Loading ...

Play interactive tourEdit tour

Analysis Report https://insiderppe.cloudapp.net/

Overview

General Information

Joe Sandbox Version:28.0.0 Lapis Lazuli
Analysis ID:218156
Start date:26.03.2020
Start time:10:09:35
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 2m 22s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:https://insiderppe.cloudapp.net/
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:4
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis stop reason:Timeout
Detection:UNKNOWN
Classification:unknown0.win@3/11@3/0
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • URL browsing timeout or error
Warnings:
Show All
  • Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe
  • Excluded IPs from analysis (whitelisted): 104.92.97.140
  • Excluded domains from analysis (whitelisted): e11290.dspg.akamaiedge.net, go.microsoft.com, go.microsoft.com.edgekey.net
Errors:
  • URL not reachable

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold00 - 100falseunknown

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold30 - 5true
ConfidenceConfidence


Classification Spiderchart

Analysis Advice

All domains contacted by the sample do not resolve. Likely the sample is an old dropper which does no longer work
Joe Sandbox was unable to browse the URL (domain or webserver down or HTTPS issue), try to browse the URL again later



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsGraphical User Interface1Winlogon Helper DLLProcess Injection1Masquerading1Credential DumpingFile and Directory Discovery1Application Deployment SoftwareData from Local SystemData CompressedStandard Non-Application Layer Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesProcess Injection1Network SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Signature Overview

Click to jump to signature section


Networking:

barindex
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)Show sources
Source: unknownDNS traffic detected: query: insiderppe.cloudapp.net replaycode: Name error (3)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: insiderppe.cloudapp.net
Urls found in memory or binary dataShow sources
Source: ~DFBFEF15452482A646.TMP.1.drString found in binary or memory: https://insiderppe.cloudapp.net/
Source: {A9CD94D9-6F41-11EA-AAE6-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://insiderppe.cloudapp.net/Root

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: unknown0.win@3/11@3/0
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A9CD94D7-6F41-11EA-AAE6-9CC1A2A860C6}.datJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF90825D6AB7BEF25F.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6104 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6104 CREDAT:17410 /prefetch:2Jump to behavior
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 218156 URL: https://insiderppe.cloudapp.net/ Startdate: 26/03/2020 Architecture: WINDOWS Score: 0 5 iexplore.exe 1 51 2->5         started        process3 7 iexplore.exe 32 5->7         started        dnsIp4 10 insiderppe.cloudapp.net 7->10

Simulations

Behavior and APIs

No simulations

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
insiderppe.cloudapp.net5%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://insiderppe.cloudapp.net/Root0%Avira URL Cloudsafe
https://insiderppe.cloudapp.net/5%VirustotalBrowse
https://insiderppe.cloudapp.net/0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Startup

  • System is w10x64
  • iexplore.exe (PID: 6104 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5268 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6104 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A9CD94D7-6F41-11EA-AAE6-9CC1A2A860C6}.dat
Process:C:\Program Files\internet explorer\iexplore.exe
File Type:Microsoft Word Document
Size (bytes):30296
Entropy (8bit):1.8515402882874
Encrypted:false
MD5:9AD698C6D125DEA598F3F79F5001A1E0
SHA1:4428B579C01E0CA04470CD5FA4C798A756971899
SHA-256:DFA2403530566D64868C02CBDD31C289CDD3F98D5B19E6BF477A637F240D2B87
SHA-512:FBB1309A2ED2AA57C8B73F73163C342A0B6D49669072AFB4E847704741850B74665EE6D121179086A7F51D85CC10375EF554A960A4E06F9107B44E01B4985E0A
Malicious:false
Reputation:low
Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A9CD94D9-6F41-11EA-AAE6-9CC1A2A860C6}.dat
Process:C:\Program Files\internet explorer\iexplore.exe
File Type:Microsoft Word Document
Size (bytes):24176
Entropy (8bit):1.6287721966876854
Encrypted:false
MD5:C6756B516741F9706C431B75D68EC0E4
SHA1:13E1EF636E8D563BE290803376D2E50F5F9D7C92
SHA-256:778C8F7D904E589D19156450A6656BD3646094CBD006356AB3D4C7EABF9C714D
SHA-512:81A65F9E612AADF59403999391FEBA2988ACCDDA4C5F249A8DC39306965BFF903C90EDC1B47574C62D329D4DA6B0660C5811820E6F5702B6B995CBBBBE774774
Malicious:false
Reputation:low
Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A9CD94DA-6F41-11EA-AAE6-9CC1A2A860C6}.dat
Process:C:\Program Files\internet explorer\iexplore.exe
File Type:Microsoft Word Document
Size (bytes):16984
Entropy (8bit):1.5619718044363953
Encrypted:false
MD5:E7DA12ED1C0AB6F8293390B2DBBA1133
SHA1:1289721AF16E961EEA67DAEE24355CE19340A771
SHA-256:93D91238F9CC560BBFF4DC82464D5BD90F36DB97BA872D7FEF1C4C8EE8EC7DC5
SHA-512:F67D6FB86EFAAA66C8382B73153843FE6571A025A11831DCF0A86974AB1C859EFDA447F89B06727AED1F96033F6872B573351FF4F19241BF0DA133C1DD80E714
Malicious:false
Reputation:low
Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\errorPageStrings[1]
Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes):4720
Entropy (8bit):5.164796203267696
Encrypted:false
MD5:D65EC06F21C379C87040B83CC1ABAC6B
SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:false
Reputation:low
Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\NewErrorPageTemplate[1]
Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes):1612
Entropy (8bit):4.869554560514657
Encrypted:false
MD5:DFEABDE84792228093A5A270352395B6
SHA1:E41258C9576721025926326F76063C2305586F76
SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
Malicious:false
Reputation:low
Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\httpErrorPagesScripts[1]
Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes):12105
Entropy (8bit):5.451485481468043
Encrypted:false
MD5:9234071287E637F85D721463C488704C
SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:false
Reputation:low
Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\dnserror[1]
Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes):2997
Entropy (8bit):4.4885437940628465
Encrypted:false
MD5:2DC61EB461DA1436F5D22BCE51425660
SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
Malicious:false
Reputation:low
Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\down[1]
Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Size (bytes):748
Entropy (8bit):7.249606135668305
Encrypted:false
MD5:C4F558C4C8B56858F15C09037CD6625A
SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:false
Reputation:low
Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
C:\Users\user\AppData\Local\Temp\~DF80504D33C6C9BC2D.TMP
Process:C:\Program Files\internet explorer\iexplore.exe
File Type:data
Size (bytes):25441
Entropy (8bit):0.27918767598683664
Encrypted:false
MD5:AB889A32AB9ACD33E816C2422337C69A
SHA1:1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:false
Reputation:low
Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DF90825D6AB7BEF25F.TMP
Process:C:\Program Files\internet explorer\iexplore.exe
File Type:data
Size (bytes):13029
Entropy (8bit):0.4800581400075244
Encrypted:false
MD5:4927A668E8F44DFE88952390C7D5FA76
SHA1:B3B235CE669A78974E5285CD331742CCFA423BD4
SHA-256:69A14F45A028839534C970ABDD2B8ABD6C83C9E3D368C48F6769AB81FFFEDC7A
SHA-512:7C20A3A272D8D75D09E1868EC6CBA33FDA900CB5747A1178D0F89FB18F6983FFE2DA1F765649CA5BA15DEFBC94640ACBE3F3270B395AC77E5909DC2339350565
Malicious:false
Reputation:low
Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DFBFEF15452482A646.TMP
Process:C:\Program Files\internet explorer\iexplore.exe
File Type:data
Size (bytes):34369
Entropy (8bit):0.34993733148993544
Encrypted:false
MD5:46D880699BEE3025E1FAEEB32ED9E6CE
SHA1:9AAAE1F430DE9292EED57A2B98AF0F3AF784E4AF
SHA-256:0127BD41AF55D34073EB2AFC26715E1FAEADCB925678A43E7D66B21818744C40
SHA-512:6BE3E61306327A5FC1EA60A811386A3FDCD9B4DB6521FF21064C571533C07EE12553C58E346C00EE2BC263E6B6CD43C5B14B47A195917F4EB0A1610AF99A4FF3
Malicious:false
Reputation:low
Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
insiderppe.cloudapp.net
unknown
unknownfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://insiderppe.cloudapp.net/Root{A9CD94D9-6F41-11EA-AAE6-9CC1A2A860C6}.dat.1.drfalse
  • Avira URL Cloud: safe
unknown
https://insiderppe.cloudapp.net/~DFBFEF15452482A646.TMP.1.drfalse
  • 5%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

Contacted IPs

No contacted IP infos

Static File Info

No static file info

Network Behavior

Network Port Distribution

UDP Packets

TimestampSource PortDest PortSource IPDest IP
Mar 26, 2020 10:10:41.575850010 CET5836953192.168.2.68.8.8.8
Mar 26, 2020 10:10:41.601257086 CET53583698.8.8.8192.168.2.6
Mar 26, 2020 10:10:43.104731083 CET6209353192.168.2.68.8.8.8
Mar 26, 2020 10:10:43.138535976 CET53620938.8.8.8192.168.2.6
Mar 26, 2020 10:10:43.167695999 CET5467553192.168.2.68.8.8.8
Mar 26, 2020 10:10:43.206238985 CET53546758.8.8.8192.168.2.6
Mar 26, 2020 10:10:43.215799093 CET6388353192.168.2.68.8.8.8
Mar 26, 2020 10:10:43.249499083 CET53638838.8.8.8192.168.2.6

DNS Queries

TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
Mar 26, 2020 10:10:43.104731083 CET192.168.2.68.8.8.80x53a1Standard query (0)insiderppe.cloudapp.netA (IP address)IN (0x0001)
Mar 26, 2020 10:10:43.167695999 CET192.168.2.68.8.8.80x62efStandard query (0)insiderppe.cloudapp.netA (IP address)IN (0x0001)
Mar 26, 2020 10:10:43.215799093 CET192.168.2.68.8.8.80x7aa9Standard query (0)insiderppe.cloudapp.netA (IP address)IN (0x0001)

DNS Answers

TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
Mar 26, 2020 10:10:43.138535976 CET8.8.8.8192.168.2.60x53a1Name error (3)insiderppe.cloudapp.netnonenoneA (IP address)IN (0x0001)
Mar 26, 2020 10:10:43.206238985 CET8.8.8.8192.168.2.60x62efName error (3)insiderppe.cloudapp.netnonenoneA (IP address)IN (0x0001)
Mar 26, 2020 10:10:43.249499083 CET8.8.8.8192.168.2.60x7aa9Name error (3)insiderppe.cloudapp.netnonenoneA (IP address)IN (0x0001)

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Start time:10:10:40
Start date:26/03/2020
Path:C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):false
Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:0x7ff7286b0000
File size:823560 bytes
MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
Has administrator privileges:false
Programmed in:C, C++ or other language
Reputation:low

General

Start time:10:10:41
Start date:26/03/2020
Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):true
Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6104 CREDAT:17410 /prefetch:2
Imagebase:0xe00000
File size:822536 bytes
MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
Has administrator privileges:false
Programmed in:C, C++ or other language
Reputation:low

Disassembly

Reset < >