Analysis Report CUSTOM SHIPING DOCS.exe
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
System Summary: |
---|
PE file has a writeable .text section | Show sources |
Source: | Static PE information: |
Source: | Process created: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | DLL Side-Loading1 | Process Injection1 | Modify Registry1 | Input Capture1 | Security Software Discovery21 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion2 | LSASS Memory | Virtualization/Sandbox Evasion2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection1 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | DLL Side-Loading1 | NTDS | System Information Discovery11 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 326327 |
Start date: | 03.12.2020 |
Start time: | 09:54:14 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | CUSTOM SHIPING DOCS.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.winEXE@2/4@0/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
09:55:16 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7922 |
Entropy (8bit): | 3.7850467920526656 |
Encrypted: | false |
SSDEEP: | 192:Y2PjYzDVjGAbHBUZMX1gVjh/u7sBS274ItMVL+j:ljcZ1BUZMXgjh/u7sBX4ItQ+j |
MD5: | 80F8C7E08B081D1EB261F293F1C1429A |
SHA1: | 634CC4C2E2D995A4B64DC481725CB212D94ADFB7 |
SHA-256: | D12CAC24876282210541DFB9A14343B62B4E2D8A05D3EFC23A524905040F49CA |
SHA-512: | E8D4F4C326AAD187A9D8BE0C34CFD3AAF306EFCF13F6BD15C9F1B40D799A6DA4F39892C8100503065A1119D0570DBE37B6023A5E70DB52CAEA70CA25F242DCFD |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 18274 |
Entropy (8bit): | 2.1723860993650024 |
Encrypted: | false |
SSDEEP: | 96:5Ri8Q/vE1cC0JuXM1GE8pfocfnmX7P7vQXiTVVpE0iWlfpWInWIX4I4EhNHPA:e3C0JiM+gXvvQXuV80iW8EhNHPA |
MD5: | 86F8BE2D4ED6E1617E5E41BDFFECE433 |
SHA1: | 66E2784B66A1D117EECD395A64B9217FF8BEDBB7 |
SHA-256: | B2B2406D84BAC2117FA8A1DC2A1FD3AB588B25CD15BB421C901A2CA9928C0B39 |
SHA-512: | 53EE36D6BF3E5696AB186340185017444923D61671904F1A738FFBBE643FFE58E3C4E5022BD0306C24A65AB8295B8E5072A64AF89AB54F7C2FB6A136765C77AB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8340 |
Entropy (8bit): | 3.706754522402832 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiEoy636YJ2SUbisoCgmfHMISqCprg89bMxsfbkm:RrlsNi8636YISUbiJCgmfLSfMqfd |
MD5: | F426F0F23C6E2383D6F59433A2B9346B |
SHA1: | 3548DB9EB7050B33F825B4AAF3156730389CDB9A |
SHA-256: | A3984A99D4A9928EFE2021C2303EE78AC9B03075BC9B1F8254F2CE8472D359BC |
SHA-512: | C98530CBDFCCD046C936592206AE067FB4FAEDB7105517FE7D3E0A9B30007F64F89525521EA25220426144060BE12DF2C9FA4DB70BACDC109E54B0F336C56111 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4630 |
Entropy (8bit): | 4.535775844018153 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsYJgtWI9GgWSC8BS8fm8M4Jgkqk5/kkFE+q8rkDk4kb8oYNktvkktld:uITfeFZSNRJg5IkwGcb8HSvkSld |
MD5: | 30D2C6E6A357339ADE606501DF5EAE11 |
SHA1: | 8681B85C084E6A99E7861AB02AF5E0F0E68672BA |
SHA-256: | 26E16D76377B0BA36138F495D3BB8773B4D51FD5B7A6EA18E56E5F5A4F3827F6 |
SHA-512: | 2DBDD5DF481B60A3FD86C7D4B3E223025EEEE7EB5BE38732CB1EE38E6AF9664CCD39DC56BA7D56CE38B920507D8B4B6A5D974E859AC2A8A292FE14D01F88AB6A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.364732034538418 |
TrID: |
|
File name: | CUSTOM SHIPING DOCS.exe |
File size: | 1651712 |
MD5: | 5533ec4c49c29a1225d1b01d38933bd4 |
SHA1: | f3aa3401d15d44d65177ba02244c189ee1e822fb |
SHA256: | ed8bdc7dfb03c556a144b552517f725297acac5c046313b9f8a96432d94cdf5c |
SHA512: | 0e25a152469a943eb9edc37a753dad54ffec54d434f2ba3d6e4d2a1a65469026ad7ad1868646bd02126488b4b37cbc9ec3b307c768d3224d3d5b9fcdc6cab39c |
SSDEEP: | 12288:+MwYi7KvtGdcPXZig1LgO5adyneWQ8MCUIFiyS0ry90JrgV9V8+7c:+MR/vtGd6XogRgqlneWMzIJry9mrghc |
File Content Preview: | MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|.._...............G.2...H...........`........@..........................`............................................. |
File Icon |
---|
Icon Hash: | 0f4d494919151b03 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x540800 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x5FC88D7C [Thu Dec 3 07:02:20 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 1 |
OS Version Minor: | 0 |
File Version Major: | 1 |
File Version Minor: | 0 |
Subsystem Version Major: | 1 |
Subsystem Version Minor: | 0 |
Import Hash: |
Entrypoint Preview |
---|
Instruction |
---|
call 00007FBD74F859A5h |
pop edx |
sub edx, 06h |
push edx |
xchg ebx, ebx |
xchg ecx, ecx |
and ecx, ecx |
nop |
xchg ecx, ecx |
xchg ebx, ebx |
mov ebx, dword ptr fs:[00000030h] |
or ecx, ecx |
xchg ecx, ecx |
xchg ecx, ecx |
mov ebx, dword ptr [ebx+0Ch] |
xchg ebx, ebx |
mov ebx, dword ptr [ebx+0Ch] |
mov ebx, dword ptr [ebx] |
xchg ecx, ecx |
xchg ebx, ebx |
xchg ecx, ecx |
and edx, FFFFFFFFh |
mov ebx, dword ptr [ebx] |
and ecx, FFFFFFFFh |
and eax, eax |
mov eax, dword ptr [ebx+18h] |
mov dword ptr [ebp-04h], eax |
mov eax, dword ptr [eax+3Ch] |
add eax, dword ptr [ebp-04h] |
xchg ebx, ebx |
xchg ebx, ebx |
mov eax, dword ptr [eax+78h] |
xchg edx, edx |
add eax, dword ptr [ebp-04h] |
and ecx, FFFFFFFFh |
and ecx, FFFFFFFFh |
mov ebx, dword ptr [eax+20h] |
nop |
add ebx, dword ptr [ebp-04h] |
mov ecx, dword ptr [eax+1Ch] |
add ecx, dword ptr [ebp-04h] |
xchg ebx, ebx |
and eax, eax |
mov edx, dword ptr [eax+24h] |
add edx, dword ptr [ebp-04h] |
or ecx, ecx |
push ecx |
and eax, eax |
mov esi, dword ptr [ebx] |
or ecx, ecx |
and eax, eax |
and edx, FFFFFFFFh |
add esi, dword ptr [ebp-04h] |
and edx, FFFFFFFFh |
and ebx, FFFFFFFFh |
push edx |
push esi |
and edx, FFFFFFFFh |
xchg edx, edx |
call 00007FBD74F85A6Ch |
or ebx, ebx |
or eax, eax |
or eax, eax |
pop edx |
and edx, edx |
cmp eax, 0038D13Ch |
je 00007FBD74F859B3h |
add ebx, 04h |
add edx, 02h |
jmp 00007FBD74F85966h |
or eax, eax |
pop ecx |
and edx, edx |
and ecx, ecx |
xor ebx, ebx |
xchg ebx, ebx |
mov bx, word ptr [edx] |
or edx, edx |
or ecx, ecx |
imul ebx, ebx, 04h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x18e000 | 0x7e62 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x13f9ae | 0x13fa00 | False | 0.238771631795 | PE32 executable (GUI) Intel 80386, for MS Windows | 4.31097129452 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x141000 | 0x7b8 | 0x800 | False | 0.623046875 | data | 5.6759037632 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x142000 | 0x4aacf | 0x4ac00 | False | 0.969752691263 | data | 7.97592063341 | IMAGE_SCN_MEM_READ |
.tls | 0x18d000 | 0x7c | 0x200 | False | 0.052734375 | data | 0.118369631259 | IMAGE_SCN_MEM_READ |
.rsrc | 0x18e000 | 0x7e62 | 0x8000 | False | 0.276885986328 | data | 5.1412464449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x18e144 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x18e5ac | 0x10a8 | data | ||
RT_ICON | 0x18f654 | 0x25a8 | data | ||
RT_ICON | 0x191bfc | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 | ||
RT_GROUP_ICON | 0x195e24 | 0x3e | data |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 3, 2020 09:55:15.382527113 CET | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:15.409651041 CET | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:27.598934889 CET | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:27.626153946 CET | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:30.712460995 CET | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:30.739506006 CET | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:42.195780993 CET | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:42.222894907 CET | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:48.526441097 CET | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:48.562110901 CET | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:48.740497112 CET | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:48.767518997 CET | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:49.060944080 CET | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:49.088076115 CET | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:49.610852003 CET | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:49.646439075 CET | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:49.963970900 CET | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:49.999511003 CET | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:50.032325029 CET | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:50.059374094 CET | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:50.355537891 CET | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:50.391247034 CET | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:50.830770969 CET | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:50.857815981 CET | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:50.987785101 CET | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:51.023884058 CET | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:51.038671970 CET | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:51.050940990 CET | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:51.278572083 CET | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:51.314137936 CET | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:52.014503002 CET | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:52.041543007 CET | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:52.042524099 CET | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:52.078263998 CET | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:52.772540092 CET | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:52.807884932 CET | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:53.305727005 CET | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:53.341255903 CET | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:54.202275038 CET | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:54.254012108 CET | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:55:59.313374043 CET | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:55:59.340518951 CET | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:01.322101116 CET | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:01.358037949 CET | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:01.899019003 CET | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:01.936269999 CET | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:02.475178003 CET | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:02.502134085 CET | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:03.477876902 CET | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:03.504909039 CET | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:04.812575102 CET | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:04.839746952 CET | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:05.995042086 CET | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:06.022115946 CET | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:07.062769890 CET | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:07.090977907 CET | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:08.196661949 CET | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:08.223818064 CET | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:09.229789972 CET | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:09.265063047 CET | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:35.032382965 CET | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:35.069066048 CET | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:39.613584042 CET | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:39.640738964 CET | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:40.717015028 CET | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:40.744045019 CET | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:56:55.302460909 CET | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:56:55.329572916 CET | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:57:11.626024008 CET | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:57:11.653177977 CET | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
Dec 3, 2020 09:57:13.986433029 CET | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 3, 2020 09:57:14.013592005 CET | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 09:55:07 |
Start date: | 03/12/2020 |
Path: | C:\Users\user\Desktop\CUSTOM SHIPING DOCS.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1651712 bytes |
MD5 hash: | 5533EC4C49C29A1225D1B01D38933BD4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 09:55:09 |
Start date: | 03/12/2020 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3a0000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|