IP Address: 117.200.55.226Malicious
IP Address: 117.200.55.226Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
MSSQL SMB |
Tags |
SMB Service Stop Download File Successful SMB Login Access Share Service Deletion MSSQL Execute from Share SMB Share Connect Service Creation Service Start |
Associated Attack Servers |
IP Address |
117.200.55.226 |
|
Domain |
- |
|
ISP |
BSNL |
|
Country |
India |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2023-01-07 |
Last seen in Akamai Guardicore Segmentation |
2024-03-09 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SMB with the following username: Administrator - Authentication policy: Correct Password |
Successful SMB Login |
A user logged in using SMB with the following username: Administrator - Authentication policy: Previously Approved User |
Successful SMB Login |
saqtjtgk.exe was executed from the remote share \\server-backup\c$ |
Execute from Share |
c:\windows\system32\services.exe installed and started \\server-backup\c$\saqtjtgk.exe as a service named drPx under service group None |
Service Start Service Creation |
C:\windows\temp\svchost.exe was downloaded |
Download File |
jgwyxeyy.exe was executed from the remote share \\server-backup\c$ |
Execute from Share |
c:\windows\system32\services.exe installed and started \\server-backup\c$\jgwyxeyy.exe as a service named WWkz under service group None |
Service Start Service Creation |
Service WWkz was stopped |
Service Stop |
A user logged in using SMB with the following username: Administrator - Authentication policy: Previously Approved User |
Successful SMB Login |
C:\KWdhIkGz.exe was downloaded |
Download File |
kwdhikgz.exe was executed from the remote share \\server-backup\c$ |
Execute from Share |
c:\windows\system32\services.exe installed and started \\server-backup\c$\kwdhikgz.exe as a service named qTTn under service group None |
Service Start Service Creation |
C:\WINDOWS\Temp\tmp.vbs was downloaded |
Download File |
Service qTTn was stopped |
Service Stop |
Connection was closed due to timeout |
|
C:\WINDOWS\Temp\svchost.exe |
SHA256: 03c34d236efd2f90ad8c180a07adc5b4ebf4236fab0aec564646efa945a9f412 |
195000 bytes |
C:\WINDOWS\Temp\svchost.exe |
SHA256: 077ac2334531780c6b18060f658a3d65e88d523a29f926bad020753f5fce6545 |
65000 bytes |
C:\WINDOWS\Temp\svchost.exe |
SHA256: 0ea5c1a3aad17140e19a4b501713c39c9645d0d5df6c3534d8c2e83ec36f8a3a |
195000 bytes |
C:\WINDOWS\Temp\svchost.exe |
SHA256: 245855cd9c89326b531c7ce02aa313320a2a61b26771c389b6e0f997cf248e58 |
130000 bytes |
C:\WINDOWS\Temp\svchost.exe |
SHA256: 268e6ba752e67e79fd224652826a5db553f42565eec8cff88362f2e2ecddf6b2 |
195000 bytes |
C:\WINDOWS\Temp\svchost.exe |
SHA256: 33653e42949f068590eb2cde28cb78070ea35bd1757d71c67846183a6564fb0f |
195000 bytes |
C:\windows\temp\svchost.exe |
SHA256: 3649d7420800e1295b990f291c42a6ac6c02a50d768e2dec4976be723c51770f |
455000 bytes |
C:\aAIOEHFt.exe |
SHA256: 3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71 |
56320 bytes |