Windows
Analysis Report
LISTADO HOTEL INCRESA 2024.xlsx
Overview
General Information
Detection
Score: | 4 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
No malicious behavior found, analyze the document also on other version of Office / Acrobat |
- System is w10x64
- EXCEL.EXE (PID: 2180 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) - splwow64.exe (PID: 4028 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- cleanup
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Memory has grown: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Extra Window Memory Injection | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
part-0013.t-0009.t-msedge.net | 13.107.246.41 | true | false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.41 | part-0013.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430185 |
Start date and time: | 2024-04-23 09:22:30 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | LISTADO HOTEL INCRESA 2024.xlsx |
Detection: | CLEAN |
Classification: | clean4.winXLSX@3/5@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.0.91, 52.109.6.63, 23.221.242.90, 52.113.194.132, 72.21.81.240, 20.189.173.3
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, eus2-azsc-000.roaming.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, osiprod-eus2-buff-azsc-000.eastus2.cloudapp.azure.com, wu.azureedge.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, wus-azsc-config.officeapps.live.com, hlb.apr-52dd2-0.edgecastdns.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, self.events.data.microsoft.com, onedscolprdwus02.westus.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, us1.roamin
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
09:24:23 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.246.41 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
part-0013.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4770 |
Entropy (8bit): | 7.946747821604857 |
Encrypted: | false |
SSDEEP: | 96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m |
MD5: | 1BFE591A4FE3D91B03CDF26EAACD8F89 |
SHA1: | 719C37C320F518AC168C86723724891950911CEA |
SHA-256: | 9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8 |
SHA-512: | 02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 3.1667070084421374 |
Encrypted: | false |
SSDEEP: | 6:kK1MAN+SkQlPlEGYRMY9z+s3Ql2DUevat:akPlE99SCQl2DUevat |
MD5: | C2957B1407EC28B90B7BB006A4F7A49F |
SHA1: | 3A085AA433BA9B7F8D3BC97C5F0979238EB632B7 |
SHA-256: | 1B31233FB124F897AE13567457034C36887BBA82EE5ADE49D248065521AA1419 |
SHA-512: | 0A37B0A9476A1072E4DA146312DF948F30687895D9D8618BDED958D2C9B11E9ACA3456A94D202E2965E3E1DA5D17ABADDE661AE10F47761029953A65B30FF260 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 1.1464700112623651 |
Encrypted: | false |
SSDEEP: | 3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X |
MD5: | 72F5C05B7EA8DD6059BF59F50B22DF33 |
SHA1: | D5AF52E129E15E3A34772806F6C5FBF132E7408E |
SHA-256: | 1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164 |
SHA-512: | 6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.5231029153786204 |
Encrypted: | false |
SSDEEP: | 3:sYp5lFltt:sYp5Nv |
MD5: | B77267835A6BEAC785C351BDE8E1A61C |
SHA1: | FABD93A92989535D43233E3DB9C6579D8174740E |
SHA-256: | 3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3 |
SHA-512: | FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.915763201307942 |
TrID: |
|
File name: | LISTADO HOTEL INCRESA 2024.xlsx |
File size: | 10'697 bytes |
MD5: | 413f836936871d6deee6d20d8df59b83 |
SHA1: | 34725dab71acedbc71b0de51fb33fc6ada52662d |
SHA256: | 4daeb47e659fa0d20245d72f5eece978e63645cb03a7097805976e5dd8727a8d |
SHA512: | 7f654f3187f5b4e456dc8fa8ed782aed3b04de0bf69510922b1b5dc90b694c79a835ffcde10380fab37b031c92fa428edc169f3f502e042b1016d4d7e00d2e34 |
SSDEEP: | 96:vWsh0i+OXNcLC30glP5UnuoMFWsCp2om28pbyI6JF5LDIcfRCeCiZC21buvxnwr3:ushwOXy+Lug1A2dpWIbcIbKInO7oqc7C |
TLSH: | 18227C39E581312DDA37147CD40601E0E05929925F17649E78507A9D3F91AAB13EF3DF |
File Content Preview: | PK..........!.t6Z.z...........[Content_Types].xml ...(......................................................................................................................................................................................................... |
Icon Hash: | 35e58a8c0c8a85b9 |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 09:24:28.590140104 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.590223074 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.590364933 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.590393066 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.590457916 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.590665102 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.590783119 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.590857029 CEST | 443 | 49735 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.590934038 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.590943098 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.591000080 CEST | 443 | 49736 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.591109991 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.591145039 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.591182947 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.591360092 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.591406107 CEST | 443 | 49737 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.591424942 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.591459036 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.591464043 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.591504097 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.591535091 CEST | 443 | 49735 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.591608047 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.591638088 CEST | 443 | 49736 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.591691017 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.591706991 CEST | 443 | 49737 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.930851936 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.930933952 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.932485104 CEST | 443 | 49736 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.932517052 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.932535887 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.932568073 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.932878971 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.933147907 CEST | 443 | 49737 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.933212996 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.933240891 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.933273077 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.933907986 CEST | 443 | 49735 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.934000969 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.934590101 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.934597015 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.934604883 CEST | 443 | 49736 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.934978962 CEST | 443 | 49736 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.936458111 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.936485052 CEST | 443 | 49737 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.936621904 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.936646938 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.937036991 CEST | 443 | 49737 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.937143087 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.938250065 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.938308001 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.938340902 CEST | 443 | 49735 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.938702106 CEST | 443 | 49735 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.938869953 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.940409899 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.941239119 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:28.976161003 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.980140924 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.984123945 CEST | 443 | 49737 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.984142065 CEST | 443 | 49735 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:28.984147072 CEST | 443 | 49736 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.139216900 CEST | 443 | 49735 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.139372110 CEST | 443 | 49735 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.139668941 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.140250921 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.140250921 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.140297890 CEST | 443 | 49735 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.140324116 CEST | 443 | 49735 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.148495913 CEST | 49738 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.148539066 CEST | 443 | 49738 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.149024010 CEST | 49738 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.149024010 CEST | 49738 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.149063110 CEST | 443 | 49738 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.151705980 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.151760101 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.151804924 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.151869059 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.151901960 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.151958942 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.151994944 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.152045965 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.152122021 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.152122021 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.152151108 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.152173042 CEST | 443 | 49733 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.161031008 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.161117077 CEST | 443 | 49739 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.161209106 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.161361933 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.161401987 CEST | 443 | 49739 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.178663015 CEST | 443 | 49737 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.178884983 CEST | 443 | 49737 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.179069996 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.179111004 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.179130077 CEST | 443 | 49737 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.179143906 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.179151058 CEST | 443 | 49737 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.186719894 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.186794996 CEST | 443 | 49740 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.186887026 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.187050104 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.187071085 CEST | 443 | 49740 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.279400110 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.279486895 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.279664993 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.279723883 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.279762983 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.279831886 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.279833078 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.279877901 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.279911995 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.279927969 CEST | 443 | 49734 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.287667036 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.287744999 CEST | 443 | 49741 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.287822008 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.287969112 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.288006067 CEST | 443 | 49741 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.291387081 CEST | 443 | 49736 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.291568995 CEST | 443 | 49736 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.291647911 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.291744947 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.291745901 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.291784048 CEST | 443 | 49736 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.291810989 CEST | 443 | 49736 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.298871994 CEST | 49742 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.298902035 CEST | 443 | 49742 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.299025059 CEST | 49742 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.299158096 CEST | 49742 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.299176931 CEST | 443 | 49742 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.474672079 CEST | 443 | 49738 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.475195885 CEST | 49738 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.475222111 CEST | 443 | 49738 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.476366997 CEST | 49738 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.476372957 CEST | 443 | 49738 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.486563921 CEST | 443 | 49739 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.487128973 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.487189054 CEST | 443 | 49739 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.487829924 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.487844944 CEST | 443 | 49739 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.519992113 CEST | 443 | 49740 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.520524025 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.520555973 CEST | 443 | 49740 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.521595001 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.521600962 CEST | 443 | 49740 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.621395111 CEST | 443 | 49741 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.622031927 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.622088909 CEST | 443 | 49741 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.623189926 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.623204947 CEST | 443 | 49741 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.625607014 CEST | 443 | 49742 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.625941038 CEST | 49742 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.625952959 CEST | 443 | 49742 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.626773119 CEST | 49742 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.626779079 CEST | 443 | 49742 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.683901072 CEST | 443 | 49738 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.684115887 CEST | 443 | 49738 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.684257030 CEST | 49738 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.684303999 CEST | 49738 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.684319019 CEST | 443 | 49738 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.684334040 CEST | 49738 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.684340954 CEST | 443 | 49738 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.731172085 CEST | 443 | 49740 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.731349945 CEST | 443 | 49740 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.731503010 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.731564999 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.731564999 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.731595039 CEST | 443 | 49740 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.731617928 CEST | 443 | 49740 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.740145922 CEST | 443 | 49739 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.740300894 CEST | 443 | 49739 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.740504980 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.740505934 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.740505934 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.878237009 CEST | 443 | 49741 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.878382921 CEST | 443 | 49741 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.878597975 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.878597975 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.878597975 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.983201027 CEST | 443 | 49742 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.983383894 CEST | 443 | 49742 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.983459949 CEST | 49742 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.983688116 CEST | 49742 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.983710051 CEST | 443 | 49742 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:29.983732939 CEST | 49742 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:29.983741045 CEST | 443 | 49742 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:30.046363115 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:30.046432972 CEST | 443 | 49739 | 13.107.246.41 | 192.168.2.5 |
Apr 23, 2024 09:24:30.186875105 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.41 |
Apr 23, 2024 09:24:30.186939955 CEST | 443 | 49741 | 13.107.246.41 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 23, 2024 09:24:28.589131117 CEST | 1.1.1.1 | 192.168.2.5 | 0xa9f6 | No error (0) | part-0013.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 09:24:28.589131117 CEST | 1.1.1.1 | 192.168.2.5 | 0xa9f6 | No error (0) | 13.107.246.41 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 09:24:28.589131117 CEST | 1.1.1.1 | 192.168.2.5 | 0xa9f6 | No error (0) | 13.107.213.41 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49733 | 13.107.246.41 | 443 | 2180 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 07:24:28 UTC | 206 | OUT | |
2024-04-23 07:24:29 UTC | 584 | IN | |
2024-04-23 07:24:29 UTC | 2871 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49737 | 13.107.246.41 | 443 | 2180 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 07:24:28 UTC | 207 | OUT | |
2024-04-23 07:24:29 UTC | 471 | IN | |
2024-04-23 07:24:29 UTC | 833 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49734 | 13.107.246.41 | 443 | 2180 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 07:24:28 UTC | 208 | OUT | |
2024-04-23 07:24:29 UTC | 564 | IN | |
2024-04-23 07:24:29 UTC | 1523 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49735 | 13.107.246.41 | 443 | 2180 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 07:24:28 UTC | 207 | OUT | |
2024-04-23 07:24:29 UTC | 491 | IN | |
2024-04-23 07:24:29 UTC | 513 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49736 | 13.107.246.41 | 443 | 2180 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 07:24:28 UTC | 207 | OUT | |
2024-04-23 07:24:29 UTC | 471 | IN | |
2024-04-23 07:24:29 UTC | 777 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49738 | 13.107.246.41 | 443 | 2180 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 07:24:29 UTC | 207 | OUT | |
2024-04-23 07:24:29 UTC | 470 | IN | |
2024-04-23 07:24:29 UTC | 716 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49739 | 13.107.246.41 | 443 | 2180 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 07:24:29 UTC | 207 | OUT | |
2024-04-23 07:24:29 UTC | 471 | IN | |
2024-04-23 07:24:29 UTC | 738 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49740 | 13.107.246.41 | 443 | 2180 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 07:24:29 UTC | 207 | OUT | |
2024-04-23 07:24:29 UTC | 491 | IN | |
2024-04-23 07:24:29 UTC | 599 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49741 | 13.107.246.41 | 443 | 2180 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 07:24:29 UTC | 207 | OUT | |
2024-04-23 07:24:29 UTC | 471 | IN | |
2024-04-23 07:24:29 UTC | 599 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49742 | 13.107.246.41 | 443 | 2180 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 07:24:29 UTC | 207 | OUT | |
2024-04-23 07:24:29 UTC | 471 | IN | |
2024-04-23 07:24:29 UTC | 611 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:23:19 |
Start date: | 23/04/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbc0000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 7 |
Start time: | 09:24:23 |
Start date: | 23/04/2024 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff614c60000 |
File size: | 163'840 bytes |
MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |