Inspect your traffic capture to answer the following questions:
- What is the domain name of the users' custom site?
Frank-n-ted.com
.png)
-
What is the IP address of the Domain Controller (DC) of the AD network?
10.6.12.12
-
What is the name of the malware downloaded to the 10.6.12.203 machine?
june11.dll
.png)
.png)
- Upload the file to VirusTotal.com.
.png)
- What kind of malware is this classified as?
- This malware is classified as a Trojan
- Find the following information about the infected Windows machine:
- Host name:
ROTTERDAM-PC - IP address:
172.16.4.205 - MAC address:
00:59:07:b0:63:a4
- Host name:
.png)
- What is the username of the Windows user whose computer is infected?
mattijs.devries
.png)
- What are the IP addresses used in the actual infection traffic?
185.243.115.84
.png)
- Retrieve the desktop background of the Windows host.
.png)
.png)
-
Find the following information about the machine with IP address
10.0.0.201:- MAC address
- Windows username
- OS version
-
Which torrent file did the user download?