Analysis Report Current-Status-062021-81197.xlsb
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XlsWithMacro4 | Yara detected Xls With Macro 4.0 | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | File opened: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | ||
Source: | Code function: |
Software Vulnerabilities: |
---|
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | Code function: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Contains functionality to create processes via WMI | Show sources |
Source: | Binary or memory string: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process Stats: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Dropped File: | ||
Source: | Dropped File: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Command line argument: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Window detected: |
Source: | Initial sample: |
Source: | Key opened: |
Source: | File opened: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Persistence and Installation Behavior: |
---|
Creates processes via WMI | Show sources |
Source: | WMI Queries: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Code function: |
Source: | Registry key monitored for changes: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Code function: |
Source: | API coverage: |
Source: | Last function: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation21 | Application Shimming1 | Application Shimming1 | Disable or Modify Tools1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scripting1 | Boot or Logon Initialization Scripts | Process Injection2 | Deobfuscate/Decode Files or Information1 | LSASS Memory | Account Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Encrypted Channel12 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Native API1 | Logon Script (Windows) | Logon Script (Windows) | Scripting1 | Security Account Manager | File and Directory Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | Exploitation for Client Execution33 | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information2 | NTDS | System Information Discovery24 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Command and Scripting Interpreter2 | Network Logon Script | Network Logon Script | Masquerading121 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Process Injection2 | Cached Domain Credentials | Security Software Discovery121 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | Process Discovery2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Owner/User Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | Remote System Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | System Network Configuration Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | Virustotal | Browse | ||
2% | ReversingLabs |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
17% | ReversingLabs | |||
17% | ReversingLabs |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
injuryless.com | 193.178.169.243 | true | true |
| unknown |
pigeonious.com | 95.142.44.93 | true | false | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
true |
| unknown | ||
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high | |||
true |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.178.169.243 | injuryless.com | unknown | 48282 | VDSINA-ASRU | true | |
95.142.44.93 | pigeonious.com | Russian Federation | 210079 | EUROBYTEEurobyteLLCMoscowRussiaRU | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 432839 |
Start date: | 10.06.2021 |
Start time: | 20:29:54 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | Current-Status-062021-81197.xlsb |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.expl.evad.winXLSB@5/8@2/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
20:30:52 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
193.178.169.243 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
95.142.44.93 | Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
pigeonious.com | Get hash | malicious | Browse |
| |
injuryless.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
VDSINA-ASRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
EUROBYTEEurobyteLLCMoscowRussiaRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 511488 |
Entropy (8bit): | 7.3404073760047375 |
Encrypted: | false |
SSDEEP: | 12288:cyLjvFCsHOFO7t8BmzXiDm/znL2wOhlYuGUoPavYWIJdvrQoDptkYIN:BLDFTHOF0anwGYuGDQ2vQoDk5N |
MD5: | 526D56017EF5105277FE0D366C95C39D |
SHA1: | 78A40D523F4B887B2383681FECE447EF911C24EF |
SHA-256: | 28F2FA4F9AC95C3FC906E201B758D56C6A888B657DCF57C351A4F34FFB3E0FE2 |
SHA-512: | F2DC53598455B422B6B53108E94229B0F5791AC25188F0ED73FB4BFF1DF018B745F1F73714E97CF4E1C52475473326C1C91DC6070D331080F1FAAF696D58841E |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 134922 |
Entropy (8bit): | 5.369119258003808 |
Encrypted: | false |
SSDEEP: | 1536:4cQIKNEeBXA3gBwlpQ9DQW+z7534ZliKWXboOilX5ENLWME9:gEQ9DQW+ziXOe |
MD5: | 042D3F746892226A7BE71431B6635EBD |
SHA1: | A171A408788DD9EE855D4C87E960E98CF4C43ED0 |
SHA-256: | F0FF8798D6B5E8D85FADFF08F7A9974F0843DF23BE340F28B886C9E84F0BB6FC |
SHA-512: | 9AAF01336D99A1754C9C1B5AB6AEA9402CC2FB9B821656FBF4FBDF8DD9912BB805526D6974AB4F650D293A2D33779B9C16BEAB621E404CE8EF2A29E7AD9F8E40 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 462772 |
Entropy (8bit): | 7.968569347884841 |
Encrypted: | false |
SSDEEP: | 12288:yycQMfTEzs+VfqjROL5bgSj86X/5ARknBqrZsNAdee:yQMfYBVf1xBARkgaNyr |
MD5: | 5D1C907B7A28ED91D8A704A7CE928FAF |
SHA1: | FA56635F0C2A6D93DABE3E0636DADEAECDFCE804 |
SHA-256: | AD72EF87E54764A13E87BBD446029F48D70114B120E6DA7025947B1D51554486 |
SHA-512: | 52A22A801395A467AABC02B4C24236FCAC4197407FC0F5C4B0D9C79C8DFB9A5DD0D935C67A7730B7EBFCD80013967F392D48D6E697A09E684BCDC62F7DBB6376 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 511488 |
Entropy (8bit): | 7.3404073760047375 |
Encrypted: | false |
SSDEEP: | 12288:cyLjvFCsHOFO7t8BmzXiDm/znL2wOhlYuGUoPavYWIJdvrQoDptkYIN:BLDFTHOF0anwGYuGDQ2vQoDk5N |
MD5: | 526D56017EF5105277FE0D366C95C39D |
SHA1: | 78A40D523F4B887B2383681FECE447EF911C24EF |
SHA-256: | 28F2FA4F9AC95C3FC906E201B758D56C6A888B657DCF57C351A4F34FFB3E0FE2 |
SHA-512: | F2DC53598455B422B6B53108E94229B0F5791AC25188F0ED73FB4BFF1DF018B745F1F73714E97CF4E1C52475473326C1C91DC6070D331080F1FAAF696D58841E |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
IE Cache URL: | https://pigeonious.com/img/logo.png |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1041070 |
Entropy (8bit): | 7.855884638864563 |
Encrypted: | false |
SSDEEP: | 12288:Qp4WH4vcCRa6p1RtTycQMfTEzs+VfqjROL5bgSj86X/5ARknBqrZsNAde5:O4vdRa6p1Rt/QMfYBVf1xBARkgaNys |
MD5: | A6832F006ECA34E5E7495F7A3B5ADC6B |
SHA1: | 801FE0D57B16BFF66056840CD47BEED33B4ABB5C |
SHA-256: | 8DE78336A3BD486ABFE0B3DF88EFC9AD8BF2A64BF309C7107565F16BF838F757 |
SHA-512: | F7CC6E711DB08682BF125388C1395696A9073A236BB8196647DA27A4B53F450373D3BC52A1EAFCDB017108845450A469FFA14E1859DA419FE18135E3C7FD0EBF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 2.9808259362290785 |
Encrypted: | false |
SSDEEP: | 3:QAlX0Gn:QKn |
MD5: | 7962B839183642D3CDC2F9CEBDBF85CE |
SHA1: | 2BE8F6F309962ED367866F6E70668508BC814C2D |
SHA-256: | 5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6 |
SHA-512: | 2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtt:RJ1 |
MD5: | 7AB76C81182111AC93ACF915CA8331D5 |
SHA1: | 68B94B5D4C83A6FB415C8026AF61F3F8745E2559 |
SHA-256: | 6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF |
SHA-512: | A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Windows\SysWOW64\wbem\WMIC.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 160 |
Entropy (8bit): | 5.083203110114614 |
Encrypted: | false |
SSDEEP: | 3:YwM2FgCKGWMRX1eRHXWXKSovrj4WA3iygK5k3koZ3Pveys1Mgjd330qJQAiveyzr:Yw7gJGWMXJXKSOdYiygKkXe/eg1deAin |
MD5: | C62814DB19512E50685CCD10C45F4557 |
SHA1: | 91CB5A204B91F9F81D791B07AACBE4CB2A79CC85 |
SHA-256: | FBDC5DD1D2DA5FEACF83F4FF1781A49DEDA141E18E33326B92B66D8D49C6725F |
SHA-512: | 7608BF46F85343150B8B4BD37FD994EEE0CE3D61BF5613A8D1DD3C93DD2B11E63190D419140DFE5A7AFED08E88C8B3C592E5241E4C048E6D670747A522B1D4FD |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.994144310692157 |
TrID: |
|
File name: | Current-Status-062021-81197.xlsb |
File size: | 468533 |
MD5: | 1ac719c744d22f42e4978e7b55828435 |
SHA1: | 4ddc7358f615987bf92ed9192430693db65b097c |
SHA256: | d9be275feff4b3383821b1483ba93424fb27aa40e138da41a91511193d9538cb |
SHA512: | 736bcf96ca99c893c535c555133a092400e1dbc5f5143500d152c537bccc9d3faf7d541b3b11be82b68bbf4c7a1528c5fa3b45394d5b2b958c4d1d4d024e7d22 |
SSDEEP: | 12288:ag+iWCVTHlJFnI6TDEeTSH/NJDjXcXdeanuxZ2:4iVVTHxNcoSJDK1nuxA |
File Content Preview: | PK...........R................docProps/PK..........!.,...............docProps/app.xml.S.N.0.....`.N...Zu.#T.XQ.....u&.EbG.......m.ZNp{3o........"-8....x.Q.F.\.ML......x.&..5...xz-...Kg.p... a|LK.f..W%....m.SXWK...0[.Z..U.5.d.Qt.`.`r./.^..)N[..hn.....vM... |
File Icon |
---|
Icon Hash: | 74f0d0d2c6d6d0f4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "Current-Status-062021-81197.xlsb" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 10, 2021 20:30:50.656872988 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.735166073 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.736341953 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.736397028 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.814826012 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.814945936 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.814997911 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.815037012 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.815064907 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.815098047 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.815139055 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.815151930 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.816432953 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.817647934 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.830462933 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.909135103 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.909990072 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.910018921 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.988725901 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.988765955 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.988782883 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.988800049 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.988817930 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.988842964 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.988866091 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.988888025 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.988903046 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.988912106 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.988934994 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.988936901 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:50.988950968 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:50.989264965 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067203045 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067236900 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067260981 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067274094 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067286015 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067308903 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067311049 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067337990 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067342997 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067352057 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067358017 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067363977 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067377090 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067389011 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067404985 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067413092 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067440033 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067456007 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067465067 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067481995 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067490101 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067514896 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067539930 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067542076 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067553997 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067562103 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067569971 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067586899 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067595005 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067610025 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067617893 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067629099 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067645073 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067660093 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067672968 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067697048 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.067706108 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067724943 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.067734957 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.145869017 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.145936966 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.145956993 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.145986080 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.145993948 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146038055 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146055937 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.146079063 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146085978 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.146117926 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146135092 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.146159887 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146181107 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.146198988 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146203995 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.146248102 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146251917 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.146291971 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146305084 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.146333933 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146348953 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.146374941 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146390915 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.146415949 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146434069 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.146455050 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146466970 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
Jun 10, 2021 20:30:51.146495104 CEST | 443 | 49734 | 95.142.44.93 | 192.168.2.4 |
Jun 10, 2021 20:30:51.146512032 CEST | 49734 | 443 | 192.168.2.4 | 95.142.44.93 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 10, 2021 20:30:34.206564903 CEST | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:34.265006065 CEST | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:36.034472942 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:36.094928980 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:36.527556896 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:36.579847097 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:37.512619972 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:37.565578938 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:38.587871075 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:38.640319109 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:39.676168919 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:39.729420900 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:43.873945951 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:43.926970005 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:45.612584114 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:45.663584948 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:46.848140001 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:46.941303015 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:47.008368969 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:47.061393023 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:47.385363102 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:47.463027000 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:48.405050993 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:48.463570118 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:49.474627018 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:49.547060013 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:50.261271954 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:50.311780930 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:50.593030930 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:50.654596090 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:51.202831030 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:51.262556076 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:51.513902903 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:51.572402000 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:52.146414995 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:52.196537971 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:53.110058069 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:53.168947935 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:53.953429937 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:54.003418922 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:54.151655912 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:54.212208986 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:55.563076019 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:55.622031927 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:58.565296888 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:58.615401983 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:30:59.352473021 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:30:59.405525923 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:31:00.807920933 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:31:00.858035088 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:31:01.786041021 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:31:01.839013100 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:31:02.582092047 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:31:02.635498047 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:31:05.022397041 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:31:05.084589005 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:31:28.078067064 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:31:28.155484915 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:31:44.279566050 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:31:44.342488050 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:02.298568010 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:02.362150908 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:18.171941042 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:18.308784962 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:19.322381973 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:19.384074926 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:20.658437967 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:20.725275040 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:21.333220959 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:21.402667046 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:21.532211065 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:21.592154980 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:22.647661924 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:22.706135035 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:23.740199089 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:23.885641098 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:24.785346031 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:24.845444918 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:26.169083118 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:26.227855921 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:27.690294981 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:27.750433922 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:28.589855909 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:28.648789883 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:39.751075983 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:39.820959091 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:32:42.083051920 CEST | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:32:42.149908066 CEST | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:35:24.917782068 CEST | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:35:24.996901989 CEST | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:35:25.490921974 CEST | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:35:25.565099001 CEST | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:35:31.229485989 CEST | 57525 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:35:31.299700975 CEST | 53 | 57525 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:35:35.154139042 CEST | 53814 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:35:35.204423904 CEST | 53 | 53814 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 20:35:35.470817089 CEST | 53418 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 20:35:35.539988041 CEST | 53 | 53418 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 10, 2021 20:30:50.593030930 CEST | 192.168.2.4 | 8.8.8.8 | 0xf09c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 10, 2021 20:30:54.151655912 CEST | 192.168.2.4 | 8.8.8.8 | 0xc717 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 10, 2021 20:30:50.654596090 CEST | 8.8.8.8 | 192.168.2.4 | 0xf09c | No error (0) | 95.142.44.93 | A (IP address) | IN (0x0001) | ||
Jun 10, 2021 20:30:54.212208986 CEST | 8.8.8.8 | 192.168.2.4 | 0xc717 | No error (0) | 193.178.169.243 | A (IP address) | IN (0x0001) | ||
Jun 10, 2021 20:35:24.996901989 CEST | 8.8.8.8 | 192.168.2.4 | 0x725c | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jun 10, 2021 20:30:50.816432953 CEST | 95.142.44.93 | 443 | 192.168.2.4 | 49734 | CN=pigeonious.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Tue Jun 08 15:19:13 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021 | Mon Sep 06 15:19:13 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 | |||||||
CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Jan 20 20:14:03 CET 2021 | Mon Sep 30 20:14:03 CEST 2024 | |||||||
Jun 10, 2021 20:30:54.346164942 CEST | 193.178.169.243 | 443 | 192.168.2.4 | 49739 | CN=injuryless.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Thu May 27 15:42:29 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021 | Wed Aug 25 15:42:29 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 | |||||||
CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Jan 20 20:14:03 CET 2021 | Mon Sep 30 20:14:03 CEST 2024 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 20:30:45 |
Start date: | 10/06/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1150000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 20:30:51 |
Start date: | 10/06/2021 |
Path: | C:\Windows\SysWOW64\wbem\WMIC.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x60000 |
File size: | 391680 bytes |
MD5 hash: | 79A01FCD1C8166C5642F37D1E0FB7BA8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 20:30:51 |
Start date: | 10/06/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 20:30:52 |
Start date: | 10/06/2021 |
Path: | C:\Users\Public\SettingSyncHost |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x390000 |
File size: | 511488 bytes |
MD5 hash: | 526D56017EF5105277FE0D366C95C39D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|