Analysis Report https://partnersinhealth.sharepoint.com/:x:/s/COVIDCommunityTeam-Massachusetts-EIU-EpidemicIntelligenceUnit/Ec_oHive0IlGh0zKWdNWJqwBv4CGuicjIXG6ZM__kHKiUQ?email=Bill.Sparrow%4099restaurants.com&e=4%3atJjRLx&at=9
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | System Information Discovery12 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Remote System Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
18164-ipv4.farm.prod.aa-rt.sharepoint.com | 40.108.137.41 | true | false | unknown | |
partnersinhealth.sharepoint.com | unknown | unknown | false | unknown | |
spoprod-a.akamaihd.net | unknown | unknown | false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 338878 |
Start date: | 13.01.2021 |
Start time: | 01:55:22 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | urldownload.jbs |
Sample URL: | https://partnersinhealth.sharepoint.com/:x:/s/COVIDCommunityTeam-Massachusetts-EIU-EpidemicIntelligenceUnit/Ec_oHive0IlGh0zKWdNWJqwBv4CGuicjIXG6ZM__kHKiUQ?email=Bill.Sparrow%4099restaurants.com&e=4%3atJjRLx&at=9 |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@7/18@3/2 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24152 |
Entropy (8bit): | 1.7629257565398486 |
Encrypted: | false |
SSDEEP: | 48:IwRGcprQGwpLZG/ap8urGIpc00GvnZpv05GvHZp90VGogTqpv0NGo4UMXpcqGWgU:rnZ4Z92u9W2tpf9+tXUMXWt0L |
MD5: | B0597B3AC8E190D261ABCB13EDFF1434 |
SHA1: | 0CF4BBE91D9C10F6BF3716261CC4499E6D2D26FD |
SHA-256: | 1E0FCBD36579F314189BC895C736C4C19737C58D77B0921D14659CA2AE2DF1D6 |
SHA-512: | 53857A182C865F889081269F9D179AFBF4B5410E2E261A9A6B8E9CDF667959104D67DAE6666E164E9D5C3938BFD881AA6D8204D335FF14571D56EFF71DB70577 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 31840 |
Entropy (8bit): | 2.575257962006325 |
Encrypted: | false |
SSDEEP: | 192:rAZLQ7pHr0HBJUHwdH69AHuN0yH8ZmuytvCe5YiDufb2+xHPaFrR7r:rwkdHgHBKH4HFHenHQZ6vCe5YmO6mHS7 |
MD5: | 5684A0B6DD93E6956BB5BC78519AA698 |
SHA1: | F0C2B291DE1C373CF629F12923DA4B47D7BD89DD |
SHA-256: | D7A70796123125B9CB660F027B00D67B057FDCA5983FF916BD0B4CAF39A10804 |
SHA-512: | 43CFA93B6ABF2F1BB2D2050681492F83DC65EEE751C4173900D5C348E4259095202FD0F8286610E27A6CE13CFC0B80904EC2BE2DE4E48CA52D79978E74A31579 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.1343698452494735 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxOEbgAnWimI002EtM3MHdNMNxOEbgAnWimI00ObVbkEtMb:2d6NxOASZHKd6NxOASZ76b |
MD5: | 3189F12305A29213FEEE3D258EC7113B |
SHA1: | E58B953D45CB0EAFCD3458B091352DAE3E083DFB |
SHA-256: | CADD0BA5B4FA5E5DF6A13D1EE7E874765507ED399C652D1F32E8A5BE63294D8C |
SHA-512: | 2F9A8C14806D8BF4E70184D419A2DE9F471E3927FA5096C873656F95B52FF2F37EAA96885E3511633A7486D3437630FB167E72B2009694BA15CC97B5BE999453 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.162247191221455 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxe2kpKAnWimI002EtM3MHdNMNxe2kpKAnWimI00Obkak6EtMb:2d6NxrsSZHKd6NxrsSZ7Aa7b |
MD5: | 019737DF1CDF8F3351C91CD933BB5BE7 |
SHA1: | 3134DC169EEDEF30B751C9A0DCCA878CE5367AA0 |
SHA-256: | 729E275FE943D2C75EFCCA6B07F34E8DF6ECFA904B3B04148F09811A5B093723 |
SHA-512: | 0587E3793C5AE9C00FC166FAB20F9829BBB6636B656ACCB0D574DCAF2F61231644F43D1E69B4A74D919685301CE1D4FE761E914D9B538D0612B026540CF77340 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 662 |
Entropy (8bit): | 5.113222872743223 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxvL+elrvelrAnWimI002EtM3MHdNMNxvL+elrvelrAnWimI00ObmZEtMb:2d6Nxv7lSlUSZHKd6Nxv7lSlUSZ7mb |
MD5: | E6FCA072E7BC8154138D240B6D67B9CC |
SHA1: | FA7BBE84D82E2E5F4B47651ED03E944EB926A7C4 |
SHA-256: | 0DC29118F756850A8D09F61ED8CA3FFC768FFD324F98485F3AB16F9603B8D0FA |
SHA-512: | 46A05D58D261304BBF8419F901A7FCC56FDD8B5142C99BDE362D6D9F60DECDF30BB40730C9EB499EDF97013DA31E768DD4DC642E0A5F08197512F266C907A5F3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 647 |
Entropy (8bit): | 5.150685714258783 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxibgAnWimI002EtM3MHdNMNxibgAnWimI00Obd5EtMb:2d6NxOSZHKd6NxOSZ7Jjb |
MD5: | 0EE4592AC16B19AC08789E911F5B5486 |
SHA1: | D8A362BB195BD8929B6A721D9FBF7554C1D9DE9A |
SHA-256: | 73011F6851EFEA39A4478101B7AD690D63E97237F1B47AE99271FBF402DFA952 |
SHA-512: | F9C4AC9A06F6BDDB70FBBA77C09D00518F1162F6DE2695A683901254EC74079D7677B69FD431B512603D9F47A17821CEB62627749BED1F11A808882EA3FFAD62 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.126469522405549 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxhGw+elrvelrAnWimI002EtM3MHdNMNxhGw+elrvelrAnWimI00Ob8K0z:2d6NxQMlSlUSZHKd6NxQMlSlUSZ7YKa/ |
MD5: | 10EBD6C78C8629C3CF8B3F2CD138F234 |
SHA1: | D8FA56F42E153A446C57F50FBBA84DFFD83D3282 |
SHA-256: | 87CBE17AD9839C47C4433E7707A1492AF3B1AE9DA14183B37F438266F84FD1AC |
SHA-512: | CD4AA8F33247031DCFCFA40291276EF560932E9406CED26A5AD8B0F4AFEFC35612D2AC616476C90497BDF2AE357AA049DBD02CCB89E2BB07379B8182D9716E79 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.135292333415464 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNx0nbgAnWimI002EtM3MHdNMNx0nbgAnWimI00ObxEtMb:2d6Nx0hSZHKd6Nx0hSZ7nb |
MD5: | 52A2F6E5D7C40F615C356D7466069306 |
SHA1: | F542C6B2B408D92FFE8CA6A881375D63B4F9EAB6 |
SHA-256: | 36A54D52BDFB803C10268FFFB74FDCF20316CD2D4D1EC554DF4BA2D87A6D98CA |
SHA-512: | 4BA560018A04D67064090A304247E2F15346C8E543492E6568C32978ACECADB8B8175B04EEA046711F3930FE57C7E31389E24CC2F39260014A86FB7F767D5B77 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.17479354652017 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxxbgAnWimI002EtM3MHdNMNxxbgAnWimI00Ob6Kq5EtMb:2d6Nx7SZHKd6Nx7SZ7ob |
MD5: | 465725C770B6B1F4B405119CA19845A9 |
SHA1: | 0A6C6574C8A0686EE472BDCA52AE2597C18DD572 |
SHA-256: | 7CA2082B7C9682A4AA0570B967643DE7C1A9C4CE7001FC1F9D339656BCA0F419 |
SHA-512: | 6A4D529374D041990B10A1689901E7C3A7B3BC170D043C0F72DEDD556B1F9E4E43CA47F59A02C5D89377DCA87E8BED08B6A35599F895BC136DD4967DF7BE28E7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.146548427542041 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxcoHAnWimI002EtM3MHdNMNxcovwAnWimI00ObVEtMb:2d6NxuSZHKd6NxnSZ7Db |
MD5: | 8808DD65D0D126F30E0E09D86605B9A0 |
SHA1: | C3CFE1E965F5105E76ADCAC97CE350054219D13D |
SHA-256: | B89325E8306BE5AFBB50200C2C5CB04EFB35ED1D094ADFFBFC0AADE01543FF0E |
SHA-512: | 48CB3BF199A85A9E3208DEE3ADC8CA7735D23EC0448A31FFE8B578051B2BFA66807F861E11D8420AFA1724818E9ECB44AD6E16F4B46402CD277246065259D129 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.098759897568669 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxfnawvwAnWimI002EtM3MHdNMNxfnawvwAnWimI00Obe5EtMb:2d6NxpSZHKd6NxpSZ7ijb |
MD5: | 1443C948F560E99D389F8DFCC367B1AA |
SHA1: | C665E5FF179F6CCD5C0B944DBF2CE480EFCE1013 |
SHA-256: | 16178F3D7A84927E88DE8FCE30EB4324E3B37D46533B6CB229CD512E4A602520 |
SHA-512: | 2B8B8D0068F30449CD50D29B3BFEBA55833F69280C18DA330D4947CC20DE25214094E9BC1C0B1454EECCDF83685BF636C2F3B3E781A78DE7E1E62927A14C2351 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 610 |
Entropy (8bit): | 7.446106595237686 |
Encrypted: | false |
SSDEEP: | 12:6v/7iMXrhs/Ns+lovx1jE1A/uyggIrhP9fgpwvBymiN6gD9/y:s6/tGrjE+/uyLI9P2miTty |
MD5: | DF5801D25ACC3A3F1F23301440C00096 |
SHA1: | 048E30F257749D063704FEFD74E2782D905344BC |
SHA-256: | 687E84B08DA5544F8B05CB4C4CC9941D9B36461C594F9805382D18030710C371 |
SHA-512: | 35B5F1BB0D096B9F96959BABCA67FE85BF0856E73E382272948E75DE578CD962F4C396F6A17623BB75ABFFA6EB567B8C50422A506612A1B67C0E1C4BA2E41608 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://spoprod-a.akamaihd.net/files/fabric-cdn-prod_20201008.001/assets/item-types/32/xlsx.png |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 161989 |
Entropy (8bit): | 5.339918222131445 |
Encrypted: | false |
SSDEEP: | 1536:Ieh9W6NxmcW/kCClKOY/Vu3PUEz45lLi6dhqumpWxaDaNrI9itUR3D7kLDbM:RWexEPqzELi0udRhD7B |
MD5: | A0017CC26C936403E7606856755692A7 |
SHA1: | A87C65638A0FEBAA076F5316033BA08CDE5ED843 |
SHA-256: | 08BD9EDCC17CC0B47080B229C0A88A4347000B2904A7F5DFFD37C7DD07A99C22 |
SHA-512: | 39F5660CD3B04B5897E26DF416BF25301AB68E8BE130E6C863507DACA6356E76CC1ED1F1DF28639D34B391FC029D35D5C12F8398618E4CA5EE0225D9B1A7291E |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://spoprod-a.akamaihd.net/files/odsp-next-prod-amd_2020-12-04-sts_20201208.001/spoguestaccess-a0017cc2.js |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12965 |
Entropy (8bit): | 0.42177073558503364 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loqF9lom9lWu1O1YA:kBqoIx3UO1b |
MD5: | 9E9F9E6E722E977139EA68A53AAB6B16 |
SHA1: | F9A75AFAF27BD48C649855EA637017DB2E978398 |
SHA-256: | 0209F6C80C1F3585E3E655111732BD55BDB298B75E10A84EA99FAA78A1C56ACF |
SHA-512: | B5062A66E4210283BB6427D03D0247BA621BAC3C6D3E4FFD9C945701EEB98E340E48B14F1D24ECA9CB6B8CD77C1FA62287B0DD925BB714149999E77E6983D002 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41446 |
Entropy (8bit): | 1.3579696245073978 |
Encrypted: | false |
SSDEEP: | 384:kBqoxK3HVHiHJH/HMHWHAHznHFnHxZivCe5YmO6mHS:iOlS |
MD5: | 1C16DCF93BE5EC3608EF021DD8D119A3 |
SHA1: | 1494425E51E6C56840DA889916BDC0C26D17EB10 |
SHA-256: | 5FDE717FFE45627D9E572E558A519A2AB3E7BB6B2631D0444D3D49A69DF14916 |
SHA-512: | CD37376D471E0D35E2001B6D17B5D031AC59FBF025A5D47753E16D929D1D10AD6F492E5D4E5FD79FD4A38C8433A72FCD9735857A65A7353E54C03D99AEB2D698 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\wget.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1027 |
Entropy (8bit): | 5.489576928741128 |
Encrypted: | false |
SSDEEP: | 24:l9HSAfWDLHT1l6cFERntDdDMAxePgh1p31l6cl2T1vE31l6cl2qGn:bHSDKc+BtDdDMA31pKcsZEKcsqGn |
MD5: | 2E288A32724221E0457004F06B37A81C |
SHA1: | CA43B7B04C00D17967DB1C223FC00A70C8432E35 |
SHA-256: | A084D759889212664C61E42E02658C0B0313A883C4327809B08A8547F9F41C35 |
SHA-512: | 9A43062C06DD7037F363A447A0D3A1338D313991700CB71E7128618BDB86527D781CC0B1B3DF6E4BB50801C7196B26FFC841C7A31CA7BF397543ED0A592CDA3B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\wget.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 190 |
Entropy (8bit): | 5.090890247117107 |
Encrypted: | false |
SSDEEP: | 3:SY2FyFARLlbwFAM9CxnOLVFzDwIVhyyJxWQ5RdkA8dyYEbJRNLXArL20Dm3JMov:SYeRLlbA0noH9VhyyJQQ5oA8UYEbfNLv |
MD5: | 5D63833B62B2B08BA0A49C127B052D52 |
SHA1: | 7B20A4EA95A1E8D447FE88B8211B082EEE65D4AF |
SHA-256: | F7AD31DA55D1E035BC0C548B5CDD577077D16B68E0469F19CE9B12BD0393E933 |
SHA-512: | 37DE15DF42AAC9428AF986F09F92E23EBDA37D656F0EFEE1CD07325BBD5E508A8B6EB7CECA7F42FAB1174D9B7481885C0EFA9C6C4F49930010C80EAEA352B5A3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\wget.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 78027 |
Entropy (8bit): | 5.571804087436113 |
Encrypted: | false |
SSDEEP: | 1536:Plggu7WXBOxSPSW8N6fGNNKXujzAJs2Suj25:PLuCCGeTKXuVuO |
MD5: | 5ACA5A2FFE3302CB271ACE70DC0FE36E |
SHA1: | 91A88DBC7EEC2E1B069367E4F14E7D2979343573 |
SHA-256: | 74D4D2EA5C75CA9C2E5856D9E9DF05ADDAA8F07D3A9F84F291D8C6FA3BB1C69D |
SHA-512: | B818771767813A4A3EE3EDE85C79D47E7702864400929812E7084B2161591F68262B19CA14B0E4BFFF40B3D90B52D3F7881FA363AA6811D07C3C01E9E10E7066 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 13, 2021 01:56:13.759547949 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:13.904985905 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:13.905138969 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:13.913949013 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.060374975 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.060430050 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.060463905 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.060621023 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.076025009 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.222326994 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.226738930 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.416731119 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845175028 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845241070 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845272064 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845300913 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845330000 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845370054 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845447063 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845484972 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845523119 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845527887 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.845561028 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845602989 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845633030 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845639944 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.845670938 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845700026 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.845709085 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845748901 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845787048 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.845824957 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.845904112 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.990250111 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990318060 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990360975 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990397930 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990416050 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.990436077 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990474939 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990483046 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.990510941 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990549088 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990566015 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.990596056 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990632057 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990641117 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.990669966 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990706921 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990744114 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.990753889 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990794897 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990829945 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.990830898 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990869045 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990885019 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.990906000 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990942001 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.990962982 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.990978956 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991017103 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991063118 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991066933 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.991105080 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991128922 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.991142035 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991180897 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991202116 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.991216898 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991252899 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991255999 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.991291046 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991328001 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991374969 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991400957 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.991415977 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991453886 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991491079 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:14.991493940 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:14.991552114 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:15.135967016 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136019945 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136059999 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136097908 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136135101 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136178017 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:15.136182070 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136224031 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136260986 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136267900 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:15.136301041 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136341095 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136343956 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:15.136378050 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136405945 CET | 443 | 49682 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:15.136523008 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:15.136554956 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:15.520143986 CET | 49682 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.609467983 CET | 49685 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.609658003 CET | 49686 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.754301071 CET | 443 | 49685 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:18.754396915 CET | 49685 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.754578114 CET | 443 | 49686 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:18.754652977 CET | 49686 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.755956888 CET | 49685 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.756659985 CET | 49686 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.902267933 CET | 443 | 49685 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:18.902324915 CET | 443 | 49685 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:18.902359962 CET | 443 | 49685 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:18.902362108 CET | 49685 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.902390003 CET | 49685 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.902414083 CET | 49685 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.902837038 CET | 443 | 49686 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:18.902879000 CET | 443 | 49686 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:18.902911901 CET | 443 | 49686 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:18.902911901 CET | 49686 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.903021097 CET | 49686 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.912033081 CET | 49685 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:18.912199020 CET | 49686 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:19.060333967 CET | 443 | 49685 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:19.060494900 CET | 49685 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:56:19.060641050 CET | 443 | 49686 | 40.108.137.41 | 192.168.2.3 |
Jan 13, 2021 01:56:19.060728073 CET | 49686 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:58:07.984834909 CET | 49685 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:58:07.984888077 CET | 49685 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:58:07.985563040 CET | 49686 | 443 | 192.168.2.3 | 40.108.137.41 |
Jan 13, 2021 01:58:07.985625029 CET | 49686 | 443 | 192.168.2.3 | 40.108.137.41 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 13, 2021 01:56:13.628463984 CET | 51904 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:13.749702930 CET | 53 | 51904 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:17.176605940 CET | 61328 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:17.236324072 CET | 53 | 61328 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:18.505795002 CET | 54130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:18.515054941 CET | 56961 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:18.571999073 CET | 53 | 56961 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:18.607713938 CET | 53 | 54130 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:39.308556080 CET | 59353 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:39.374706984 CET | 53 | 59353 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:47.192418098 CET | 52238 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:47.239507914 CET | 53 | 52238 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:47.890770912 CET | 49873 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:47.938075066 CET | 53 | 49873 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:48.180442095 CET | 52238 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:48.235960960 CET | 53 | 52238 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:48.881573915 CET | 49873 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:48.928859949 CET | 53 | 49873 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:49.193836927 CET | 52238 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:49.240947008 CET | 53 | 52238 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:49.881797075 CET | 49873 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:49.928958893 CET | 53 | 49873 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:51.194642067 CET | 52238 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:51.250201941 CET | 53 | 52238 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:51.897406101 CET | 49873 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:51.944776058 CET | 53 | 49873 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:55.210334063 CET | 52238 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:55.257808924 CET | 53 | 52238 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:55.913307905 CET | 49873 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:55.960745096 CET | 53 | 49873 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:56:58.336972952 CET | 53196 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:56:58.384295940 CET | 53 | 53196 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:57:48.553457975 CET | 56777 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:57:48.612126112 CET | 53 | 56777 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:57:49.812861919 CET | 58643 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:57:49.862839937 CET | 53 | 58643 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:57:50.911310911 CET | 60985 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:57:50.958623886 CET | 53 | 60985 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:57:52.123501062 CET | 50200 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:57:52.170756102 CET | 53 | 50200 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:57:53.503588915 CET | 51281 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:57:53.554100037 CET | 53 | 51281 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:57:54.551243067 CET | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:57:54.598515034 CET | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:57:55.568295002 CET | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:57:55.623869896 CET | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:57:56.785502911 CET | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:57:56.832742929 CET | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:57:57.878401041 CET | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:57:57.933851957 CET | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:57:58.996651888 CET | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:57:59.052225113 CET | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:58:00.062534094 CET | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:58:00.112534046 CET | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:58:01.095796108 CET | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:58:01.151580095 CET | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:58:02.184326887 CET | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:58:02.231594086 CET | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:58:04.204910040 CET | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:58:04.252127886 CET | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:58:09.757668972 CET | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:58:09.816150904 CET | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:58:10.806243896 CET | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:58:10.864552021 CET | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:58:11.899563074 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:58:11.949646950 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:58:12.996886015 CET | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:58:13.044276953 CET | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:58:14.072880030 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:58:14.131541967 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jan 13, 2021 01:58:15.473736048 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 13, 2021 01:58:15.520993948 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 13, 2021 01:56:13.628463984 CET | 192.168.2.3 | 8.8.8.8 | 0xde39 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 01:56:18.505795002 CET | 192.168.2.3 | 8.8.8.8 | 0x8488 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 13, 2021 01:56:18.515054941 CET | 192.168.2.3 | 8.8.8.8 | 0x4e3a | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 13, 2021 01:56:13.749702930 CET | 8.8.8.8 | 192.168.2.3 | 0xde39 | No error (0) | 433-ipv4e.clump.prod.aa-rt.sharepoint.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 13, 2021 01:56:13.749702930 CET | 8.8.8.8 | 192.168.2.3 | 0xde39 | No error (0) | 18164-ipv4e.farm.prod.aa-rt.sharepoint.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 13, 2021 01:56:13.749702930 CET | 8.8.8.8 | 192.168.2.3 | 0xde39 | No error (0) | 18164-ipv4.farm.prod.aa-rt.sharepoint.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 13, 2021 01:56:13.749702930 CET | 8.8.8.8 | 192.168.2.3 | 0xde39 | No error (0) | 40.108.137.41 | A (IP address) | IN (0x0001) | ||
Jan 13, 2021 01:56:18.571999073 CET | 8.8.8.8 | 192.168.2.3 | 0x4e3a | No error (0) | spoprod-a.akamaihd.net.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | ||
Jan 13, 2021 01:56:18.607713938 CET | 8.8.8.8 | 192.168.2.3 | 0x8488 | No error (0) | 433-ipv4e.clump.prod.aa-rt.sharepoint.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 13, 2021 01:56:18.607713938 CET | 8.8.8.8 | 192.168.2.3 | 0x8488 | No error (0) | 18164-ipv4e.farm.prod.aa-rt.sharepoint.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 13, 2021 01:56:18.607713938 CET | 8.8.8.8 | 192.168.2.3 | 0x8488 | No error (0) | 18164-ipv4.farm.prod.aa-rt.sharepoint.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 13, 2021 01:56:18.607713938 CET | 8.8.8.8 | 192.168.2.3 | 0x8488 | No error (0) | 40.108.137.41 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 01:56:11 |
Start date: | 13/01/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbd0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 01:56:11 |
Start date: | 13/01/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 01:56:12 |
Start date: | 13/01/2021 |
Path: | C:\Windows\SysWOW64\wget.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3895184 bytes |
MD5 hash: | 3DADB6E2ECE9C4B3E1E322E617658B60 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 01:56:16 |
Start date: | 13/01/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6eb000000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 01:56:17 |
Start date: | 13/01/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x180000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|