Windows
Analysis Report
https://vd.trinitymedia.ai/trinity-player/tts-player/20240326_55ac2d82cc134f115fe47a2f6d79101d1306d03c/trinity-player.js
Overview
General Information
Detection
Score: | 23 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- cmd.exe (PID: 6916 cmdline:
C:\Windows \system32\ cmd.exe /c wget -t 2 -v -T 60 -P "C:\Use rs\user\De sktop\down load" --no -check-cer tificate - -content-d isposition --user-ag ent="Mozil la/5.0 (Wi ndows NT 6 .1; WOW64; Trident/7 .0; AS; rv :11.0) lik e Gecko" " https://vd .trinityme dia.ai/tri nity-playe r/tts-play er/2024032 6_55ac2d82 cc134f115f e47a2f6d79 101d1306d0 3c/trinity -player.js " > cmdlin e.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7028 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - wget.exe (PID: 6276 cmdline:
wget -t 2 -v -T 60 - P "C:\User s\user\Des ktop\downl oad" --no- check-cert ificate -- content-di sposition --user-age nt="Mozill a/5.0 (Win dows NT 6. 1; WOW64; Trident/7. 0; AS; rv: 11.0) like Gecko" "h ttps://vd. trinitymed ia.ai/trin ity-player /tts-playe r/20240326 _55ac2d82c c134f115fe 47a2f6d791 01d1306d03 c/trinity- player.js" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
- wscript.exe (PID: 4588 cmdline:
C:\Windows \System32\ WScript.ex e "C:\User s\user\Des ktop\downl oad\trinit y-player.j s" MD5: A47CBE969EA935BDD3AB568BB126BC80)
- cleanup
System Summary |
---|
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: |
Source: | Author: Michael Haag: |
Click to jump to signature section
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Last function: |
Source: | Binary or memory string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 1 Command and Scripting Interpreter | 1 Scripting | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 12 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
staticvim.b-cdn.net | 37.19.207.34 | true | false | high | |
vd.trinitymedia.ai | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
37.19.207.34 | staticvim.b-cdn.net | Ukraine | 31343 | INTERTELECOMUA | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417174 |
Start date and time: | 2024-03-28 18:02:52 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 1m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | urldownload.jbs |
Sample URL: | https://vd.trinitymedia.ai/trinity-player/tts-player/20240326_55ac2d82cc134f115fe47a2f6d79101d1306d03c/trinity-player.js |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | SUS |
Classification: | sus23.win@5/2@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: https://vd.trinitymedia.ai/trinity-player/tts-player/20240326_55ac2d82cc134f115fe47a2f6d79101d1306d03c/trinity-player.js
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1193 |
Entropy (8bit): | 4.1890900449616515 |
Encrypted: | false |
SSDEEP: | 24:xQT57EY2EYoxePgqbdNTFvXwuFoOKbdN9:C7OgQbdNTeuSOKbdN9 |
MD5: | 6C65CD641E0E8ED3D3527B3E63098C35 |
SHA1: | 456874CEDC8715A23DD6CD65BFC78EDBC2DC29F1 |
SHA-256: | 9D5A67CCF7933149EB9D8A1E0BD80C13FDBBAD2B3A9855578495B754D9134DEF |
SHA-512: | 8D1424D044B73892E157B418692DA20691DD620424B6ADB2F6DC1B125F9EFB08902EBF765997B125FC71AF186687B9DF1DF4DB91E419F0094B83BE5598E5BB68 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\wget.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 399942 |
Entropy (8bit): | 5.483418741782169 |
Encrypted: | false |
SSDEEP: | 6144:zWkjf1QirKNQ4UoDWhm9q58DzI71ZyNQt9xFTduDlU/gqb/JGZ69KFFW3xpcl8c:yNKKNQ4ZDWhm0yDzC1ZyNQR/y8c |
MD5: | 81F00BB1F52510697DB4512C7A5E2766 |
SHA1: | B27DAC316A6EAF1F0E7E75D475053C1D15A4793A |
SHA-256: | ABBF1D84370ABCD71CA1EDAA45EDE3A7042A74A5476C9CCDD0DBF656DA8B6300 |
SHA-512: | 188BFB541FDCAACBD5699B8E792B6F27F2E27C477F726A4088A55B59365F61D4DF9E69092534DB0B5B9D1A37FC57B73BF4FB5F1835DC7EA57F15770727008D0B |
Malicious: | true |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 18:03:37.016077042 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.016120911 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.016305923 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.017869949 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.017883062 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.219908953 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.220026970 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.221740007 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.221756935 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.222009897 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.222863913 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.264247894 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.402021885 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.441617012 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.441634893 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.441708088 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.441736937 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.441795111 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.519496918 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.519515991 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.519587994 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.519613981 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.519656897 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.565001965 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.565021992 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.565193892 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.565207958 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.565249920 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.601993084 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.602013111 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.602101088 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.602122068 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.602161884 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.626987934 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.627002954 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.627182961 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.627203941 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.627249002 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.647706032 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.647725105 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.647795916 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.647819996 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.647864103 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.671135902 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.671161890 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.671233892 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.671247959 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.671260118 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.671288967 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.690135956 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.690152884 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.690229893 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.690239906 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.690280914 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.707427025 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.707442999 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.707509041 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.707516909 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.707556009 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.721653938 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.721668959 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.721740961 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.721749067 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.721790075 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.733139992 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.733156919 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.733218908 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.733225107 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.733269930 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.745364904 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.745384932 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.745445013 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.745454073 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.745497942 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.754873037 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.754890919 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.754954100 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.754962921 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.755002975 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.765328884 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.765373945 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.765386105 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.765392065 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.765420914 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.765434980 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.774061918 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.774080992 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.774146080 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.774153948 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.774192095 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.783394098 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.783412933 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.783472061 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.783478975 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.783497095 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.783520937 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.791208029 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.791224003 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.791294098 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.791304111 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.791346073 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.798738956 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.798754930 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.798820972 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.798827887 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.798870087 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.806871891 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.806888103 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.806950092 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.806965113 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.807005882 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.813641071 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.813661098 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.813708067 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.813715935 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.813888073 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.813888073 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.821001053 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.821017027 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.821074009 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.821082115 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.821122885 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.827136040 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.827203035 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.827603102 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.827665091 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.834155083 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.834194899 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.834225893 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.834233046 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.834259987 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.834278107 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.839529991 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.839545965 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.839580059 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.839585066 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.839621067 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.839644909 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.842104912 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.842164040 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.842169046 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.842219114 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.842411995 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Mar 28, 2024 18:03:37.842454910 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.858109951 CET | 49730 | 443 | 192.168.2.4 | 37.19.207.34 |
Mar 28, 2024 18:03:37.858124971 CET | 443 | 49730 | 37.19.207.34 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 18:03:36.909109116 CET | 49351 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 28, 2024 18:03:37.009749889 CET | 53 | 49351 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 28, 2024 18:03:36.909109116 CET | 192.168.2.4 | 1.1.1.1 | 0x6d32 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 28, 2024 18:03:37.009749889 CET | 1.1.1.1 | 192.168.2.4 | 0x6d32 | No error (0) | staticvim.b-cdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 28, 2024 18:03:37.009749889 CET | 1.1.1.1 | 192.168.2.4 | 0x6d32 | No error (0) | 37.19.207.34 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 37.19.207.34 | 443 | 6276 | C:\Windows\SysWOW64\wget.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 17:03:37 UTC | 287 | OUT | |
2024-03-28 17:03:37 UTC | 806 | IN | |
2024-03-28 17:03:37 UTC | 16384 | IN | |
2024-03-28 17:03:37 UTC | 16384 | IN | |
2024-03-28 17:03:37 UTC | 16384 | IN | |
2024-03-28 17:03:37 UTC | 16384 | IN | |
2024-03-28 17:03:37 UTC | 16384 | IN | |
2024-03-28 17:03:37 UTC | 16384 | IN | |
2024-03-28 17:03:37 UTC | 16384 | IN | |
2024-03-28 17:03:37 UTC | 16384 | IN | |
2024-03-28 17:03:37 UTC | 16384 | IN | |
2024-03-28 17:03:37 UTC | 16384 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:03:35 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 18:03:35 |
Start date: | 28/03/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 18:03:35 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\wget.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3'895'184 bytes |
MD5 hash: | 3DADB6E2ECE9C4B3E1E322E617658B60 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 18:03:38 |
Start date: | 28/03/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a9bf0000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |