2019-07-19 - TRAFFIC ANALYSIS EXERCISE - SO HOT RIGHT NOW

ASSOCIATED FILES:

  • 2019-07-19-traffic-analysis-exercise.pcap   (26,347,323 bytes)
  • 2019-07-19-traffic-analysis-exercise-alerts.jpg   (356,074 bytes)
  • 2019-07-19-traffic-analysis-exercise-alerts.txt   (4,161 bytes)
  • 2019-07-19-traffic-analysis-exercise-malware-notes.txt   (557 bytes)
  • EIMOCFXM373.txt   (2,218,593 bytes)
  • Firefox.exe   (3,978,269 bytes)
  • HTCTL32.DLL   (328,056 bytes)
  • NSM.LIC   (257 bytes)
  • NSM.ini   (6,458 bytes)
  • PCICHEK.DLL   (18,808 bytes)
  • PCICL32.DLL   (3,735,416 bytes)
  • TCCTL32.DLL   (396,664 bytes)
  • client32.ini   (596 bytes)
  • msvcr100.dll   (7739,68 bytes)
  • nskbfltr.inf   (328 bytes)
  • pcicapi.dll   (33,144 bytes)
  • remcmdstub.exe   (63,864 bytes)
  • shost.exe   (105,848 bytes)

NOTES:

 

 

SCENARIO

LAN segment data:

 

YOUR TASK

Review the pcap and alerts to answer the following questions:

NOTE: The malware archive is additional information and not neccesary to answer the questions for this exercise.  As usual, the malware archive contains malware designed to infect a Windows computer, so if you review the malware, do so at your own risk.

 

ANSWERS

 

Click here to return to the main page.