
[   ]2015-03-19_winnormal.binetflow2016-08-29 06:38 1.4M 
[   ]2015-03-19_winnormal.binetflow.after.infection2016-10-04 16:38 465K 
[   ]2015-03-19_winnormal.binetflow.before.infection2016-10-04 16:38 942K 
[   ]2015-03-19_winnormal.capinfos2016-03-19 13:47 754  
[   ]2015-03-19_winnormal.dnstop2016-03-19 13:47 20K 
[TXT]2015-03-19_winnormal.html2016-03-19 13:48 61M 
[   ]2015-03-19_winnormal.json2016-03-19 13:48 123M 
[   ]2015-03-19_winnormal.passivedns2016-03-19 13:47 171K 
[   ]2015-03-19_winnormal.pcap2016-03-19 13:42 175M 
[   ]2015-03-19_winnormal.weblogng2016-06-15 18:04 498K 
[DIR]Binetflows-per-hour/2016-10-10 13:54 -  
[TXT]README.html2017-02-14 09:31 2.4K 
[TXT]README.md2017-02-14 09:31 1.7K 
[   ]Win-Normal-1.rrd2016-03-19 13:42 8.0M 
[   ]a0840a39ec90e1f603e2f4be42a87026.exe.zip2016-05-28 12:48 3.3M 
[DIR]bro/2017-08-31 09:45 -  
[   ]nohup.out2017-02-14 09:40 78  
[DIR]suricata/2017-09-02 13:19 -  

Description

Only malware capture

In order to better analyze this mixed capture, we also executed the malware alone, without any user interaction. The capture can be found here. Whoever please note that the malware capture was done quite some time after the mixed capture, so some differences may appear. According to this capture, the malware seems to do only few connections.

About the Normal install

Timeline

Sat Mar 19 12:27:51 CET 2016

Start win normal 1

Sat Mar 19 13:18:59 CET 2016

Infected with a0840a39ec90e1f603e2f4be42a87026.exe

Sat Mar 19 13:33:08 CET 2016

After navigating some pages, leave the google chrome with an empty tab

Sat Mar 19 13:35:31 CET 2016

Close dropbox

Sat Mar 19 13:36:43 CET 2016

Close skype

Sat Mar 19 13:38:08 CET 2016

Type something in the google chrome bar

Sat Mar 19 13:39:34 CET 2016

Close chrome

Sat Mar 19 13:42:40 CET 2016

Power off windows