Play interactive tour

Edit tour

Analysis Report 2020-08-04-traffic-analysis-quiz.pcap

Overview

General Information

Sample Name:	2020-08-04-traffic-analysis-quiz.pcap
Analysis ID:	358576
MD5:	cd4ae66246bfc440408d25e56dab76a4
SHA1:	81c2a3ea8dabb3659b56a36c251a9ca141893eab
SHA256:	0723b05d312d8d3c99165104911290a2b1bc51dedb8c37c72e82d5c5acb09814
Most interesting Screenshot:
Errors Nothing to analyse, Joe Sandbox has not found any analysis process or sample Corrupt sample or wrongly selected analyzer. Details: 80040153

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://crl3.digicert.com/ssca-sha2-g6.crl0/
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://crl4.digicert.com/ssca-sha2-g6.crl0L
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://ocsp.digicert.com0
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://ocsp.digicert.com0:
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://ocsp.digicert.com0F
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://ocsp.msocsp.com0
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://www.genesprofile.com
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://www.genesprofile.com/
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://www.genesprofile.com/rcgc/
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://www.jojobet84.com
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://www.jojobet84.com/cgi-sys/suspendedpage.cgi
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://www.jojobet84.com/cgi-sys/suspendedpage.cgi?FTjl4Xs=T/MLmFPsVexDIwaf3KwdwH8uQpArIRWTsM/qUNO
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://www.jojobet84.com/rcgc/
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://www.ladydriven.us
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://www.ladydriven.us/rcgc/
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://www.magentos2.info
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: http://www.magentos2.info/rcgc/
Source: 2020-08-04-traffic-analysis-quiz.pcap	String found in binary or memory: https://www.digicert.com/CPS0

Source: classification engine

Classification label: unknown0.winPCAP@0/0@0/0

Source: 2020-08-04-traffic-analysis-quiz.pcap

Static file information: File size 1514103 > 1048576

Mitre Att&ck Matrix

No Mitre Att&ck techniques found

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
2020-08-04-traffic-analysis-quiz.pcap	0%	Virustotal		Browse
2020-08-04-traffic-analysis-quiz.pcap	0%	ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://www.jojobet84.com/cgi-sys/suspendedpage.cgi?FTjl4Xs=T/MLmFPsVexDIwaf3KwdwH8uQpArIRWTsM/qUNO	0%	Avira URL Cloud	safe
http://www.ladydriven.us	0%	Virustotal		Browse
http://www.ladydriven.us	0%	Avira URL Cloud	safe
http://www.genesprofile.com/rcgc/	1%	Virustotal		Browse
http://www.genesprofile.com/rcgc/	0%	Avira URL Cloud	safe
http://www.jojobet84.com/cgi-sys/suspendedpage.cgi	0%	Avira URL Cloud	safe
http://www.magentos2.info	0%	Avira URL Cloud	safe
http://www.genesprofile.com	0%	Avira URL Cloud	safe
http://www.jojobet84.com	0%	Avira URL Cloud	safe
http://www.magentos2.info/rcgc/	0%	Avira URL Cloud	safe
http://www.ladydriven.us/rcgc/	0%	Avira URL Cloud	safe
http://www.genesprofile.com/	0%	Avira URL Cloud	safe
http://www.jojobet84.com/rcgc/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.jojobet84.com/cgi-sys/suspendedpage.cgi?FTjl4Xs=T/MLmFPsVexDIwaf3KwdwH8uQpArIRWTsM/qUNO	2020-08-04-traffic-analysis-quiz.pcap	false	Avira URL Cloud: safe	unknown
http://www.ladydriven.us	2020-08-04-traffic-analysis-quiz.pcap	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.genesprofile.com/rcgc/	2020-08-04-traffic-analysis-quiz.pcap	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.jojobet84.com/cgi-sys/suspendedpage.cgi	2020-08-04-traffic-analysis-quiz.pcap	false	Avira URL Cloud: safe	unknown
http://www.magentos2.info	2020-08-04-traffic-analysis-quiz.pcap	false	Avira URL Cloud: safe	unknown
http://www.genesprofile.com	2020-08-04-traffic-analysis-quiz.pcap	false	Avira URL Cloud: safe	unknown
http://www.jojobet84.com	2020-08-04-traffic-analysis-quiz.pcap	false	Avira URL Cloud: safe	unknown
http://www.magentos2.info/rcgc/	2020-08-04-traffic-analysis-quiz.pcap	false	Avira URL Cloud: safe	unknown
http://www.ladydriven.us/rcgc/	2020-08-04-traffic-analysis-quiz.pcap	false	Avira URL Cloud: safe	unknown
http://www.genesprofile.com/	2020-08-04-traffic-analysis-quiz.pcap	false	Avira URL Cloud: safe	unknown
http://www.jojobet84.com/rcgc/	2020-08-04-traffic-analysis-quiz.pcap	false	Avira URL Cloud: safe	unknown

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	358576
Start date:	25.02.2021
Start time:	21:30:14
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 1m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	2020-08-04-traffic-analysis-quiz.pcap
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.winPCAP@0/0@0/0
Cookbook Comments:	Adjust boot time Enable AMSI Unable to launch sample, stop analysis
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe
Errors:	Nothing to analyse, Joe Sandbox has not found any analysis process or sample Corrupt sample or wrongly selected analyzer. Details: 80040153

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)
Entropy (8bit):	7.111414513174542
TrID:	TCPDUMP's style capture (4004/1) 100.00%
File name:	2020-08-04-traffic-analysis-quiz.pcap
File size:	1514103
MD5:	cd4ae66246bfc440408d25e56dab76a4
SHA1:	81c2a3ea8dabb3659b56a36c251a9ca141893eab
SHA256:	0723b05d312d8d3c99165104911290a2b1bc51dedb8c37c72e82d5c5acb09814
SHA512:	14d025d3d662ac41aa596a6b5654e0f82da53a8cae5045ae702552659874fc3af59a58bf4014b25292145d3a6127b57e7c7787434e5c15ca62bf52e76f770d34
SSDEEP:	12288:Hoxl0+Im09FKS8MYxqqgBqck2Kb0pfSztxPEFfAwjoVj/XOshACkbZ1NlelN3Oxf:UdlQWxqJqcn/UmOfVjvKCUn4ExLfqEZX
File Content Preview:	..........................)_....l...l.............G...E..^.G....kH.........D.C.J......3.j.........................G............................................................................................................................................

File Icon


Icon Hash:	74f0e4e4e4e4e0e4

Network Behavior

No network behavior found

Code Manipulations

Statistics

System Behavior

Disassembly

Reset < >

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report 2020-08-04-traffic-analysis-quiz.pcap

Overview

General Information

Detection

Signatures

Classification

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Networking:

System Summary:

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Code Manipulations

Statistics

System Behavior

Disassembly