Edit tour

Windows Analysis Report
http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1

Overview

General Information

Sample URL:	http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1
Analysis ID:	1435382
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Downloads files with wrong headers with respect to MIME Content-Type

Uses known network protocols on non-standard ports

Drops files with a non-matching file extension (content does not match file extension)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2204,i,6650186484633650709,15485496518386066990,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49743 version: TLS 1.2

Networking

Downloads files with wrong headers with respect to MIME Content-Type

Source: http

Bad PDF prefix: HTTP/1.1 200 OK Cache-Control: private Transfer-Encoding: chunked Content-Type: application/pdf Server: Microsoft-IIS/10.0 content-disposition: inline;filename="A-291631.pdf" X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Thu, 02 May 2024 14:05:03 GMT Data Raw: 31 30 30 64 62 0d 0a 25 50 44 46 2d 31 2e 32 20 0a 25 e2 e3 cf d3 20 0a 31 20 30 20 6f 62 6a 20 0a 3c 3c 20 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 20 0a 2f 50 61 67 65 73 20 32 20 30 20 52 20 0a 2f 50 61 67 65 4d 6f 64 65 20 2f 55 73 65 4e 6f 6e 65 20 0a 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 3c 3c 20 0a 2f 46 69 74 57 69 6e 64 6f 77 20 74 72 75 65 20 0a 2f 50 61 67 65 4c 61 79 6f 75 74 20 2f 53 69 6e 67 6c 65 50 61 67 65 20 0a 2f 4e 6f 6e 46 75 6c 6c 53 63 72 65 65 6e 50 61 67 65 4d 6f 64 65 20 2f 55 73 65 4e 6f 6e 65 20 0a 3e 3e 20 0a 3e 3e 20 0a 65 6e 64 6f 62 6a 20 0a 35 20 30 20 6f 62 6a 20 0a 3c 3c 20 0a 2f 4c 65 6e 67 74 68 20 32 35 31 38 20 0a 2f 46 69 6c 74 65 72 20 5b 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 20 5d 20 0a 3e 3e 20 0a 73 74 72 65 61 6d 0a 78 9c b5 58 db 6e e3 b8 19 be f7 53 10 d8 1b 19 88 1c 92 a2 24 2a 57 eb 38 ce 8c 67 13 67 36 b2 27 28 76 7a a1 d8 4c a2 56 96 3c 92 9c 9d f4 31 fa c4 fd 78 90 ec 38 09 ba 28 50 04 08 28 f2 e7 7f fc fe 03 4d 47 34 24 14 7f 3e b5 ab 38 e1 64 b5 19 50 b3 59 3f ba c5 ed a7 01 93 94 f0 40 12 c6 24 56 2c 0c 22 41 6a 35 b8 1b 94 03 4e be 0c 38 25 7f 0e e8 28 11 09 c1 ff 88 e9 ff 71 44 9a d5 80 0b 4e 42 ce 22 dc 8c b9 24 09 a5 fa de fd 80 87 31 89 02 16 eb 7d 16 10 4e 83 44 1f a4 03 1e 43 0d 1e eb 83 28 e2 84 5b 41 0f 83 80 4a ec 07 66 1f 8c 78 ec f6 35 bd 14 51 a2 19 81 39 4f 0e f8 48 29 02 12 32 a8 c0 c2 38 b4 fb 51 0c ae 52 86 14 6a 81 25 93 91 74 17 f4 56 14 46 64 33 60 2c 81 7a e6 a3 d0 57 68 12 59 23 36 76 1d 41 07 73 92 50 d8 ea 4e cc ba 3f 09 38 0f bb 13 b3 ee 4f b4 45 51 14 06 56 0e b4 34 1f 85 d3 20 0e b9 70 1a 48 fb 61 b9 25 31 ac 87 bb 36 76 2d 83 c0 de 11 41 c2 ba 13 b3 ee 4f 42 19 f6 27 66 dd 9f 24 09 9c e7 4e cc ba 3f e1 46 05 7b 62 d6 7b 39 32 96 bd 1c bd ee 4f 18 8d 65 d2 1d d9 8f 3d bf a8 17 64 6d 35 1f d6 73 b1 8b e7 c6 ae fb 3b e7 8b 01 b3 a0 64 24 91 e0 c6 28 22 b6 e8 50 09 4c 9d 62 0f 70 59 3c 0c bc 59 f9 5c e5 2b 45 ca dd e6 5e d5 43 b2 f8 07 54 00 3c 28 59 ac 07 a7 19 61 fa 2a e8 ce 08 19 fb 3c 61 80 dc 77 ef eb f7 a1 a1 0c 10 16 3f 08 93 8e 16 9f 9a f6 6b f6 a8 08 61 a4 7a 20 84 1b c2 e9 62 f0 63 20 28 4f ac 5e 12 e0 e0 91 49 86 58 a7 cb 69 be 79 a4 84 5c 54 83 df 5f 69 1f 6a 7c 8b 24 d0 ca 1f e8 fc 6d 3a b9 99 cf e6 8b e9 2d 59 a6 e3 13 72 75 35 19 11 62 04 89 98 f8 9c f5 ca 03 bd fa c2 f9 ed 6c f2 db f4 ca 50 fc e1 5d 0d 05 f7 c8 64 b6 18 7a 7f 1b 32 e1 91 21 67 de 42 af 6e ee a6 b7 c3 bf 93 c5 97 81 cf 12 d9 73 f2 90 b1 e9 e8 6e 44 e4 e2 33 49 db 5a a9 f6 84 a4 bb bc 55 48 3b 16 58 57 d0 bd 64 ef 3a cf 36 f9 89 d3 08 0e b4 bb 97 af e4 5b 39 b8 ef 4e 83 80 05 54 db 63 a8 7c c6 61 76 cf f0 eb 53 55 2a 84 80 8d a4 94 23 29 d8 48 24 31 27 a7 6e 23 90 d1 28 48 02 6a 35 09 39 2e 0a a6 2f

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 8002
Source: unknown	Network traffic detected: HTTP traffic on port 8002 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 8002
Source: unknown	Network traffic detected: HTTP traffic on port 8002 -> 49735

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1 HTTP/1.1Host: collectionsystem.veconinter.com:8002Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: collectionsystem.veconinter.com:8002Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: collectionsystem.veconinter.com
Source: global traffic	DNS traffic detected: DNS query: _8002._https.collectionsystem.veconinter.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 02 May 2024 14:05:05 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: classification engine

Classification label: mal48.troj.win@18/4@4/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2204,i,6650186484633650709,15485496518386066990,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2204,i,6650186484633650709,15485496518386066990,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 42
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 42			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 8002
Source: unknown	Network traffic detected: HTTP traffic on port 8002 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 8002
Source: unknown	Network traffic detected: HTTP traffic on port 8002 -> 49735

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	3 Ingress Tool Transfer	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
http://collectionsystem.veconinter.com:8002/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
collectionsystem.veconinter.com	209.208.210.36	true	false	unknown
www.google.com	142.251.40.196	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
_8002._https.collectionsystem.veconinter.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1	false		unknown
http://collectionsystem.veconinter.com:8002/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
209.208.210.36	collectionsystem.veconinter.com	United States	11767	QTS-MIAUS	false
142.251.40.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1435382
Start date and time:	2024-05-02 16:04:02 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.troj.win@18/4@4/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.81.227, 142.250.81.238, 172.253.122.84, 34.104.35.123, 52.165.165.26, 199.232.214.172, 192.229.211.108, 13.85.23.206, 20.242.39.171, 142.251.40.163, 142.251.40.238
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.2, 2 pages
Category:	downloaded
Size (bytes):	65755
Entropy (8bit):	7.955482178127497
Encrypted:	false
SSDEEP:	1536:XNk8Sp4Mn8sktAvMq9J917zk2rDmAnzLASObvL2PxGB:9ypkZk3D7zjrZzLAS0AsB
MD5:	DBBB1B5B819393E0B336BB75AD72B518
SHA1:	5DFCF13053F0C1668C517376081A481D7CAE29A1
SHA-256:	0A890D22F2DF605DD70D27CDA7709A7F1941777E3DF82B7DAFC6E36C826C695E
SHA-512:	B0216600A62088447042EB49EBB7002BEC66ECDE8ADA28E1A7B8A051A2C5374C88A3BD88E936EE74756AF2F75BDC28789589A3B0320A5456F638B57386B8FC44
Malicious:	false
Reputation:	low
URL:	http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1
Preview:	%PDF-1.2 .%.... .1 0 obj .<< ./Type /Catalog ./Pages 2 0 R ./PageMode /UseNone ./ViewerPreferences << ./FitWindow true ./PageLayout /SinglePage ./NonFullScreenPageMode /UseNone .>> .>> .endobj .5 0 obj .<< ./Length 2518 ./Filter [ /FlateDecode ] .>> .stream.x..X.n....S........$W.8.g.g6.'(vz..L.V.<....1...x..8..(P..(......MG4$..>..8.d..P.Y?.......@..$V,."Aj5....N..8%...(.......qD...NB."..$.......1....}..N.D....C...(.[A...J..f..x..5..Q...9O..H)..2...8..Q..R..j.%..t..V.Fd3`,.z..Wh.Y#6v.A.s.P..N.?.8.....O.EQ..V..4... ..p.H.a.%1...6v-....A....OB..'f.$...N.?.F.{b.{92.....O..e...=...dm5..s.....;....d$...("..P.L.b.pY<..Y.\.+E...^.C...T.<(Y....a......<a..w........?.......k...a.z ....b.c (O.^....I.X..i.y..\T.._i.j\|.$.....m:.....-Y...ru5..b.............l....P..]....d..z..2.!g.B.n........s...nD..3I.Z......UH;.XW.d.:.6..........[9..N...T.c.\|.av...SU*.....#).H$1'.n#..(H.j5.9.../j?2.q.yU..Z.yU6.>.UU.e....XE.08p...e.._.9.n...t:.n...&S2t'WC.....N.\|y}>.M..@@..D..L.#......Q

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1245
Entropy (8bit):	5.462849750105637
Encrypted:	false
SSDEEP:	24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5
MD5:	5343C1A8B203C162A3BF3870D9F50FD4
SHA1:	04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
SHA-256:	DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
SHA-512:	E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
Malicious:	false
Reputation:	low
URL:	http://collectionsystem.veconinter.com:8002/favicon.ico
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 2, 2024 16:04:43.479691029 CEST	49675	443	192.168.2.4	173.222.162.32
May 2, 2024 16:04:44.355263948 CEST	49678	443	192.168.2.4	104.46.162.224
May 2, 2024 16:04:53.081773043 CEST	49675	443	192.168.2.4	173.222.162.32
May 2, 2024 16:04:53.196604013 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.197000027 CEST	49736	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.322701931 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.322727919 CEST	49737	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.322779894 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.322983980 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.323215961 CEST	8002	49736	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.323276043 CEST	49736	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.446505070 CEST	8002	49737	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.446662903 CEST	49737	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.496486902 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.721812963 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.722040892 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.722057104 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.722070932 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.722084999 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.722177029 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.722177029 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.722182035 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.722217083 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.722305059 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.722385883 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.722418070 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.722470045 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.722526073 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.722554922 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.846710920 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.846780062 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.846823931 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.846849918 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.846955061 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.846987963 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.847064018 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.847189903 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.847224951 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.847224951 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.847296000 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.847327948 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.847383022 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.847480059 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.847511053 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.847568035 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.847672939 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.847712040 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.847733021 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.847853899 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.847897053 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.847948074 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.848030090 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.848063946 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.848126888 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.848239899 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.848272085 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.848290920 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.848372936 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.848406076 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.969970942 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.970031023 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.970077038 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.970206022 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.970221043 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.970251083 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.970273972 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.970432997 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.970465899 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.970477104 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.970591068 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.970645905 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.973351002 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.973427057 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.973476887 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.973486900 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.973561049 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.973592997 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.973607063 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.973699093 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.973732948 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.973766088 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.973834991 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.973866940 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.973889112 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.973967075 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.973999977 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.974050045 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.974147081 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.974174023 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:53.974225044 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.976778984 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:53.976815939 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:55.212136030 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:55.336144924 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:55.336163998 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:04:55.336368084 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:04:55.814099073 CEST	49741	443	192.168.2.4	142.251.40.196
May 2, 2024 16:04:55.814131975 CEST	443	49741	142.251.40.196	192.168.2.4
May 2, 2024 16:04:55.814193010 CEST	49741	443	192.168.2.4	142.251.40.196
May 2, 2024 16:04:55.815016031 CEST	49741	443	192.168.2.4	142.251.40.196
May 2, 2024 16:04:55.815028906 CEST	443	49741	142.251.40.196	192.168.2.4
May 2, 2024 16:04:56.082041025 CEST	443	49741	142.251.40.196	192.168.2.4
May 2, 2024 16:04:56.104968071 CEST	49741	443	192.168.2.4	142.251.40.196
May 2, 2024 16:04:56.104984045 CEST	443	49741	142.251.40.196	192.168.2.4
May 2, 2024 16:04:56.106004953 CEST	443	49741	142.251.40.196	192.168.2.4
May 2, 2024 16:04:56.106070042 CEST	49741	443	192.168.2.4	142.251.40.196
May 2, 2024 16:04:56.111133099 CEST	49741	443	192.168.2.4	142.251.40.196
May 2, 2024 16:04:56.111202955 CEST	443	49741	142.251.40.196	192.168.2.4
May 2, 2024 16:04:56.228475094 CEST	49741	443	192.168.2.4	142.251.40.196
May 2, 2024 16:04:56.228496075 CEST	443	49741	142.251.40.196	192.168.2.4
May 2, 2024 16:04:56.431624889 CEST	49741	443	192.168.2.4	142.251.40.196
May 2, 2024 16:04:56.797401905 CEST	49742	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:56.797430038 CEST	443	49742	23.51.58.94	192.168.2.4
May 2, 2024 16:04:56.797492981 CEST	49742	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:56.798923016 CEST	49742	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:56.798934937 CEST	443	49742	23.51.58.94	192.168.2.4
May 2, 2024 16:04:56.988912106 CEST	443	49742	23.51.58.94	192.168.2.4
May 2, 2024 16:04:56.988977909 CEST	49742	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:56.992608070 CEST	49742	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:56.992614031 CEST	443	49742	23.51.58.94	192.168.2.4
May 2, 2024 16:04:56.993001938 CEST	443	49742	23.51.58.94	192.168.2.4
May 2, 2024 16:04:57.040973902 CEST	49742	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.170520067 CEST	49742	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.216123104 CEST	443	49742	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.260679007 CEST	443	49742	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.260828972 CEST	443	49742	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.260888100 CEST	49742	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.334932089 CEST	49742	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.334954023 CEST	443	49742	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.334969044 CEST	49742	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.334975958 CEST	443	49742	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.464834929 CEST	49743	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.464863062 CEST	443	49743	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.464927912 CEST	49743	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.466553926 CEST	49743	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.466564894 CEST	443	49743	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.651990891 CEST	443	49743	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.652079105 CEST	49743	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.654128075 CEST	49743	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.654134035 CEST	443	49743	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.654457092 CEST	443	49743	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.656229973 CEST	49743	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.700129032 CEST	443	49743	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.834337950 CEST	443	49743	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.834446907 CEST	443	49743	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.834492922 CEST	49743	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.835233927 CEST	49743	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.835247993 CEST	443	49743	23.51.58.94	192.168.2.4
May 2, 2024 16:04:59.835258007 CEST	49743	443	192.168.2.4	23.51.58.94
May 2, 2024 16:04:59.835262060 CEST	443	49743	23.51.58.94	192.168.2.4
May 2, 2024 16:05:06.080641031 CEST	443	49741	142.251.40.196	192.168.2.4
May 2, 2024 16:05:06.080688000 CEST	443	49741	142.251.40.196	192.168.2.4
May 2, 2024 16:05:06.080929995 CEST	49741	443	192.168.2.4	142.251.40.196
May 2, 2024 16:05:07.981951952 CEST	49741	443	192.168.2.4	142.251.40.196
May 2, 2024 16:05:07.981971025 CEST	443	49741	142.251.40.196	192.168.2.4
May 2, 2024 16:05:38.338641882 CEST	49736	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:05:38.448041916 CEST	49737	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:05:38.462317944 CEST	8002	49736	209.208.210.36	192.168.2.4
May 2, 2024 16:05:38.570239067 CEST	8002	49737	209.208.210.36	192.168.2.4
May 2, 2024 16:05:40.338639021 CEST	49735	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:05:40.460511923 CEST	8002	49735	209.208.210.36	192.168.2.4
May 2, 2024 16:05:53.981724977 CEST	49736	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:05:53.981873989 CEST	49737	8002	192.168.2.4	209.208.210.36
May 2, 2024 16:05:54.107400894 CEST	8002	49737	209.208.210.36	192.168.2.4
May 2, 2024 16:05:54.107810974 CEST	8002	49736	209.208.210.36	192.168.2.4
May 2, 2024 16:05:55.848139048 CEST	49752	443	192.168.2.4	142.251.40.196
May 2, 2024 16:05:55.848180056 CEST	443	49752	142.251.40.196	192.168.2.4
May 2, 2024 16:05:55.848362923 CEST	49752	443	192.168.2.4	142.251.40.196
May 2, 2024 16:05:55.848594904 CEST	49752	443	192.168.2.4	142.251.40.196
May 2, 2024 16:05:55.848608971 CEST	443	49752	142.251.40.196	192.168.2.4
May 2, 2024 16:05:56.109093904 CEST	443	49752	142.251.40.196	192.168.2.4
May 2, 2024 16:05:56.109582901 CEST	49752	443	192.168.2.4	142.251.40.196
May 2, 2024 16:05:56.109621048 CEST	443	49752	142.251.40.196	192.168.2.4
May 2, 2024 16:05:56.109915972 CEST	443	49752	142.251.40.196	192.168.2.4
May 2, 2024 16:05:56.110357046 CEST	49752	443	192.168.2.4	142.251.40.196
May 2, 2024 16:05:56.110423088 CEST	443	49752	142.251.40.196	192.168.2.4
May 2, 2024 16:05:56.151407003 CEST	49752	443	192.168.2.4	142.251.40.196
May 2, 2024 16:06:04.336987972 CEST	49724	80	192.168.2.4	199.232.210.172
May 2, 2024 16:06:04.426640987 CEST	80	49724	199.232.210.172	192.168.2.4
May 2, 2024 16:06:04.426806927 CEST	80	49724	199.232.210.172	192.168.2.4
May 2, 2024 16:06:04.426862955 CEST	49724	80	192.168.2.4	199.232.210.172
May 2, 2024 16:06:06.112962961 CEST	443	49752	142.251.40.196	192.168.2.4
May 2, 2024 16:06:06.113029003 CEST	443	49752	142.251.40.196	192.168.2.4
May 2, 2024 16:06:06.113079071 CEST	49752	443	192.168.2.4	142.251.40.196
May 2, 2024 16:06:07.981220007 CEST	49752	443	192.168.2.4	142.251.40.196
May 2, 2024 16:06:07.981285095 CEST	443	49752	142.251.40.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 2, 2024 16:04:51.679897070 CEST	53	58992	1.1.1.1	192.168.2.4
May 2, 2024 16:04:51.679943085 CEST	53	51219	1.1.1.1	192.168.2.4
May 2, 2024 16:04:52.260953903 CEST	53	63211	1.1.1.1	192.168.2.4
May 2, 2024 16:04:53.061068058 CEST	63753	53	192.168.2.4	1.1.1.1
May 2, 2024 16:04:53.066013098 CEST	51253	53	192.168.2.4	1.1.1.1
May 2, 2024 16:04:53.195107937 CEST	53	51253	1.1.1.1	192.168.2.4
May 2, 2024 16:04:53.196032047 CEST	53	63753	1.1.1.1	192.168.2.4
May 2, 2024 16:04:55.723712921 CEST	63378	53	192.168.2.4	1.1.1.1
May 2, 2024 16:04:55.723898888 CEST	57055	53	192.168.2.4	1.1.1.1
May 2, 2024 16:04:55.811649084 CEST	53	63378	1.1.1.1	192.168.2.4
May 2, 2024 16:04:55.812216997 CEST	53	57055	1.1.1.1	192.168.2.4
May 2, 2024 16:05:09.354594946 CEST	53	56384	1.1.1.1	192.168.2.4
May 2, 2024 16:05:14.881623030 CEST	138	138	192.168.2.4	192.168.2.255
May 2, 2024 16:05:32.023070097 CEST	53	51527	1.1.1.1	192.168.2.4
May 2, 2024 16:05:34.182368040 CEST	53	56670	1.1.1.1	192.168.2.4
May 2, 2024 16:05:51.573477983 CEST	53	61228	1.1.1.1	192.168.2.4
May 2, 2024 16:05:56.870691061 CEST	53	51845	1.1.1.1	192.168.2.4
May 2, 2024 16:06:19.491717100 CEST	53	54446	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 2, 2024 16:05:34.182661057 CEST	192.168.2.4	1.1.1.1	c221	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 2, 2024 16:04:53.061068058 CEST	192.168.2.4	1.1.1.1	0x74f8	Standard query (0)	collectionsystem.veconinter.com	A (IP address)	IN (0x0001)	false
May 2, 2024 16:04:53.066013098 CEST	192.168.2.4	1.1.1.1	0xd3d4	Standard query (0)	_8002._https.collectionsystem.veconinter.com	65	IN (0x0001)	false
May 2, 2024 16:04:55.723712921 CEST	192.168.2.4	1.1.1.1	0x6a1a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 2, 2024 16:04:55.723898888 CEST	192.168.2.4	1.1.1.1	0xb742	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 2, 2024 16:04:53.195107937 CEST	1.1.1.1	192.168.2.4	0xd3d4	Name error (3)	_8002._https.collectionsystem.veconinter.com	none	none	65	IN (0x0001)	false
May 2, 2024 16:04:53.196032047 CEST	1.1.1.1	192.168.2.4	0x74f8	No error (0)	collectionsystem.veconinter.com		209.208.210.36	A (IP address)	IN (0x0001)	false
May 2, 2024 16:04:55.811649084 CEST	1.1.1.1	192.168.2.4	0x6a1a	No error (0)	www.google.com		142.251.40.196	A (IP address)	IN (0x0001)	false
May 2, 2024 16:04:55.812216997 CEST	1.1.1.1	192.168.2.4	0xb742	No error (0)	www.google.com			65	IN (0x0001)	false
May 2, 2024 16:05:05.862586021 CEST	1.1.1.1	192.168.2.4	0x596d	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
May 2, 2024 16:05:05.862586021 CEST	1.1.1.1	192.168.2.4	0x596d	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
May 2, 2024 16:05:06.147314072 CEST	1.1.1.1	192.168.2.4	0xff5e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 16:05:06.147314072 CEST	1.1.1.1	192.168.2.4	0xff5e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
May 2, 2024 16:05:18.927921057 CEST	1.1.1.1	192.168.2.4	0xe044	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 16:05:18.927921057 CEST	1.1.1.1	192.168.2.4	0xe044	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
May 2, 2024 16:05:49.278908968 CEST	1.1.1.1	192.168.2.4	0x5547	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 16:05:49.278908968 CEST	1.1.1.1	192.168.2.4	0x5547	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
May 2, 2024 16:06:04.568638086 CEST	1.1.1.1	192.168.2.4	0x2920	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 16:06:04.568638086 CEST	1.1.1.1	192.168.2.4	0x2920	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

collectionsystem.veconinter.com:8002

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	209.208.210.36	8002	1456	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 2, 2024 16:04:53.322983980 CEST	568	OUT	GET /Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1 HTTP/1.1 Host: collectionsystem.veconinter.com:8002 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 2, 2024 16:04:53.721812963 CEST	1289	IN	HTTP/1.1 200 OK Cache-Control: private Transfer-Encoding: chunked Content-Type: application/pdf Server: Microsoft-IIS/10.0 content-disposition: inline;filename="A-291631.pdf" X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Thu, 02 May 2024 14:05:03 GMT Data Raw: 31 30 30 64 62 0d 0a 25 50 44 46 2d 31 2e 32 20 0a 25 e2 e3 cf d3 20 0a 31 20 30 20 6f 62 6a 20 0a 3c 3c 20 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 20 0a 2f 50 61 67 65 73 20 32 20 30 20 52 20 0a 2f 50 61 67 65 4d 6f 64 65 20 2f 55 73 65 4e 6f 6e 65 20 0a 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 3c 3c 20 0a 2f 46 69 74 57 69 6e 64 6f 77 20 74 72 75 65 20 0a 2f 50 61 67 65 4c 61 79 6f 75 74 20 2f 53 69 6e 67 6c 65 50 61 67 65 20 0a 2f 4e 6f 6e 46 75 6c 6c 53 63 72 65 65 6e 50 61 67 65 4d 6f 64 65 20 2f 55 73 65 4e 6f 6e 65 20 0a 3e 3e 20 0a 3e 3e 20 0a 65 6e 64 6f 62 6a 20 0a 35 20 30 20 6f 62 6a 20 0a 3c 3c 20 0a 2f 4c 65 6e 67 74 68 20 32 35 31 38 20 0a 2f 46 69 6c 74 65 72 20 5b 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 20 5d 20 0a 3e 3e 20 0a 73 74 72 65 61 6d 0a 78 9c b5 58 db 6e e3 b8 19 be f7 53 10 d8 1b 19 88 1c 92 a2 24 2a 57 eb 38 ce 8c 67 13 67 36 b2 27 28 76 7a a1 d8 4c a2 56 96 3c 92 9c 9d f4 31 fa c4 fd 78 90 ec 38 09 ba 28 50 04 08 28 f2 e7 7f fc fe 03 4d 47 34 24 14 [TRUNCATED] Data Ascii: 100db%PDF-1.2 % 1 0 obj << /Type /Catalog /Pages 2 0 R /PageMode /UseNone /ViewerPreferences << /FitWindow true /PageLayout /SinglePage /NonFullScreenPageMode /UseNone >> >> endobj 5 0 obj << /Length 2518 /Filter [ /FlateDecode ] >> streamxXnS$W8gg6'(vzLV<1x8(P(MG4$>8dPY?@$V,"Aj5N8%(qDNB"$1}NDC([AJfx5Q9OH)28QRj%tVFd3`,zWhY#6vAsPN?8OEQV4 pHa%16v-AOB'f$N?F{b{92Oe=dm5s;d$("PLbpY<Y\+E^CT<(Ya<aw?kaz bc (O^IXiy\T_ij\|$m:-Yru5blP]dz2!gBnsnD3IZUH;XWd:6[9NTc\|avSU*#)H$1'n#(Hj59./j?2qyUZyU6>UUeXE08pe_9nt:n&S2t'WCN\|y}>M@@DL#QT [TRUNCATED]
May 2, 2024 16:04:55.212136030 CEST	533	OUT	GET /favicon.ico HTTP/1.1 Host: collectionsystem.veconinter.com:8002 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 2, 2024 16:04:55.336144924 CEST	1289	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 02 May 2024 14:05:05 GMT Content-Length: 1245 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49742	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:04:59 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-02 14:04:59 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=41545 Date: Thu, 02 May 2024 14:04:59 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49743	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:04:59 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-02 14:04:59 UTC	455	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 Cache-Control: public, max-age=61048 Date: Thu, 02 May 2024 14:04:59 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-02 14:04:59 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	16:04:46
Start date:	02/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	16:04:49
Start date:	02/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2204,i,6650186484633650709,15485496518386066990,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	16:04:52
Start date:	02/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5848, Parent PID: 2836

General

Chronological Activities

Analysis Process: chrome.exePID: 1456, Parent PID: 5848

General

Chronological Activities

Analysis Process: chrome.exePID: 6472, Parent PID: 2836

General

Chronological Activities

Disassembly

Windows Analysis Report
http://collectionsystem.veconinter.com:8002/Default.aspx?Pais=TMVb4l9krDsyWtcOACvZcw==&Tipo=5vw2xkejLdEpXNK8ckiYpA==&Val=Ju61jJ3lX3gIjnPLX+eDdQ==&Id=3243049&VR=1