2020-02-21 - TRAFFIC ANALYSIS EXERCISE - ONE-HOT-MESS

NOTICE:

ASSOCIATED FILES:

  • 2020-02-21-traffic-analysis-exercise.pcap   (7,642,342 bytes)
  • 2020-02-21-traffic-analysis-exercise-alerts-guidance.jpg   (1,315,259 bytes)
  • 2020-02-21-traffic-analysis-exercise-alerts.jpg   (1,737,924 bytes)
  • 2020-02-21-traffic-analysis-exercise-alerts.txt   (4,698 bytes)
  • 2020-02-21-traffic-analysis-exercise-list-of-artifacts.txt   (2,348 bytes)
  • DecemberLogs/Caff54e1.exe   (208,896 bytes)
  • DecemberLogs/OliviaMatter.vbs   (0 bytes)
  • DecemberLogs/Restaraunt1.cmd   (98 bytes)
  • DecemberLogs/Restaraunt2.cmd   (5,675 bytes)
  • DecemberLogs/Restaraunt3.cmd   (16 bytes)
  • DecemberLogs/Restaraunt4.cmd   (2,565 bytes)
  • Jqssmf.txt   (3,680 bytes)
  • Kxbpbnmslyha.txt   (704 bytes)
  • Ps8EYw7cb1E/iexpress.exe   (166,400 bytes)
  • Ps8EYw7cb1E/VERSION.dll   (802,816 bytes)
  • Wiqzbgfwkifvvu.lnk.bin   (1,240 bytes)
  • inv_261804.doc   (62,201 bytes)
  • qHD3ZbNtI2b/sigverif.exe   (75,264 bytes)
  • qHD3ZbNtI2b/VERSION.dll   (802,816 bytes)
  • wRCV5/DUI70.dll   (1,089,536 bytes)
  • wRCV5/ WindowsActionDialog.exe   (60,928 bytes)

 

 

SCENARIO

LAN segment data:

 

YOUR TASK

Write an incident report based on the pcap, associated alerts, and malware/artifacts from the infected Windows host.

 

ANSWERS

 

Click here to return to the main page.