Play interactive tourEdit tour
Analysis Report document-933340782.xlsm
Overview
General Information
Detection
Hidden Macro 4.0
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting2 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol3 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution23 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | System Information Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol13 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Rundll321 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer4 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting2 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
37% | Virustotal | Browse | ||
19% | Metadefender | Browse | ||
48% | ReversingLabs | Document-Excel.Spyware.Ymacco |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse | ||
7% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
4% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
kristen.sbddev.com | 50.23.112.133 | true | false |
| unknown |
holmesservices.mobiledevsite.co | 103.68.166.129 | true | true |
| unknown |
tienda.ventadigital.com.ar | 31.170.166.139 | true | false |
| unknown |
nellaimasthanbiryani.com | 66.36.231.40 | true | false |
| unknown |
thirdstringcalifornia.com | 143.95.33.96 | true | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
143.95.33.96 | thirdstringcalifornia.com | United States | 62729 | ASMALLORANGE1US | false | |
66.36.231.40 | nellaimasthanbiryani.com | United States | 14361 | HOPONE-GLOBALUS | false | |
50.23.112.133 | kristen.sbddev.com | United States | 36351 | SOFTLAYERUS | false | |
31.170.166.139 | tienda.ventadigital.com.ar | United States | 47583 | AS-HOSTINGERLT | false | |
103.68.166.129 | holmesservices.mobiledevsite.co | Singapore | 38719 | DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 383151 |
Start date: | 07.04.2021 |
Start time: | 10:46:01 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | document-933340782.xlsm |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal88.expl.evad.winXLSM@11/12@5/5 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
143.95.33.96 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
66.36.231.40 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
holmesservices.mobiledevsite.co | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
tienda.ventadigital.com.ar | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
kristen.sbddev.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ASMALLORANGE1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
HOPONE-GLOBALUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
SOFTLAYERUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 7295 |
Entropy (8bit): | 5.637267147483986 |
Encrypted: | false |
SSDEEP: | 192:ElVZHCkA26xd3Qk/uTtMy47R/Ga0kVhFuPwf8Pn9wHHyJS:EJ8VGaRF8I8K |
MD5: | AFC83AE7C4EA82B533D9B8731AAB3E80 |
SHA1: | A77EB9C6E5472FE4A17385ACB32BF96C9F69A65F |
SHA-256: | FDF900267092BC67BD7786B86C462E69F9ED52BED838809B6BA28B298BE879F6 |
SHA-512: | 5CF249AFF46D7B7C1BE5F2F2CA3D771E6EEB9B85EF8D6CE8BB93DFEEB0957F9E8BF15FC4B57D98A19F76E49C51A68C957EDC6CB98CCC15AE3215BC326D968CF7 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
IE Cache URL: | http://kristen.sbddev.com/cgi-sys/suspendedpage.cgi |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 557 |
Entropy (8bit): | 7.343009301479381 |
Encrypted: | false |
SSDEEP: | 12:6v/7aLMZ5I9TvSb5Lr6U7+uHK2yJtNJTNSB0qNMQCvGEvfvqVFsSq6ixPT3Zf:Ng8SdCU7+uqF20qNM1dvfSviNd |
MD5: | A516B6CB784827C6BDE58BC9D341C1BD |
SHA1: | 9D602E7248E06FF639E6437A0A16EA7A4F9E6C73 |
SHA-256: | EF8F7EDB6BA0B5ACEC64543A0AF1B133539FFD439F8324634C3F970112997074 |
SHA-512: | C297A61DA1D7E7F247E14D188C425D43184139991B15A5F932403EE68C356B01879B90B7F96D55B0C9B02F6B9BFAF4E915191683126183E49E668B6049048D35 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 34789 |
Entropy (8bit): | 7.988267796017535 |
Encrypted: | false |
SSDEEP: | 768:+D5XH0YsPc/wBfkpz/srsnYlCO20quHVkKAPH+leFbMLezAIt:+D5XUYz/wBf8orsEwHKynWLmAQ |
MD5: | 13CE435F07ADD2BEABD4A860755B489D |
SHA1: | 6CB356E6EA48633D56B49E578039818E493D364F |
SHA-256: | AA2172D7F8454BEF43575C8877FCA816254D49BE7A9AF420B0C7FEE0169058E4 |
SHA-512: | E3E0C4541C1299494E8BC5C597E5913B06A1D481E125241C538D634CE2119BFCED14424C2E537A9EE036927E9955688D914DC56550E83B683B2D065E67FA037C |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8301 |
Entropy (8bit): | 7.970711494690041 |
Encrypted: | false |
SSDEEP: | 192:BzNWXTPmjktA8BddiGGwjNHOQRud4JTTOFPY4:B8aoVT0QNuzWKPh |
MD5: | D8574C9CC4123EF67C8B600850BE52EE |
SHA1: | 5547AC473B3523BA2410E04B75E37B1944EE0CCC |
SHA-256: | ADD8156BAA01E6A9DE10132E57A2E4659B1A8027A8850B8937E57D56A4FC204B |
SHA-512: | 20D29AF016ED2115C210F4F21C65195F026AAEA14AA16E36FD705482CC31CD26AB78C4C7A344FD11D4E673742E458C2A104A392B28187F2ECCE988B0612DBACF |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 848 |
Entropy (8bit): | 7.595467031611744 |
Encrypted: | false |
SSDEEP: | 24:NLJZbn0jL5Q3H/hbqzej+0C3Yi6yyuq53q:JIjm3pQCLWYi67lc |
MD5: | 02DB1068B56D3FD907241C2F3240F849 |
SHA1: | 58EC338C879DDBDF02265CBEFA9A2FB08C569D20 |
SHA-256: | D58FF94F5BB5D49236C138DC109CE83E82879D0D44BE387B0EA3773D908DD25F |
SHA-512: | 9057CE6FA62F83BB3F3EFAB2E5142ABC41190C08846B90492C37A51F07489F69EDA1D1CA6235C2C8510473E8EA443ECC5694E415AEAF3C7BD07F864212064678 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 108482 |
Entropy (8bit): | 7.912405123821417 |
Encrypted: | false |
SSDEEP: | 3072:GJrWNPTGqT+dY71DzPjEwqtDxNko+bJ99K7meX7pr2:GGPTGa08NjYDp+d9imeX7pr2 |
MD5: | 75D5EBE3BB27E63BB7B1B3BFAD5466B0 |
SHA1: | 17E6B14CCF5F5F650F3C1241DFFD4C1E53E5EE3A |
SHA-256: | E2B376D8A9093A89C3427258C2A52BF5B35030144F74295A4B130F17E9C9B464 |
SHA-512: | 27AA12625B373CA99F02D080681BD4B51A6AB1C5DCC8B6E15CAF5D87DBDC1A418472DA0B3B5BC16133B8A5611AA20D84154DC8141D615AB2054A7087B4C2CF0A |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 867 |
Entropy (8bit): | 4.47926401566195 |
Encrypted: | false |
SSDEEP: | 12:85QMNa3LgXg/XAlCPCHaXgzB8IB/6UxuX+Wnicvb3bDtZ3YilMMEpxRljKg1yTdK:85py/XTwz6IwYefDv3qXqrNru/ |
MD5: | 64C9E07A23ED6F71462819388A106F9B |
SHA1: | 949D424E51372DC171CBF44657A5C356BE9F4802 |
SHA-256: | C300CFCAA84EF8230D11DEAA7F7D385AD4C42DDAF986484706914384F8D35014 |
SHA-512: | 02CF2701B62DDEC413A2C29358FD20EB24064E1E4F5414BE7A9BE3339D5B7DAFED98C3BE13F1816EC26DFF35CBDA4347BE1E130784A4CCDE26C97A37B64A8BAC |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2118 |
Entropy (8bit): | 4.53890434678891 |
Encrypted: | false |
SSDEEP: | 24:8V/XTwz6IknpTNe3RBtDv3qXqdM7dD2V/XTwz6IknpTNe3RBtDv3qXqdM7dV:8V/XT3IkpZMHsaQh2V/XT3IkpZMHsaQ/ |
MD5: | 80F9BD0D08F74462CBB9348AE22D2EF9 |
SHA1: | 1207BA7A83F0D892BF874DA10098F18E21DF9EFE |
SHA-256: | 4C38DB76F6983416C691A348FBA03714F8BE499ADFA1F8F2993507A5FCC48B50 |
SHA-512: | 33302294ADBE7A95CBCAA0BF10F70BCDFFA06B74F156F1A1A3D2880D4D4CB916B17BDAD8FAD3D4543516E6DCE90E174828225337C8934D7FAFDFD26CA70687DE |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 109 |
Entropy (8bit): | 4.750124550037971 |
Encrypted: | false |
SSDEEP: | 3:oyBVomxWKS9LRzSShBCZELRzSShBCmxWKS9LRzSShBCv:dj49LdhhmELdhh89Ldhh2 |
MD5: | 3964574BC9DD3C18B48C07D1334EDABC |
SHA1: | F3A4E8168156D52D261727B6D09867A7488C6E2B |
SHA-256: | A8B88213A4FC40A7ECC677D7EAA84C51DDD0BC729002ADDF34DE36230409D12B |
SHA-512: | FC07F8BA89E7D859D109C71A9F07CD8C52AA6DFB4FEF77D76ECAD4AF12DE77B97C49ED28F6779DE5AEE32B9D580D2064DBD888C5626A75EC672078DDE976E376 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 108482 |
Entropy (8bit): | 7.912405123821417 |
Encrypted: | false |
SSDEEP: | 3072:GJrWNPTGqT+dY71DzPjEwqtDxNko+bJ99K7meX7pr2:GGPTGa08NjYDp+d9imeX7pr2 |
MD5: | 75D5EBE3BB27E63BB7B1B3BFAD5466B0 |
SHA1: | 17E6B14CCF5F5F650F3C1241DFFD4C1E53E5EE3A |
SHA-256: | E2B376D8A9093A89C3427258C2A52BF5B35030144F74295A4B130F17E9C9B464 |
SHA-512: | 27AA12625B373CA99F02D080681BD4B51A6AB1C5DCC8B6E15CAF5D87DBDC1A418472DA0B3B5BC16133B8A5611AA20D84154DC8141D615AB2054A7087B4C2CF0A |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS |
MD5: | 96114D75E30EBD26B572C1FC83D1D02E |
SHA1: | A44EEBDA5EB09862AC46346227F06F8CFAF19407 |
SHA-256: | 0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523 |
SHA-512: | 52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0 |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7295 |
Entropy (8bit): | 5.637267147483986 |
Encrypted: | false |
SSDEEP: | 192:ElVZHCkA26xd3Qk/uTtMy47R/Ga0kVhFuPwf8Pn9wHHyJS:EJ8VGaRF8I8K |
MD5: | AFC83AE7C4EA82B533D9B8731AAB3E80 |
SHA1: | A77EB9C6E5472FE4A17385ACB32BF96C9F69A65F |
SHA-256: | FDF900267092BC67BD7786B86C462E69F9ED52BED838809B6BA28B298BE879F6 |
SHA-512: | 5CF249AFF46D7B7C1BE5F2F2CA3D771E6EEB9B85EF8D6CE8BB93DFEEB0957F9E8BF15FC4B57D98A19F76E49C51A68C957EDC6CB98CCC15AE3215BC326D968CF7 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.912414325558474 |
TrID: |
|
File name: | document-933340782.xlsm |
File size: | 108510 |
MD5: | 766f5bb363db9a966b613a42a118798a |
SHA1: | 57e67742fd7e7fa0badddca5b2cceb4cf09048a7 |
SHA256: | 9952ce93009bb9fe2b687053da8db61f551cd524ca2691669257c35aaba18832 |
SHA512: | 3157b083902de46d1aaf75ac978537b479350c145a667c16965936f3ec9c84f08768604abbb4b54a12d37b8ce6b89136651b8083032887e730e6078b49cdaae9 |
SSDEEP: | 3072:Q26TGqT+dY7EDzPjEwqtDlko+bJ99K7meX7pD3:QLTGa084jYDv+d9imeX7pD3 |
File Content Preview: | PK..........!...`.............[Content_Types].xml ...(..............................................................................................................................................................................................##......... |
File Icon |
---|
Icon Hash: | e4e2aa8aa4bcbcac |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "document-933340782.xlsm" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 10:46:54.075469971 CEST | 49167 | 80 | 192.168.2.22 | 50.23.112.133 |
Apr 7, 2021 10:46:54.248955965 CEST | 80 | 49167 | 50.23.112.133 | 192.168.2.22 |
Apr 7, 2021 10:46:54.249090910 CEST | 49167 | 80 | 192.168.2.22 | 50.23.112.133 |
Apr 7, 2021 10:46:54.249636889 CEST | 49167 | 80 | 192.168.2.22 | 50.23.112.133 |
Apr 7, 2021 10:46:54.423564911 CEST | 80 | 49167 | 50.23.112.133 | 192.168.2.22 |
Apr 7, 2021 10:46:54.427109003 CEST | 80 | 49167 | 50.23.112.133 | 192.168.2.22 |
Apr 7, 2021 10:46:54.427304029 CEST | 49167 | 80 | 192.168.2.22 | 50.23.112.133 |
Apr 7, 2021 10:46:54.430351973 CEST | 49167 | 80 | 192.168.2.22 | 50.23.112.133 |
Apr 7, 2021 10:46:54.877640009 CEST | 49167 | 80 | 192.168.2.22 | 50.23.112.133 |
Apr 7, 2021 10:46:55.087573051 CEST | 80 | 49167 | 50.23.112.133 | 192.168.2.22 |
Apr 7, 2021 10:46:55.087595940 CEST | 80 | 49167 | 50.23.112.133 | 192.168.2.22 |
Apr 7, 2021 10:46:55.087610960 CEST | 80 | 49167 | 50.23.112.133 | 192.168.2.22 |
Apr 7, 2021 10:46:55.087620974 CEST | 80 | 49167 | 50.23.112.133 | 192.168.2.22 |
Apr 7, 2021 10:46:55.087632895 CEST | 80 | 49167 | 50.23.112.133 | 192.168.2.22 |
Apr 7, 2021 10:46:55.087821007 CEST | 49167 | 80 | 192.168.2.22 | 50.23.112.133 |
Apr 7, 2021 10:46:55.274617910 CEST | 49168 | 80 | 192.168.2.22 | 31.170.166.139 |
Apr 7, 2021 10:46:55.393896103 CEST | 80 | 49168 | 31.170.166.139 | 192.168.2.22 |
Apr 7, 2021 10:46:55.395517111 CEST | 49168 | 80 | 192.168.2.22 | 31.170.166.139 |
Apr 7, 2021 10:46:55.395570040 CEST | 49168 | 80 | 192.168.2.22 | 31.170.166.139 |
Apr 7, 2021 10:46:55.515464067 CEST | 80 | 49168 | 31.170.166.139 | 192.168.2.22 |
Apr 7, 2021 10:46:55.620822906 CEST | 80 | 49168 | 31.170.166.139 | 192.168.2.22 |
Apr 7, 2021 10:46:55.620996952 CEST | 49168 | 80 | 192.168.2.22 | 31.170.166.139 |
Apr 7, 2021 10:46:55.794830084 CEST | 49169 | 80 | 192.168.2.22 | 143.95.33.96 |
Apr 7, 2021 10:46:55.941339016 CEST | 80 | 49169 | 143.95.33.96 | 192.168.2.22 |
Apr 7, 2021 10:46:55.941493988 CEST | 49169 | 80 | 192.168.2.22 | 143.95.33.96 |
Apr 7, 2021 10:46:55.942820072 CEST | 49169 | 80 | 192.168.2.22 | 143.95.33.96 |
Apr 7, 2021 10:46:56.088896990 CEST | 80 | 49169 | 143.95.33.96 | 192.168.2.22 |
Apr 7, 2021 10:46:56.220531940 CEST | 80 | 49169 | 143.95.33.96 | 192.168.2.22 |
Apr 7, 2021 10:46:56.220602989 CEST | 49169 | 80 | 192.168.2.22 | 143.95.33.96 |
Apr 7, 2021 10:46:56.221170902 CEST | 49169 | 80 | 192.168.2.22 | 143.95.33.96 |
Apr 7, 2021 10:46:56.228161097 CEST | 80 | 49169 | 143.95.33.96 | 192.168.2.22 |
Apr 7, 2021 10:46:56.228245020 CEST | 49169 | 80 | 192.168.2.22 | 143.95.33.96 |
Apr 7, 2021 10:46:56.280091047 CEST | 49170 | 80 | 192.168.2.22 | 103.68.166.129 |
Apr 7, 2021 10:46:56.369083881 CEST | 80 | 49169 | 143.95.33.96 | 192.168.2.22 |
Apr 7, 2021 10:46:56.369193077 CEST | 49169 | 80 | 192.168.2.22 | 143.95.33.96 |
Apr 7, 2021 10:46:56.390928984 CEST | 80 | 49170 | 103.68.166.129 | 192.168.2.22 |
Apr 7, 2021 10:46:56.391096115 CEST | 49170 | 80 | 192.168.2.22 | 103.68.166.129 |
Apr 7, 2021 10:46:56.392405987 CEST | 49170 | 80 | 192.168.2.22 | 103.68.166.129 |
Apr 7, 2021 10:46:56.506817102 CEST | 80 | 49170 | 103.68.166.129 | 192.168.2.22 |
Apr 7, 2021 10:46:56.506926060 CEST | 49170 | 80 | 192.168.2.22 | 103.68.166.129 |
Apr 7, 2021 10:46:56.739958048 CEST | 49171 | 80 | 192.168.2.22 | 66.36.231.40 |
Apr 7, 2021 10:46:56.840977907 CEST | 80 | 49171 | 66.36.231.40 | 192.168.2.22 |
Apr 7, 2021 10:46:56.841373920 CEST | 49171 | 80 | 192.168.2.22 | 66.36.231.40 |
Apr 7, 2021 10:46:56.842498064 CEST | 49171 | 80 | 192.168.2.22 | 66.36.231.40 |
Apr 7, 2021 10:46:56.944106102 CEST | 80 | 49171 | 66.36.231.40 | 192.168.2.22 |
Apr 7, 2021 10:46:57.104089022 CEST | 80 | 49171 | 66.36.231.40 | 192.168.2.22 |
Apr 7, 2021 10:46:57.104269981 CEST | 49171 | 80 | 192.168.2.22 | 66.36.231.40 |
Apr 7, 2021 10:47:01.456758976 CEST | 80 | 49168 | 31.170.166.139 | 192.168.2.22 |
Apr 7, 2021 10:47:01.456913948 CEST | 49168 | 80 | 192.168.2.22 | 31.170.166.139 |
Apr 7, 2021 10:48:00.087519884 CEST | 80 | 49167 | 50.23.112.133 | 192.168.2.22 |
Apr 7, 2021 10:48:00.090121984 CEST | 49167 | 80 | 192.168.2.22 | 50.23.112.133 |
Apr 7, 2021 10:48:02.100714922 CEST | 80 | 49171 | 66.36.231.40 | 192.168.2.22 |
Apr 7, 2021 10:48:02.100928068 CEST | 49171 | 80 | 192.168.2.22 | 66.36.231.40 |
Apr 7, 2021 10:48:53.845046997 CEST | 49171 | 80 | 192.168.2.22 | 66.36.231.40 |
Apr 7, 2021 10:48:53.845238924 CEST | 49170 | 80 | 192.168.2.22 | 103.68.166.129 |
Apr 7, 2021 10:48:53.845417023 CEST | 49168 | 80 | 192.168.2.22 | 31.170.166.139 |
Apr 7, 2021 10:48:53.845612049 CEST | 49167 | 80 | 192.168.2.22 | 50.23.112.133 |
Apr 7, 2021 10:48:53.945624113 CEST | 80 | 49171 | 66.36.231.40 | 192.168.2.22 |
Apr 7, 2021 10:48:53.956664085 CEST | 80 | 49170 | 103.68.166.129 | 192.168.2.22 |
Apr 7, 2021 10:48:53.956782103 CEST | 49170 | 80 | 192.168.2.22 | 103.68.166.129 |
Apr 7, 2021 10:48:54.019201040 CEST | 80 | 49167 | 50.23.112.133 | 192.168.2.22 |
Apr 7, 2021 10:48:54.187586069 CEST | 49168 | 80 | 192.168.2.22 | 31.170.166.139 |
Apr 7, 2021 10:48:54.858479977 CEST | 49168 | 80 | 192.168.2.22 | 31.170.166.139 |
Apr 7, 2021 10:48:56.184684992 CEST | 49168 | 80 | 192.168.2.22 | 31.170.166.139 |
Apr 7, 2021 10:48:58.836857080 CEST | 49168 | 80 | 192.168.2.22 | 31.170.166.139 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 10:46:53.897473097 CEST | 52197 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 7, 2021 10:46:54.057022095 CEST | 53 | 52197 | 8.8.8.8 | 192.168.2.22 |
Apr 7, 2021 10:46:55.112276077 CEST | 53099 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 7, 2021 10:46:55.270534992 CEST | 53 | 53099 | 8.8.8.8 | 192.168.2.22 |
Apr 7, 2021 10:46:55.637224913 CEST | 52838 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 7, 2021 10:46:55.792998075 CEST | 53 | 52838 | 8.8.8.8 | 192.168.2.22 |
Apr 7, 2021 10:46:56.232707977 CEST | 61200 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 7, 2021 10:46:56.276132107 CEST | 53 | 61200 | 8.8.8.8 | 192.168.2.22 |
Apr 7, 2021 10:46:56.523128986 CEST | 49548 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 7, 2021 10:46:56.735892057 CEST | 53 | 49548 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 7, 2021 10:46:53.897473097 CEST | 192.168.2.22 | 8.8.8.8 | 0xbf29 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 7, 2021 10:46:55.112276077 CEST | 192.168.2.22 | 8.8.8.8 | 0xfbeb | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 7, 2021 10:46:55.637224913 CEST | 192.168.2.22 | 8.8.8.8 | 0xccae | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 7, 2021 10:46:56.232707977 CEST | 192.168.2.22 | 8.8.8.8 | 0x887e | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 7, 2021 10:46:56.523128986 CEST | 192.168.2.22 | 8.8.8.8 | 0x315e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 7, 2021 10:46:54.057022095 CEST | 8.8.8.8 | 192.168.2.22 | 0xbf29 | No error (0) | 50.23.112.133 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:46:55.270534992 CEST | 8.8.8.8 | 192.168.2.22 | 0xfbeb | No error (0) | 31.170.166.139 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:46:55.792998075 CEST | 8.8.8.8 | 192.168.2.22 | 0xccae | No error (0) | 143.95.33.96 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:46:56.276132107 CEST | 8.8.8.8 | 192.168.2.22 | 0x887e | No error (0) | 103.68.166.129 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:46:56.735892057 CEST | 8.8.8.8 | 192.168.2.22 | 0x315e | No error (0) | 66.36.231.40 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49167 | 50.23.112.133 | 80 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 7, 2021 10:46:54.249636889 CEST | 0 | OUT | |
Apr 7, 2021 10:46:54.427109003 CEST | 1 | IN | |
Apr 7, 2021 10:46:54.430351973 CEST | 1 | OUT | |
Apr 7, 2021 10:46:54.877640009 CEST | 2 | OUT | |
Apr 7, 2021 10:46:55.087573051 CEST | 3 | IN |