Analysis Report request_form_1611565093.xlsm
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security | ||
JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: |
Uses secure TLS version for HTTPS connections | Show sources |
Source: | HTTPS traffic detected: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (creates forbidden files) | Show sources |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Binary string: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: |
Source: | File opened: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread delayed: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Thread sleep time: |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Replication Through Removable Media1 | Scripting11 | Path Interception | Process Injection12 | Masquerading11 | Input Capture11 | System Time Discovery1 | Replication Through Removable Media1 | Input Capture11 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution43 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery21 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion2 | Security Account Manager | Virtualization/Sandbox Evasion2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection12 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting11 | LSA Secrets | Peripheral Device Discovery11 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery3 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
japort.com | 50.87.232.245 | true | false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
3.19.60.159 | unknown | United States | 16509 | AMAZON-02US | false | |
3.14.70.198 | unknown | United States | 16509 | AMAZON-02US | false | |
50.87.232.245 | unknown | United States | 46606 | UNIFIEDLAYER-AS-1US | false |
Private |
---|
IP |
---|
192.168.0.1 |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 343657 |
Start date: | 25.01.2021 |
Start time: | 10:22:31 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | request_form_1611565093.xlsm |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 30 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.expl.evad.winXLSM@5/15@1/4 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:24:53 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
50.87.232.245 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AMAZON-02US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
AMAZON-02US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 132942 |
Entropy (8bit): | 5.372914488710379 |
Encrypted: | false |
SSDEEP: | 1536:JcQceNgaBtA3gZw+pQ9DQW+zAUH34ZldpKWXboOilXPErLL8Eh:JrQ9DQW+zBX8P |
MD5: | 44355DEB0C1B73C85437AB6568BE399B |
SHA1: | C3605F95A21EE0FC423D0CA88DBB1C673BAF3815 |
SHA-256: | 83197247F581FA83C9A6ACCF821675A6848684EC8E97D9CE127C3E677F73A11C |
SHA-512: | 9CED4912422512B5CF0FFF78F7CA4BF8A00C72A0B287387878EF9E3CB21E1BA0340B096ACF1F280CF1D61944155F9AB8590508859DD2A41C39DDB68351AFCC32 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1028 |
Entropy (8bit): | 7.761039651897249 |
Encrypted: | false |
SSDEEP: | 24:OZYvitHj0T5rwDxmsYnNk56uCnIw2+ujc:O6vitHQT5rvn1ud+uA |
MD5: | 600F503BC1066BEB5FB5DD494AA1CD74 |
SHA1: | A504D5E687B98F9E0FD2896DFC8492DE0F974BE6 |
SHA-256: | B06BA2FAAAF371AE2F92D9047FFDAAF1933E03CFBC1E999E8B7CF378E33499C3 |
SHA-512: | B7D40CDCD4F442E8941947AF64343D8A06CA8C9710E74BE8E00245C5A67DF574ED243D2B988814843C0AD9483D7058EC355CE087665FFDA5C484CBDF8FD40E40 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 677 |
Entropy (8bit): | 7.433026174405032 |
Encrypted: | false |
SSDEEP: | 12:6v/7RllfMXWaBlhV/Jk6gGPRRKyiaWH/LpR5PTQ6//blm1X+fZ8w5s7nP9Np971x:OZYZnDqkZiaOtnEuA1X+a0sL1L9cLUa6 |
MD5: | 55E8A29B221E51BE421B7D4F5F5F7E52 |
SHA1: | 117E73181FC9CDAA0904C6372D68EE48CEDC14E4 |
SHA-256: | B54D8571DB2F8FC570144F24EF7A42CE93FAB269AF166BF1234DBD2F96D86EB8 |
SHA-512: | 8592A133D815BBC225336F9149A4C89244CBCDEACC958470126DCD266DA8590C587D50D56A7F70771568C4D015BF55642DAAD6434F1C47E8BBBC4AB691694654 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1028 |
Entropy (8bit): | 7.761039651897249 |
Encrypted: | false |
SSDEEP: | 24:OZYvitHj0T5rwDxmsYnNk56uCnIw2+ujc:O6vitHQT5rvn1ud+uA |
MD5: | 600F503BC1066BEB5FB5DD494AA1CD74 |
SHA1: | A504D5E687B98F9E0FD2896DFC8492DE0F974BE6 |
SHA-256: | B06BA2FAAAF371AE2F92D9047FFDAAF1933E03CFBC1E999E8B7CF378E33499C3 |
SHA-512: | B7D40CDCD4F442E8941947AF64343D8A06CA8C9710E74BE8E00245C5A67DF574ED243D2B988814843C0AD9483D7058EC355CE087665FFDA5C484CBDF8FD40E40 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 677 |
Entropy (8bit): | 7.433026174405032 |
Encrypted: | false |
SSDEEP: | 12:6v/7RllfMXWaBlhV/Jk6gGPRRKyiaWH/LpR5PTQ6//blm1X+fZ8w5s7nP9Np971x:OZYZnDqkZiaOtnEuA1X+a0sL1L9cLUa6 |
MD5: | 55E8A29B221E51BE421B7D4F5F5F7E52 |
SHA1: | 117E73181FC9CDAA0904C6372D68EE48CEDC14E4 |
SHA-256: | B54D8571DB2F8FC570144F24EF7A42CE93FAB269AF166BF1234DBD2F96D86EB8 |
SHA-512: | 8592A133D815BBC225336F9149A4C89244CBCDEACC958470126DCD266DA8590C587D50D56A7F70771568C4D015BF55642DAAD6434F1C47E8BBBC4AB691694654 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 742003 |
Entropy (8bit): | 4.747274159794167 |
Encrypted: | false |
SSDEEP: | 6144:Gb6aZQWqNNmRTKHkZnmHgl1gW9oLeN53f9Pa3JLkK9BOsJ:Gb6afqNNmRnZn79oKpCZL99h |
MD5: | DC74FAE0ADA0A2426E77588E3797E040 |
SHA1: | 956EB4FACF7A5BD5E35CFE97898B1D17FEC2643D |
SHA-256: | C9AF52899F8EE20E384DE482B81CE82826AF9573C4A1A9C9B761B9C5126B2BB7 |
SHA-512: | 6C4A2786E391D3B23495D2159C56D4C8A49EAC0D18F1FAF4820A1D4CF9C93A5DFEE01DE0D0FE5D9D302F8527061B55B34D650AD3C4704CD98D9962BA3E9603E2 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 741995 |
Entropy (8bit): | 4.7473139310932195 |
Encrypted: | false |
SSDEEP: | 6144:Gb6aZQWqNNmRTKHkZnmHgl1gW9oLeN53f9Pa3JLkK9BOsJ:Gb6afqNNmRnZn79oKpCZL99h |
MD5: | A19EB2AF842C2181E97A503707784E49 |
SHA1: | D31776ECE6747E05C2D1ADD21813FC5A2CC4B82C |
SHA-256: | 28F7B47F0A1BBC4037B9E177529FAE56DB286FBC44FEB310DD88603AEA9A7B08 |
SHA-512: | 8EC63B04CC8C9CF7DB84110B3E0342AB880EECD5446C525C9C75199C30E0D9A92B55D9E117DADF3FB2B58698B0686DD57663FC3C21AB386E248D41BE5DDDCEBC |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 17381 |
Entropy (8bit): | 7.264686923554434 |
Encrypted: | false |
SSDEEP: | 384:LYqhYs7wu2+SlzY/7ksWuiMEi0pdzG7pIA7BnAyc/:7es7wNtzY/b/iMIz8pIANnAyc/ |
MD5: | 3B3C0579601FACAFBD5CAE5871864B3A |
SHA1: | DB051BA82B335D1296283D1F3713A1F5F60D753A |
SHA-256: | 4F8D7A6B17AC84B0654DB0F99E5C37F58DF2E3C2AB93E96A123F16BA6E82DCE7 |
SHA-512: | 1E51D6CB214A061F736D02736A8575EE70B83C5C27F1BA57BBEDB392056F73C162EAF15BED4853C8472057036BD0FDB68FC78353FFADF8396ABE2E16734AC3C1 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 904 |
Entropy (8bit): | 4.644950793627764 |
Encrypted: | false |
SSDEEP: | 12:8eXUhtuElPCH2Aivb9cX+WrjAZ/2bDYUmnRLC5Lu4t2Y+xIBjKZm:8ZQiBcBAZiDUnI87aB6m |
MD5: | 4770F5BB80BF5889E8E10D8B597E19A8 |
SHA1: | FE938E245152A576834CAF55E37E5C487F999E92 |
SHA-256: | E2CDDBECAEEC1E728E82B55BB932C926ACD9B692F17836063919F8149C08C545 |
SHA-512: | 0844CE30E4D9C1BDBC36CB87FD88BE9484AB4D898A638567AA5E2EE0D986F36D484AB423EF4CCCF455314100D91FB4AC967F9B03CBC080F2E6315F211B82E312 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 299 |
Entropy (8bit): | 4.7570137735443145 |
Encrypted: | false |
SSDEEP: | 6:djYOWwrpmHWwrpmOWwrpmHWwrpmOWwrpmHWwrpmOWwrpc:dMOWsmHWsmOWsmHWsmOWsmHWsmOWsc |
MD5: | 41D06DC056583FDF30DD901298348E41 |
SHA1: | 6233DCDB67664B7B60D85836AFA188104853CB19 |
SHA-256: | 2617DCDD1334A666016A28DC5AA4CEE89FEF0A9476FDF51FDBEAFB67A6F688AA |
SHA-512: | FEB4CC703A4C5EDF12B5213429C74B54472CF31C19B3AF052AD4E09F0C206D7A43FD3B0325E4449FC492DCFE8F7E7C44A6BE559544782E04FC717DBE45806FF5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4500 |
Entropy (8bit): | 4.7103504144745445 |
Encrypted: | false |
SSDEEP: | 48:83HW+w1WB0B6p3HW+w1WB0B6p7iW+w1WB0B6p7iW+w1WB0B6:8XtB0KXtB0K7itB0K7itB0 |
MD5: | C017DA4D8CB6EE9FB276ADC4E484194D |
SHA1: | 1CE97DEDE19B793354B2CCF4530EBF9A9153BE53 |
SHA-256: | 06E16E735F0AEE181A4F45C8FCF7D935290B078320B7CBD8FA439361A6D2A43C |
SHA-512: | CF5958D3FB9C482E3AF7AB1ABDAF32FAE1354DCB5F7A62173649E2EDB53CFB899D71187558A0B3401CFDBCDEEED6C04D1720BC7368B0E48A8E3F3B6E02C0A316 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 17381 |
Entropy (8bit): | 7.264686923554434 |
Encrypted: | false |
SSDEEP: | 384:LYqhYs7wu2+SlzY/7ksWuiMEi0pdzG7pIA7BnAyc/:7es7wNtzY/b/iMIz8pIANnAyc/ |
MD5: | 3B3C0579601FACAFBD5CAE5871864B3A |
SHA1: | DB051BA82B335D1296283D1F3713A1F5F60D753A |
SHA-256: | 4F8D7A6B17AC84B0654DB0F99E5C37F58DF2E3C2AB93E96A123F16BA6E82DCE7 |
SHA-512: | 1E51D6CB214A061F736D02736A8575EE70B83C5C27F1BA57BBEDB392056F73C162EAF15BED4853C8472057036BD0FDB68FC78353FFADF8396ABE2E16734AC3C1 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 495 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtBhFXI6dtBhFXI6dtt:RJZhJZhJ1 |
MD5: | 28C0C942161F749E335A76E714AACA29 |
SHA1: | 53D07F227E4A2F3AF5373958409A19DE1FA1CF9C |
SHA-256: | BA0AB47EA8285A45E0884C5916C7C3052BE3C5245A0FC350DF4E83B91BC2A3F5 |
SHA-512: | 075F04CF77A30D166E9C04A6376629508A854F9218CEA194EC1D69A65669C51F3A0858697F258AF0DF5954DE02C7EEF2D060B6F69D8194D4D4A95D2C94900DAE |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 742003 |
Entropy (8bit): | 4.747274159794167 |
Encrypted: | false |
SSDEEP: | 6144:Gb6aZQWqNNmRTKHkZnmHgl1gW9oLeN53f9Pa3JLkK9BOsJ:Gb6afqNNmRnZn79oKpCZL99h |
MD5: | DC74FAE0ADA0A2426E77588E3797E040 |
SHA1: | 956EB4FACF7A5BD5E35CFE97898B1D17FEC2643D |
SHA-256: | C9AF52899F8EE20E384DE482B81CE82826AF9573C4A1A9C9B761B9C5126B2BB7 |
SHA-512: | 6C4A2786E391D3B23495D2159C56D4C8A49EAC0D18F1FAF4820A1D4CF9C93A5DFEE01DE0D0FE5D9D302F8527061B55B34D650AD3C4704CD98D9962BA3E9603E2 |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1483998 |
Entropy (8bit): | 4.747294045359185 |
Encrypted: | false |
SSDEEP: | 12288:Gb6afqNNmRnZn79oKpCZL99hNb6afqNNmRnZn79oKpCZL99h:haCNNoZn79odL5AaCNNoZn79odL5 |
MD5: | 5F8F3F845956C9F1626A266B1A6A1B59 |
SHA1: | 511BAAE261FC8616B208E267172C9E243E536594 |
SHA-256: | 0F1C8D24AD9940ACE82975D7ECA8778E8A9010153E64DF4414A6489D05833B87 |
SHA-512: | 916835E296FB4870E893042AEFF6621AF2464C5043FE05D2A818CA4C0E2A4C57F096FF3C8207A35F30628072E97A6F7DF4EB03E97BCFCF6B1984E02F43DEE76F |
Malicious: | true |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.272059464538998 |
TrID: |
|
File name: | request_form_1611565093.xlsm |
File size: | 17535 |
MD5: | 9c47eef4c66e4587ecddb55cfc3ef1e6 |
SHA1: | da444ad39f513282d1918beceadc0ceb6edc0d3d |
SHA256: | 042b7d9208258a1a64b9a1ab0079e1bb7898a3b787167457951b810e9b126dd1 |
SHA512: | 37d43fadd6bb4274c15f5c4c339b00d961f7fdd1590e1a05e24bc4564118cdedc5bdd349b984fba8402b3801b57b440d7a152ac94e573351c2a2fb2d57877099 |
SSDEEP: | 384:rdUK4U2aGcIrbnqtcwiMEO81+dAM3SbTz:ZUVaGcIrbnyviMR81+yj |
File Content Preview: | PK..........!.................[Content_Types].xml ...(.....................!!.................................................................................................................................................................................. |
File Icon |
---|
Icon Hash: | 74ecd0e2f696908c |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "request_form_1611565093.xlsm" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
,,,,,,,,,,,,,,,,,,,,,=RUN(V2),,,,,,,,,,,,,,,,,,,,,,,,,,=HALT(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=CALL('Doc2'!AA15&'Doc2'!AA16,'Doc2'!AB15&'Doc2'!AB16&'Doc2'!AB17,""JCJ"",'Doc2'!AD15,0)",,,,,,,,,,,,,,,,,,,,,,,,,,"=CALL('Doc2'!AA19&'Doc2'!AA20,'Doc2'!AB19&'Doc2'!AB20&'Doc2'!AB21,""JCJ"",'Doc2'!AD15&'Doc2'!AD19,0)",,,,,,,,,,,,,,,,,,,,,,,,,,"=CALL('Doc2'!AA23&'Doc2'!AA24,'Doc2'!AB23&'Doc2'!AB24&'Doc2'!AB25,""JJCCJJ"",0,A60,'Doc2'!AD15&'Doc2'!AD19&'Doc2'!AD23,0,0)",,,,,,,,,,,,,,,,,,,,,,,,,,"=CALL(""INSENG"",""DownloadFile"",""BCCJ"",A60,'Doc2'!AD15&'Doc2'!AD19&'Doc2'!AD23,1)",,,,,,,,,,,,,,,,,,,,,,,,,,"=CALL('Doc2'!AA27&'Doc2'!AA28,'Doc2'!AB27&'Doc2'!AB28&'Doc2'!AB29,""JJCCCCJJ"",0,'Doc2'!AD27,'Doc2'!AD15&'Doc2'!AD19&'Doc2'!AD23,,0,0)",,,,,,,,,,,,,,,,,,,,,,,,,,=RUN(V1),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,https://japort.com/suret/victory.php,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 25, 2021 10:23:32.070090055 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:32.227945089 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:32.228055954 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:32.228924990 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:32.386797905 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:32.390645981 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:32.390700102 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:32.390722990 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:32.390734911 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:32.390758038 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:32.390782118 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:32.401439905 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:32.559773922 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:32.559885025 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:32.560631037 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:32.759342909 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.171098948 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.171173096 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.171221972 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.171263933 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.171300888 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.171334982 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.171339035 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.171370029 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.171407938 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.171418905 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.171447992 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.171485901 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.171487093 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.171541929 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.171597958 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.329364061 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329463005 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329500914 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329540968 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329580069 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329617023 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329654932 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329691887 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329739094 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329780102 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329817057 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329854012 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329854012 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.329893112 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329909086 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.329931974 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329932928 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.329971075 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.329981089 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.330007076 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.330010891 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.330039978 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.330061913 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.330076933 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.330105066 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.330123901 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.330144882 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.330162048 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.330184937 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.330203056 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.330245018 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.487833023 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.487871885 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.487919092 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.487963915 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488004923 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488032103 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488044977 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488064051 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488070011 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488074064 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488089085 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488095045 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488128901 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488157034 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488169909 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488181114 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488212109 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488225937 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488260031 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488262892 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488302946 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488312006 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488341093 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488353968 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488379955 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488399029 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488418102 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488440990 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488456011 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488470078 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488495111 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488524914 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488533020 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488547087 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488581896 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488586903 CET | 49722 | 443 | 192.168.2.3 | 50.87.232.245 |
Jan 25, 2021 10:23:33.488626957 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
Jan 25, 2021 10:23:33.488663912 CET | 443 | 49722 | 50.87.232.245 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 25, 2021 10:23:17.652827024 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:17.678745031 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:18.710175037 CET | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:18.733675003 CET | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:19.509645939 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:19.535758972 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:21.218935013 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:21.242017984 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:25.692101002 CET | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:25.723529100 CET | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:27.922821045 CET | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:27.946186066 CET | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:28.776576996 CET | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:28.799781084 CET | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:29.154397964 CET | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:29.198488951 CET | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:29.557542086 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:29.602792025 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:30.569367886 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:30.601056099 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:31.566653013 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:31.598356009 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:31.941112995 CET | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:32.064635038 CET | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:32.068098068 CET | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:32.090655088 CET | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:32.839071035 CET | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:32.871134043 CET | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:33.582461119 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:33.615036964 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:33.621869087 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:33.644891977 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:34.401454926 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:34.424726963 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:37.598787069 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:37.632719994 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:48.440037012 CET | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:48.474277973 CET | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:49.945501089 CET | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:49.971278906 CET | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:23:53.134165049 CET | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:23:53.169868946 CET | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:24:04.506521940 CET | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:24:04.538395882 CET | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:24:05.715949059 CET | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:24:05.739253044 CET | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:24:07.536834002 CET | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:24:07.559916019 CET | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:24:07.915107965 CET | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:24:07.938407898 CET | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:24:10.855686903 CET | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:24:10.887474060 CET | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:24:14.139369011 CET | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:24:14.162503958 CET | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:24:23.875736952 CET | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:24:23.901622057 CET | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:24:25.316063881 CET | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:24:25.350987911 CET | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:24:52.973000050 CET | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:24:52.999141932 CET | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Jan 25, 2021 10:25:11.114424944 CET | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 25, 2021 10:25:11.162878990 CET | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 25, 2021 10:23:31.941112995 CET | 192.168.2.3 | 8.8.8.8 | 0x900b | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 25, 2021 10:23:32.068098068 CET | 8.8.8.8 | 192.168.2.3 | 0x900b | No error (0) | 50.87.232.245 | A (IP address) | IN (0x0001) | ||
Jan 25, 2021 10:24:07.559916019 CET | 8.8.8.8 | 192.168.2.3 | 0x9a90 | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jan 25, 2021 10:23:32.390734911 CET | 50.87.232.245 | 443 | 192.168.2.3 | 49722 | CN=cpanel.japort.com CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Mon Dec 14 09:07:11 CET 2020 Wed Oct 07 21:21:40 CEST 2020 | Sun Mar 14 09:07:11 CET 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 10:23:27 |
Start date: | 25/01/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8e0000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:23:35 |
Start date: | 25/01/2021 |
Path: | C:\otrgh\sdgvjk\fdcbn.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7645b0000 |
File size: | 742003 bytes |
MD5 hash: | DC74FAE0ADA0A2426E77588E3797E040 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 10:23:41 |
Start date: | 25/01/2021 |
Path: | C:\otrgh\sdgvjk\fdcbn.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7645b0000 |
File size: | 742003 bytes |
MD5 hash: | DC74FAE0ADA0A2426E77588E3797E040 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|