Windows
Analysis Report
Urgence .xlsx
Overview
General Information
Detection
Score: | 4 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
No malicious behavior found, analyze the document also on other version of Office / Acrobat |
- System is w10x64
- EXCEL.EXE (PID: 6600 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) - splwow64.exe (PID: 4088 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- cleanup
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Memory has grown: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Extra Window Memory Injection | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
part-0013.t-0009.t-msedge.net | 13.107.213.41 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.213.41 | part-0013.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428895 |
Start date and time: | 2024-04-19 19:31:56 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Urgence .xlsx |
Detection: | CLEAN |
Classification: | clean4.winXLSX@3/4@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.56.128, 23.201.212.130, 52.109.8.36, 52.113.194.132, 23.40.205.48, 23.40.205.35, 23.40.205.66, 23.40.205.41, 23.40.205.58, 23.40.205.67, 23.40.205.56, 23.40.205.59, 23.40.205.57, 13.78.111.199
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, asia.configsvc1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-cus-buff-azsc-000.centralus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, wu-bg-shim.trafficmanager.net, cus-azsc-000.roaming.officeapps.live.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, us1.roaming1.live.com.akadns.net, onedscolprdjpe03.japaneast.cloudapp.azure.com, s-0005.s-msedge.net, config.office
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: Urgence .xlsx
Time | Type | Description |
---|---|---|
19:33:58 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.213.41 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
part-0013.t-0009.t-msedge.net | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Remcos, DBatLoader | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Amadey, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, RisePro Stealer | Browse |
| ||
Get hash | malicious | Dynamer | Browse |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 3.467955489419957 |
Encrypted: | false |
SSDEEP: | 6:kKulQ8WYvJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:2C1YkkPlE99SCQl2DUevat |
MD5: | 7E601887FA3C0CBB05EE305B115455F3 |
SHA1: | 01A8F00FEE293F09B4110B0DFA1FDB7CC176A6B1 |
SHA-256: | 81ECB3E4661C0A3B829E24689A5D0B2F7551D90CEFE6A5822B4A7300413191D9 |
SHA-512: | 535CB8AD0BBB5B3F7FE78B0694E739059081D73A6CDEE3B462C18D015ED84B71A024B6897BCB2E1D4CD892CBD9A416F11DA28AB03812C6FA5A505E44B2F2A030 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 1.1464700112623651 |
Encrypted: | false |
SSDEEP: | 3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X |
MD5: | 72F5C05B7EA8DD6059BF59F50B22DF33 |
SHA1: | D5AF52E129E15E3A34772806F6C5FBF132E7408E |
SHA-256: | 1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164 |
SHA-512: | 6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:KVC+cAmltV:KVC+cR |
MD5: | 9C7132B2A8CABF27097749F4D8447635 |
SHA1: | 71D7F78718A7AFC3EAB22ED395321F6CBE2F9899 |
SHA-256: | 7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83 |
SHA-512: | 333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.073600009411692 |
TrID: |
|
File name: | Urgence .xlsx |
File size: | 11'756 bytes |
MD5: | 958216675f28608052a5bc4c7053e7a5 |
SHA1: | 3c42e7b4829ffa7920ba7360f17bb3f2f90d6b09 |
SHA256: | 1f20ed328634d384252509203773c8e4a035d732ec281e2966d544a8a6724665 |
SHA512: | cf1c06f6e8b7240d60e994be809dd09a7b64ee226e6c2baca9beaeba0844b5955479b0fa263df9253d14909a3f9aeef5459bf823154782d9102b5d6842a49414 |
SSDEEP: | 192:KLb3UULfYiu2sVSxfTWrwvUxHppriBGGjPqub1LeBOk:KH3DjYp2sVSxfTHcHpABZjCkiV |
TLSH: | 36326E3DD246907DC672907C940C11E8530DE1AAF652E25E765437A8B8C122A33CFBEB |
File Content Preview: | PK..........!.A7..n...........[Content_Types].xml ...(......................................................................................................................................................................................................... |
Icon Hash: | 35e58a8c0c8a85b9 |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 19:34:02.725440025 CEST | 49753 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.725492954 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:02.725574970 CEST | 49753 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.725661993 CEST | 49754 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.725689888 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:02.725938082 CEST | 49756 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.725974083 CEST | 443 | 49756 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:02.725995064 CEST | 49755 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.726017952 CEST | 443 | 49755 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:02.726099014 CEST | 49756 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.726090908 CEST | 49757 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.726159096 CEST | 49753 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.726181030 CEST | 443 | 49757 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:02.726186991 CEST | 49754 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.726191044 CEST | 49755 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.726197958 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:02.726249933 CEST | 49757 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.726408005 CEST | 49754 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.726414919 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:02.726521969 CEST | 49755 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.726527929 CEST | 443 | 49755 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:02.726629972 CEST | 49757 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.726650953 CEST | 443 | 49757 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:02.726844072 CEST | 49756 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:02.726864100 CEST | 443 | 49756 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.055640936 CEST | 443 | 49755 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.055738926 CEST | 49755 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.056229115 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.056377888 CEST | 49753 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.057521105 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.057576895 CEST | 49755 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.057588100 CEST | 443 | 49755 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.057636976 CEST | 49754 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.057765007 CEST | 49753 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.057782888 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.057918072 CEST | 443 | 49755 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.058007956 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.059199095 CEST | 49754 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.059211016 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.059357882 CEST | 49755 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.059540033 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.059730053 CEST | 443 | 49757 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.059803963 CEST | 49757 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.060889959 CEST | 49754 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.062354088 CEST | 49757 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.062397003 CEST | 443 | 49757 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.062520027 CEST | 443 | 49756 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.062602043 CEST | 49756 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.062752008 CEST | 443 | 49757 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.063793898 CEST | 49756 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.063805103 CEST | 443 | 49756 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.064141989 CEST | 443 | 49756 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.064176083 CEST | 49757 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.065129995 CEST | 49756 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.067398071 CEST | 49753 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.104159117 CEST | 443 | 49755 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.108128071 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.108140945 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.108148098 CEST | 443 | 49756 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.108160019 CEST | 443 | 49757 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.257157087 CEST | 443 | 49755 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.257268906 CEST | 443 | 49755 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.257350922 CEST | 49755 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.258074999 CEST | 49755 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.258074999 CEST | 49755 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.258093119 CEST | 443 | 49755 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.258100986 CEST | 443 | 49755 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.261162996 CEST | 443 | 49757 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.261324883 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.261348009 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.261403084 CEST | 443 | 49757 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.261418104 CEST | 49753 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.261425018 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.261436939 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.261492014 CEST | 49757 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.261501074 CEST | 49753 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.261492014 CEST | 49757 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.261519909 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.261569023 CEST | 49753 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.261579990 CEST | 49757 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.261619091 CEST | 443 | 49757 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.261859894 CEST | 49753 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.261878014 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.261888027 CEST | 49753 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.261893034 CEST | 443 | 49753 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.271039963 CEST | 49758 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.271085978 CEST | 443 | 49758 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.271322012 CEST | 49758 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.271539927 CEST | 49758 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.271559000 CEST | 443 | 49758 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.272834063 CEST | 49759 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.272855043 CEST | 443 | 49759 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.272933006 CEST | 49759 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.273085117 CEST | 49759 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.273099899 CEST | 443 | 49759 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.273719072 CEST | 49760 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.273729086 CEST | 443 | 49760 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.273792982 CEST | 49760 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.273931026 CEST | 49760 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.273946047 CEST | 443 | 49760 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.299990892 CEST | 443 | 49756 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.300271988 CEST | 443 | 49756 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.300499916 CEST | 49756 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.300535917 CEST | 49756 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.300558090 CEST | 443 | 49756 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.300568104 CEST | 49756 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.300574064 CEST | 443 | 49756 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.309818029 CEST | 49761 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.309828997 CEST | 443 | 49761 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.310075998 CEST | 49761 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.310470104 CEST | 49761 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.310482025 CEST | 443 | 49761 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.405981064 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.406044960 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.406119108 CEST | 49754 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.406133890 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.406270981 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.406315088 CEST | 49754 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.406341076 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.406353951 CEST | 49754 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.406362057 CEST | 443 | 49754 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.415059090 CEST | 49762 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.415092945 CEST | 443 | 49762 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.415190935 CEST | 49762 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.415420055 CEST | 49762 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.415435076 CEST | 443 | 49762 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.588706017 CEST | 443 | 49758 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.589282036 CEST | 49758 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.589315891 CEST | 443 | 49758 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.590143919 CEST | 49758 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.590152979 CEST | 443 | 49758 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.592297077 CEST | 443 | 49759 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.592700958 CEST | 49759 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.592715025 CEST | 443 | 49759 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.593635082 CEST | 49759 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.593640089 CEST | 443 | 49759 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.597531080 CEST | 443 | 49760 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.597949982 CEST | 49760 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.597959042 CEST | 443 | 49760 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.598723888 CEST | 49760 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.598730087 CEST | 443 | 49760 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.634809017 CEST | 443 | 49761 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.635173082 CEST | 49761 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.635186911 CEST | 443 | 49761 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.635936022 CEST | 49761 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.635940075 CEST | 443 | 49761 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.741962910 CEST | 443 | 49762 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.742594957 CEST | 49762 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.742618084 CEST | 443 | 49762 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.743484020 CEST | 49762 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.743490934 CEST | 443 | 49762 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.814974070 CEST | 443 | 49759 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.815076113 CEST | 443 | 49759 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.815159082 CEST | 49759 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.815387011 CEST | 49759 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.815387011 CEST | 49759 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.815402985 CEST | 443 | 49759 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.815412045 CEST | 443 | 49759 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.847599030 CEST | 443 | 49761 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.847749949 CEST | 443 | 49761 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.847815990 CEST | 49761 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.847907066 CEST | 49761 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.847914934 CEST | 443 | 49761 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.847927094 CEST | 49761 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.847930908 CEST | 443 | 49761 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.937402010 CEST | 443 | 49760 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.937566996 CEST | 443 | 49760 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.937740088 CEST | 49760 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.937786102 CEST | 49760 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.937803984 CEST | 443 | 49760 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.937817097 CEST | 49760 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.937824011 CEST | 443 | 49760 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.954891920 CEST | 443 | 49758 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.954968929 CEST | 443 | 49758 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.955029011 CEST | 49758 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.955271959 CEST | 49758 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.955291986 CEST | 443 | 49758 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:03.955310106 CEST | 49758 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:03.955317020 CEST | 443 | 49758 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:04.106054068 CEST | 443 | 49762 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:04.106147051 CEST | 443 | 49762 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:04.106199980 CEST | 49762 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:04.106452942 CEST | 49762 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:04.106475115 CEST | 443 | 49762 | 13.107.213.41 | 192.168.2.4 |
Apr 19, 2024 19:34:04.106486082 CEST | 49762 | 443 | 192.168.2.4 | 13.107.213.41 |
Apr 19, 2024 19:34:04.106492996 CEST | 443 | 49762 | 13.107.213.41 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 19:34:02.724349976 CEST | 1.1.1.1 | 192.168.2.4 | 0xa4a4 | No error (0) | part-0013.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:34:02.724349976 CEST | 1.1.1.1 | 192.168.2.4 | 0xa4a4 | No error (0) | 13.107.213.41 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:34:02.724349976 CEST | 1.1.1.1 | 192.168.2.4 | 0xa4a4 | No error (0) | 13.107.246.41 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49755 | 13.107.213.41 | 443 | 6600 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:03 UTC | 207 | OUT | |
2024-04-19 17:34:03 UTC | 491 | IN | |
2024-04-19 17:34:03 UTC | 777 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49754 | 13.107.213.41 | 443 | 6600 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:03 UTC | 208 | OUT | |
2024-04-19 17:34:03 UTC | 564 | IN | |
2024-04-19 17:34:03 UTC | 1523 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49757 | 13.107.213.41 | 443 | 6600 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:03 UTC | 207 | OUT | |
2024-04-19 17:34:03 UTC | 491 | IN | |
2024-04-19 17:34:03 UTC | 833 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49756 | 13.107.213.41 | 443 | 6600 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:03 UTC | 207 | OUT | |
2024-04-19 17:34:03 UTC | 491 | IN | |
2024-04-19 17:34:03 UTC | 513 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49753 | 13.107.213.41 | 443 | 6600 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:03 UTC | 206 | OUT | |
2024-04-19 17:34:03 UTC | 584 | IN | |
2024-04-19 17:34:03 UTC | 2871 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49758 | 13.107.213.41 | 443 | 6600 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:03 UTC | 207 | OUT | |
2024-04-19 17:34:03 UTC | 471 | IN | |
2024-04-19 17:34:03 UTC | 716 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49759 | 13.107.213.41 | 443 | 6600 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:03 UTC | 207 | OUT | |
2024-04-19 17:34:03 UTC | 491 | IN | |
2024-04-19 17:34:03 UTC | 738 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49760 | 13.107.213.41 | 443 | 6600 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:03 UTC | 207 | OUT | |
2024-04-19 17:34:03 UTC | 491 | IN | |
2024-04-19 17:34:03 UTC | 599 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49761 | 13.107.213.41 | 443 | 6600 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:03 UTC | 207 | OUT | |
2024-04-19 17:34:03 UTC | 491 | IN | |
2024-04-19 17:34:03 UTC | 599 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49762 | 13.107.213.41 | 443 | 6600 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:34:03 UTC | 207 | OUT | |
2024-04-19 17:34:04 UTC | 471 | IN | |
2024-04-19 17:34:04 UTC | 611 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 19:32:53 |
Start date: | 19/04/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb00000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 5 |
Start time: | 19:33:58 |
Start date: | 19/04/2024 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e6a40000 |
File size: | 163'840 bytes |
MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |