Loading ...

Play interactive tourEdit tour

Analysis Report https://najiwu.xeyutezepo.com/scripts/js?k=5f1bdf0681df1ade628b4567&s=

Overview

General Information

Sample URL:https://najiwu.xeyutezepo.com/scripts/js?k=5f1bdf0681df1ade628b4567&s=
Analysis ID:376329
Infos:

Most interesting Screenshot:

Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

No high impact signatures.

Classification

Analysis Advice

Joe Sandbox was unable to browse the URL (domain or webserver down or HTTPS issue), try to browse the URL again later
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Startup

  • System is w10x64
  • iexplore.exe (PID: 3292 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 676 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3292 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 176.31.56.240:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 176.31.56.240:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: najiwu.xeyutezepo.com
Source: ~DFE783824F0A2230D7.TMP.1.drString found in binary or memory: https://najiwu.xeyutezepo.com/scripts/js?k=5f1bdf0681df1ade628b4567&s=
Source: {0DD10DD7-8E59-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://najiwu.xeyutezepo.com/scripts/js?k=5f1bdf0681df1ade628b4567&s=Root
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownHTTPS traffic detected: 176.31.56.240:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 176.31.56.240:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: classification engineClassification label: unknown0.win@3/14@1/1
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF827C97B9E056A721.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3292 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3292 CREDAT:17410 /prefetch:2Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://najiwu.xeyutezepo.com/scripts/js?k=5f1bdf0681df1ade628b4567&s=1%VirustotalBrowse
https://najiwu.xeyutezepo.com/scripts/js?k=5f1bdf0681df1ade628b4567&s=0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
najiwu.xeyutezepo.com1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://najiwu.xeyutezepo.com/scripts/js?k=5f1bdf0681df1ade628b4567&s=Root0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
najiwu.xeyutezepo.com
176.31.56.240
truefalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://najiwu.xeyutezepo.com/scripts/js?k=5f1bdf0681df1ade628b4567&s=Root{0DD10DD7-8E59-11EB-90E4-ECF4BB862DED}.dat.1.drfalse
  • Avira URL Cloud: safe
unknown
https://najiwu.xeyutezepo.com/scripts/js?k=5f1bdf0681df1ade628b4567&s=~DFE783824F0A2230D7.TMP.1.drfalse
    unknown

    Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public

    IPDomainCountryFlagASNASN NameMalicious
    176.31.56.240
    najiwu.xeyutezepo.comFrance
    16276OVHFRfalse

    General Information

    Joe Sandbox Version:31.0.0 Emerald
    Analysis ID:376329
    Start date:26.03.2021
    Start time:10:30:25
    Joe Sandbox Product:CloudBasic
    Overall analysis duration:0h 2m 30s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:browseurl.jbs
    Sample URL:https://najiwu.xeyutezepo.com/scripts/js?k=5f1bdf0681df1ade628b4567&s=
    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
    Number of analysed new started processes analysed:4
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Detection:UNKNOWN
    Classification:unknown0.win@3/14@1/1
    Cookbook Comments:
    • Adjust boot time
    • Enable AMSI
    • URL browsing timeout or error
    Warnings:
    Show All
    • Exclude process from analysis (whitelisted): ielowutil.exe, backgroundTaskHost.exe
    • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 40.88.32.150, 104.83.120.32, 13.88.21.125, 52.147.198.201, 104.43.193.48, 20.82.209.183
    • Excluded domains from analysis (whitelisted): www.bing.com, arc.msn.com.nsatc.net, dual-a-0001.a-msedge.net, arc.msn.com, skypedataprdcolcus15.cloudapp.net, e11290.dspg.akamaiedge.net, skypedataprdcoleus16.cloudapp.net, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, www-bing-com.dual-a-0001.a-msedge.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, skypedataprdcolwus15.cloudapp.net
    Errors:
    • URL not reachable

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASN

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0DD10DD5-8E59-11EB-90E4-ECF4BB862DED}.dat
    Process:C:\Program Files\internet explorer\iexplore.exe
    File Type:Microsoft Word Document
    Category:dropped
    Size (bytes):30296
    Entropy (8bit):1.8569334764776353
    Encrypted:false
    SSDEEP:96:rDoZdpZdk2CfWWptWrjfWqkbCMWZjCW1pIWNZfWUk6SX:rDoZdpZdk2CfWytoffxMR90ftMX
    MD5:79D5680655026567C248236E7B22876D
    SHA1:158FD9B3C5A3924AF927171618759D5C69ECE902
    SHA-256:434C0CB1816C34CFDFBA61D8C365879D04253661A1D2970F1F61DE4FC08D8276
    SHA-512:46B1099003D2237B0D1982E33EF0D51A10C2E8CCB1C91DAC85ACB7F17A1E57598BCA5649DD9221345E2D585D8549FE6C8AFC681BF3959134897C95029714DFBE
    Malicious:false
    Reputation:low
    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0DD10DD7-8E59-11EB-90E4-ECF4BB862DED}.dat
    Process:C:\Program Files\internet explorer\iexplore.exe
    File Type:Microsoft Word Document
    Category:dropped
    Size (bytes):24252
    Entropy (8bit):1.6470681799907423
    Encrypted:false
    SSDEEP:48:Iw2GcprzGwpazG4pQKGrapbSUGQpB6GHHpcPTGUp8PyGzYpmmFxGopp0BrnGONDz:rqZtQF68BSMjB2ZW2Mef8Vcg
    MD5:EB77C28B351E6A8F83DAFF21BA51ACA7
    SHA1:0A5A7B85F6161B49BFFCCABAD0177AAF13110606
    SHA-256:677167BBE7AB3015681499D4B5C97A0A04E0EFE6B9970385D20FCE7914617D88
    SHA-512:54761D6122640F1A2E156394155463361ED101C3E35F86606081777C067EDF882E69C855F85EC1C6073F8E65512331F113A414C2DBB63585EB9552EA0198BE07
    Malicious:false
    Reputation:low
    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0DD10DD8-8E59-11EB-90E4-ECF4BB862DED}.dat
    Process:C:\Program Files\internet explorer\iexplore.exe
    File Type:Microsoft Word Document
    Category:dropped
    Size (bytes):16984
    Entropy (8bit):1.5655085765869947
    Encrypted:false
    SSDEEP:48:IwpGcproGwpa9G4pQxGrapbSdGQpKvG7HpRaWTGIpG:rvZwQ/6BBSnA+TaiA
    MD5:0B20A9279193AB5163D90FC0533ACB19
    SHA1:378BC40E115A377DDE57E156422F2D1DCFF765A9
    SHA-256:1CEBD929F19B24E374B6A6799FB6FDD54D40984FE9F93509B467F13BADD39A8A
    SHA-512:60172B9F7B2478215F422932DD1BE2254612E5AF5867044C0665C50DE0E6473AE03E69AE169146A4F6AF0EC24367CD1DE7CA301EF8F164904265752D4F60528A
    Malicious:false
    Reputation:low
    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1]
    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
    File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
    Category:downloaded
    Size (bytes):748
    Entropy (8bit):7.249606135668305
    Encrypted:false
    SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
    MD5:C4F558C4C8B56858F15C09037CD6625A
    SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
    SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
    SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
    Malicious:false
    Reputation:low
    IE Cache URL:res://ieframe.dll/down.png
    Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]
    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
    Category:downloaded
    Size (bytes):4720
    Entropy (8bit):5.164796203267696
    Encrypted:false
    SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
    MD5:D65EC06F21C379C87040B83CC1ABAC6B
    SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
    SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
    SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
    Malicious:false
    Reputation:low
    IE Cache URL:res://ieframe.dll/errorPageStrings.js
    Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ErrorPageTemplate[1]
    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
    Category:downloaded
    Size (bytes):2168
    Entropy (8bit):5.207912016937144
    Encrypted:false
    SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
    MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
    SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
    SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
    SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
    Malicious:false
    Reputation:low
    IE Cache URL:res://ieframe.dll/ErrorPageTemplate.css
    Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bullet[1]
    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
    File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
    Category:downloaded
    Size (bytes):447
    Entropy (8bit):7.304718288205936
    Encrypted:false
    SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
    MD5:26F971D87CA00E23BD2D064524AEF838
    SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
    SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
    SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
    Malicious:false
    Reputation:low
    IE Cache URL:res://ieframe.dll/bullet.png
    Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\background_gradient[1]
    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
    Category:downloaded
    Size (bytes):453
    Entropy (8bit):5.019973044227213
    Encrypted:false
    SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
    MD5:20F0110ED5E4E0D5384A496E4880139B
    SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
    SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
    SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
    Malicious:false
    Reputation:low
    IE Cache URL:res://ieframe.dll/background_gradient.jpg
    Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]
    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
    Category:downloaded
    Size (bytes):12105
    Entropy (8bit):5.451485481468043
    Encrypted:false
    SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
    MD5:9234071287E637F85D721463C488704C
    SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
    SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
    SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
    Malicious:false
    Reputation:low
    IE Cache URL:res://ieframe.dll/httpErrorPagesScripts.js
    Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\http_gen[1]
    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
    File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
    Category:downloaded
    Size (bytes):4612
    Entropy (8bit):4.0418264730114775
    Encrypted:false
    SSDEEP:48:upUP6SV4VOBXvLcWgp5ZAQe1a5TI7jv32Fa7K2uc1kpNc7K2S2hD:u8plCZBKjvSa7wG7L
    MD5:B49CEAB477FA0A567BD8BAE2CD70F1B1
    SHA1:CBE7FD5F4F6E15B099774E39013DFAEF08C28D6F
    SHA-256:05425FF7E6590A1886CBB74CBD5D2B7583BFE4D2A22818DB90BCF83D886D0952
    SHA-512:DDDE196D5A2AF9636002CB7B4DCF48F013B07991465B826A2DAD861EB622A85A330B6F55D36726EC5FFCE19575F9639518B802C45C65E1E9FE29AF8A308202D9
    Malicious:false
    Reputation:low
    IE Cache URL:res://ieframe.dll/http_gen.htm
    Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" >.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 405 Method Not Allowed</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">.. </
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\info_48[1]
    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
    File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
    Category:downloaded
    Size (bytes):4113
    Entropy (8bit):7.9370830126943375
    Encrypted:false
    SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
    MD5:5565250FCC163AA3A79F0B746416CE69
    SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
    SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
    SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
    Malicious:false
    Reputation:low
    IE Cache URL:res://ieframe.dll/info_48.png
    Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
    C:\Users\user\AppData\Local\Temp\~DF827C97B9E056A721.TMP
    Process:C:\Program Files\internet explorer\iexplore.exe
    File Type:data
    Category:dropped
    Size (bytes):13029
    Entropy (8bit):0.47881504637687156
    Encrypted:false
    SSDEEP:24:c9lLh9lLh9lIn9lIn9lopPF9lopN9lWpMhAhE6SEbn0F:kBqoII2GhAhEhEbA
    MD5:28AA514B092FDA29C7A9F0F713B50DB7
    SHA1:24BF1F5A97671E2CBB2AC8DE0C16CEFCD4F95821
    SHA-256:E8365CBBA8046303C063C46CD7424739BE1FAE92689C9F0B50C33A980D72356B
    SHA-512:6572646C5546433B72E5C163ED3312A3277AC392E868342556BDAA81AC1F12A527C3C33A3A3B495067EF4FD2640FE95C670BBE0219044CF933268D592A0654BE
    Malicious:false
    Reputation:low
    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    C:\Users\user\AppData\Local\Temp\~DF966E8E66C08BA019.TMP
    Process:C:\Program Files\internet explorer\iexplore.exe
    File Type:data
    Category:dropped
    Size (bytes):25441
    Entropy (8bit):0.28822140207499974
    Encrypted:false
    SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAVK:kBqoxxJhHWSVSEabV
    MD5:4DA05329BAE785C39F89C8A41F676AEE
    SHA1:9119E06BBCB668349EF29ED4F9706153FE1BBE8F
    SHA-256:8E518A2C2738F6FB934F5070C4B85A9DCBC0BFC1D799ACF344E72EAE612C3AD0
    SHA-512:87BBE34E12D31A1508DFD9B01C315138D2F3E3323715D560AFCF2DDC82AB163F7B7AB4A70FFE82B92B3F7A868BBC56E1712E80B5F939A7C5606C8AE415771307
    Malicious:false
    Reputation:low
    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    C:\Users\user\AppData\Local\Temp\~DFE783824F0A2230D7.TMP
    Process:C:\Program Files\internet explorer\iexplore.exe
    File Type:data
    Category:dropped
    Size (bytes):34445
    Entropy (8bit):0.36609582640806543
    Encrypted:false
    SSDEEP:24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwE9lw09l2C9l2i9l/mo:kBqoxKAuvScS+XZbSmImD0BrncFOND7
    MD5:2D561ED31A224500F5822B5A05BCDA10
    SHA1:5303E0FAAA4B2A01545ECC1564159C2301801BD1
    SHA-256:DBE84BC7905F33E74071633A4EC40CCCD2B122F090FC388D169925D02B6374E9
    SHA-512:28D8E22CFD037FF01E0E677F3BD98A052235DA99A73BA92B5836C145DBFC2ADA7B693FEB3E8316F56497CD11D12BD354DFF9778513A1A1CD32E0A94E79B2C405
    Malicious:false
    Reputation:low
    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    Static File Info

    No static file info

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Mar 26, 2021 10:31:12.401871920 CET49708443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.402498007 CET49709443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.429570913 CET44349708176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.429676056 CET49708443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.431981087 CET44349709176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.432071924 CET49709443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.445281029 CET49708443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.445492983 CET49709443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.472892046 CET44349708176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.473593950 CET44349708176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.473640919 CET44349708176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.473670006 CET44349708176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.473723888 CET49708443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.473745108 CET49708443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.475219011 CET44349709176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.475276947 CET49708443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.477174997 CET44349709176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.477246046 CET49709443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.477258921 CET44349709176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.477293968 CET44349709176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.477315903 CET49709443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.477338076 CET49709443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.507565975 CET49708443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.507628918 CET49709443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.513634920 CET49708443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.535497904 CET44349708176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.535607100 CET49708443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.537220955 CET44349709176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.537306070 CET49709443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:12.557493925 CET44349708176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:12.557636976 CET49708443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:22.462821960 CET44349709176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:22.462876081 CET44349709176.31.56.240192.168.2.3
    Mar 26, 2021 10:31:22.462969065 CET49709443192.168.2.3176.31.56.240
    Mar 26, 2021 10:31:22.463105917 CET49709443192.168.2.3176.31.56.240

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Mar 26, 2021 10:31:03.719563007 CET6493853192.168.2.38.8.8.8
    Mar 26, 2021 10:31:03.733486891 CET53649388.8.8.8192.168.2.3
    Mar 26, 2021 10:31:04.042769909 CET6015253192.168.2.38.8.8.8
    Mar 26, 2021 10:31:04.057279110 CET53601528.8.8.8192.168.2.3
    Mar 26, 2021 10:31:04.657582998 CET5754453192.168.2.38.8.8.8
    Mar 26, 2021 10:31:04.671408892 CET53575448.8.8.8192.168.2.3
    Mar 26, 2021 10:31:11.289138079 CET5598453192.168.2.38.8.8.8
    Mar 26, 2021 10:31:11.307732105 CET53559848.8.8.8192.168.2.3
    Mar 26, 2021 10:31:12.355756998 CET6418553192.168.2.38.8.8.8
    Mar 26, 2021 10:31:12.370661974 CET53641858.8.8.8192.168.2.3
    Mar 26, 2021 10:31:16.484220982 CET6511053192.168.2.38.8.8.8
    Mar 26, 2021 10:31:16.497611046 CET53651108.8.8.8192.168.2.3
    Mar 26, 2021 10:31:17.804728031 CET5836153192.168.2.38.8.8.8
    Mar 26, 2021 10:31:17.818861961 CET53583618.8.8.8192.168.2.3
    Mar 26, 2021 10:31:18.503772020 CET6349253192.168.2.38.8.8.8
    Mar 26, 2021 10:31:18.516725063 CET53634928.8.8.8192.168.2.3
    Mar 26, 2021 10:31:19.199444056 CET6083153192.168.2.38.8.8.8
    Mar 26, 2021 10:31:19.214586020 CET53608318.8.8.8192.168.2.3
    Mar 26, 2021 10:31:20.118493080 CET6010053192.168.2.38.8.8.8
    Mar 26, 2021 10:31:20.133644104 CET53601008.8.8.8192.168.2.3
    Mar 26, 2021 10:31:29.872421980 CET5319553192.168.2.38.8.8.8
    Mar 26, 2021 10:31:29.886708021 CET53531958.8.8.8192.168.2.3
    Mar 26, 2021 10:31:31.770689011 CET5014153192.168.2.38.8.8.8
    Mar 26, 2021 10:31:31.785223007 CET53501418.8.8.8192.168.2.3
    Mar 26, 2021 10:31:34.236411095 CET5302353192.168.2.38.8.8.8
    Mar 26, 2021 10:31:34.250077963 CET53530238.8.8.8192.168.2.3

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
    Mar 26, 2021 10:31:12.355756998 CET192.168.2.38.8.8.80x580fStandard query (0)najiwu.xeyutezepo.comA (IP address)IN (0x0001)

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
    Mar 26, 2021 10:31:12.370661974 CET8.8.8.8192.168.2.30x580fNo error (0)najiwu.xeyutezepo.com176.31.56.240A (IP address)IN (0x0001)

    HTTPS Packets

    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
    Mar 26, 2021 10:31:12.473640919 CET176.31.56.240443192.168.2.349708CN=najiwu.xeyutezepo.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue Jan 26 08:41:44 CET 2021 Wed Oct 07 21:21:40 CEST 2020Mon Apr 26 09:41:44 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
    CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
    Mar 26, 2021 10:31:12.477258921 CET176.31.56.240443192.168.2.349709CN=najiwu.xeyutezepo.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue Jan 26 08:41:44 CET 2021 Wed Oct 07 21:21:40 CEST 2020Mon Apr 26 09:41:44 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
    CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021

    Code Manipulations

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    Behavior

    Click to jump to process

    System Behavior

    General

    Start time:10:31:10
    Start date:26/03/2021
    Path:C:\Program Files\internet explorer\iexplore.exe
    Wow64 process (32bit):false
    Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
    Imagebase:0x7ff7661a0000
    File size:823560 bytes
    MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low

    General

    Start time:10:31:11
    Start date:26/03/2021
    Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Wow64 process (32bit):true
    Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3292 CREDAT:17410 /prefetch:2
    Imagebase:0x9b0000
    File size:822536 bytes
    MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low

    Disassembly

    Reset < >