Analysis Report http://codepoints.net/static/js/codepoint.js!3c67217e710120291b75e8c13546e320?_=1618365050047
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Code function: | 2_2_02CB08E6 | |
Source: | Code function: | 2_2_02CB0A66 | |
Source: | Code function: | 2_2_02CB0406 | |
Source: | Code function: | 2_2_02CB0B86 | |
Source: | Code function: | 2_2_02CB050E | |
Source: | Code function: | 2_2_02CB0CA6 | |
Source: | Code function: | 2_2_02CB059E | |
Source: | Code function: | 2_2_02CB011E | |
Source: | Code function: | 2_2_02CB01C6 | |
Source: | Code function: | 2_2_02CB050E | |
Source: | Code function: | 2_2_02CB0C76 | |
Source: | Code function: | 2_2_02CB06D6 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | System Information Discovery12 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Remote System Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Scripting1 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Ingress Tool Transfer1 | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
codepoints.net | 172.67.132.46 | true | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| low | ||
false | high | |||
false | high |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 392890 |
Start date: | 19.04.2021 |
Start time: | 23:56:19 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 2m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | urldownload.jbs |
Sample URL: | http://codepoints.net/static/js/codepoint.js!3c67217e710120291b75e8c13546e320?_=1618365050047 |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@5/3@1/2 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\wget.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1084 |
Entropy (8bit): | 5.158605751644497 |
Encrypted: | false |
SSDEEP: | 24:PoGM1ZWw+2ZWXxeP6xMZovPoxMM2ZWSxePgSb7FnN6Kb71:AGAWwXZWXbexCZWSYb+KbJ |
MD5: | 499EEFC60ADFE5425E5B2662B63E459C |
SHA1: | 22F0C635D5D645E832C084A3039BEF90D0CD0F9E |
SHA-256: | 4C3983BA84EFC540F73F75A54375171A15FBF216469DD5D06D67AD47F7F14465 |
SHA-512: | B74D6D28B6EAA6D19B612DAA86AC6E965CB23E5D58C5447BB47BE187F5460940EF9329A589029C5FE73F6BF41DA0A498F79EE20F3560D5B82879477AEDDA625D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\wget.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 173 |
Entropy (8bit): | 5.135446645530035 |
Encrypted: | false |
SSDEEP: | 3:SY2FyFARLlbwFAM9CxnOLVFzDwIVhyyJxWQ5RdkA8dyDFs0XRcRBsWaov:SYeRLlbA0noH9VhyyJQQ5oA8UDi5XsWT |
MD5: | 12EEDA5DB822588D995F9481D35EFBED |
SHA1: | CAA0F4033F580F969D906396D9B4F8384F2FBAF3 |
SHA-256: | F5C45299A53223ABB1B3222A47614D9BF2BA89B778278B440371515BF25EF80D |
SHA-512: | B971ADFF69992DAE09974A9683C4A46C86E50A36F3007C544E449E391856C8099821E0178D996C58FA4DB06E2BA195340DA4D7005417629948FD8A7910A6B1C6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\wget.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 31433 |
Entropy (8bit): | 5.334704231959762 |
Encrypted: | false |
SSDEEP: | 768:hkhSZhy+WU3ex7lVB3vCg+nMo9mNaOHf8cKXJXac:hAw3ClGoVKXJXD |
MD5: | 3C67217E710120291B75E8C13546E320 |
SHA1: | AA9D4DC6BCB030B4B3669D98D1F2474D60544A5C |
SHA-256: | BC3DAD26E9361E22809C5DA883066BFC4C724FDFBD552BB6E048F7DF5353FA38 |
SHA-512: | 8F2EA8352350BBEE3E7E43F258D0607778BB27695F9E664F06E3689B1B6C1696FEC7C34122F882F8EBC726F0D4D47035C1E10A2EF52CDC6E5B497F9096AD0459 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2021 23:57:03.519366980 CEST | 49756 | 80 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:03.571017981 CEST | 80 | 49756 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:03.571142912 CEST | 49756 | 80 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:03.572415113 CEST | 49756 | 80 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:03.623956919 CEST | 80 | 49756 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:03.673808098 CEST | 80 | 49756 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:03.673851967 CEST | 80 | 49756 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:03.673914909 CEST | 49756 | 80 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:03.766424894 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:03.818058968 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:03.818173885 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:03.822818041 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:03.875365019 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:03.879390955 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:03.879448891 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:03.879513979 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:03.882630110 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:03.935578108 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:03.935746908 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:03.938401937 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:03.989964008 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.108247995 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.108270884 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.108290911 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.108304024 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.108319044 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.108335972 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.108350992 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.108352900 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.108372927 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.108380079 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.108396053 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.108416080 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.109473944 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.109492064 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.109659910 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.110627890 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.110646963 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.110697985 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.111912966 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.111929893 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.111999035 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.113037109 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.113058090 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.113158941 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.114347935 CEST | 49756 | 80 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.114356995 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.114382982 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.114444017 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.115513086 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.115535975 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.115586042 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.116678953 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.116703033 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.116754055 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.118690014 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.118721962 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.118782043 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.119077921 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.119107008 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.119172096 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.120260954 CEST | 443 | 49757 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.168994904 CEST | 80 | 49756 | 172.67.132.46 | 192.168.2.4 |
Apr 19, 2021 23:57:04.169087887 CEST | 49756 | 80 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.170644999 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
Apr 19, 2021 23:57:04.579210043 CEST | 49757 | 443 | 192.168.2.4 | 172.67.132.46 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2021 23:56:55.975506067 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:56:56.024126053 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:56:56.861954927 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:56:56.923043966 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:56:57.825664997 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:56:57.874341011 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:00.310434103 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:00.359138966 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:01.310204029 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:01.361684084 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:02.209863901 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:02.258493900 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:03.230737925 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:03.281030893 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:03.451055050 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:03.509973049 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:04.222884893 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:04.272931099 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:05.138631105 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:05.188189983 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:06.364178896 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:06.424177885 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:07.255764008 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:07.307087898 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:08.427530050 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:08.476598978 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:09.322879076 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:09.373547077 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:11.222143888 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:11.280639887 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:12.014138937 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:12.075429916 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:12.836302996 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:12.887886047 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:13.731420994 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:13.784745932 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Apr 19, 2021 23:57:14.555850983 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 19, 2021 23:57:14.615953922 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 19, 2021 23:57:03.451055050 CEST | 192.168.2.4 | 8.8.8.8 | 0x983f | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 19, 2021 23:57:03.509973049 CEST | 8.8.8.8 | 192.168.2.4 | 0x983f | No error (0) | 172.67.132.46 | A (IP address) | IN (0x0001) | ||
Apr 19, 2021 23:57:03.509973049 CEST | 8.8.8.8 | 192.168.2.4 | 0x983f | No error (0) | 104.21.12.155 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49756 | 172.67.132.46 | 80 | C:\Windows\SysWOW64\wget.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 19, 2021 23:57:03.572415113 CEST | 961 | OUT | |
Apr 19, 2021 23:57:03.673808098 CEST | 967 | IN | |
Apr 19, 2021 23:57:03.673851967 CEST | 967 | IN |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2021 23:57:03.879448891 CEST | 172.67.132.46 | 443 | 192.168.2.4 | 49757 | CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Fri Jul 24 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020 | Sat Jul 24 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025 | 771,49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-61-60-53-47-255,0-11-10-35-22-23-13,29-23-25-24,0-1-2 | 807fca46d9d0cf63adf4e5e80e414bbe |
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Mon Jan 27 13:48:08 CET 2020 | Wed Jan 01 00:59:59 CET 2025 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 23:57:01 |
Start date: | 19/04/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 23:57:02 |
Start date: | 19/04/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 23:57:03 |
Start date: | 19/04/2021 |
Path: | C:\Windows\SysWOW64\wget.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3895184 bytes |
MD5 hash: | 3DADB6E2ECE9C4B3E1E322E617658B60 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 23:57:05 |
Start date: | 19/04/2021 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c83b0000 |
File size: | 163840 bytes |
MD5 hash: | 9A68ADD12EB50DDE7586782C3EB9FF9C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|