Analysis Report https://protect-au.mimecast.com/s/0cIYC2xZY3ho5XqGtgUIfa?domain=securemailcenter.citigroup.com
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | File opened: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com | 3.17.15.199 | true | false | high | |
securemailcenter.citigroup.com | 192.193.154.4 | true | false | high | |
protect-au.mimecast.com | 124.47.150.19 | true | false | high | |
pr.ssm.echoworx.net | unknown | unknown | false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
124.47.150.19 | protect-au.mimecast.com | Australia | 17477 | MCT-SYDNEYMacquarieTelecomAU | false | |
192.193.154.4 | securemailcenter.citigroup.com | United States | 32287 | SOLANA-CITIPLEXUS | false | |
3.17.15.199 | alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com | United States | 16509 | AMAZON-02US | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 433024 |
Start date: | 11.06.2021 |
Start time: | 06:49:01 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://protect-au.mimecast.com/s/0cIYC2xZY3ho5XqGtgUIfa?domain=securemailcenter.citigroup.com |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@3/40@4/3 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30296 |
Entropy (8bit): | 1.8557599925768367 |
Encrypted: | false |
SSDEEP: | 96:rtZ+Z52/WTt2bfTEjKMrbq/hQlxfEES6X:rtZ+Z52/WTt2fTxMyaDfEsX |
MD5: | ED5C71D0985BF079B81B2639779414A6 |
SHA1: | 06A0780E7C31BCF29EBF0D1DDE997B1B611AF82B |
SHA-256: | BB4F1534FC33E73AB15E1AEAE8228AA5D37FE08FEB1FC5960B5990948324C0D4 |
SHA-512: | 059A3A1349F2723BB0E2695D9087AE052A4E287884C1582D9772312B0D7C38A300EBEA5CB05B8CA08A351EE3F672D1BFC9E583EFEB54E8763847A265D844834B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53204 |
Entropy (8bit): | 2.261607073764284 |
Encrypted: | false |
SSDEEP: | 192:rGZhQl6fkMjx29WfM/XD4VKMgeltgAifGNIntANsr:rC2Qc+gUU/04x2G9fGItANc |
MD5: | 1562084AEB2D9133767F7FC05B3614A4 |
SHA1: | 7533A89C10FE30667CFF6B7551A14277FC0675B6 |
SHA-256: | 423B6531CA6A78ADCD812B6658C04152939EB1AAB8B76DE2B1BD379E2D9E1518 |
SHA-512: | D5C3EB11D5A4D1F9BFCBCFB8C743DAB930D1E9E53CEEA478F7ADE6A2F1910E5F06E505DC6AD727C9C563FCCCF01668DABBEBC795D325CE1A12A4721FE694A38C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5663621950005358 |
Encrypted: | false |
SSDEEP: | 48:IwkGcpr1jGwpasG4pQ0GrapbSZGQpK1G7HpR2cTGIpG:r4ZLQs6CBSzAkT2IA |
MD5: | 1064429E3B657B603B6B7D3E6F8F298B |
SHA1: | 1700CAC169F8BEBFC475416CCA4251FCC9478DCA |
SHA-256: | C4DC468DDF4D4208F2ECCA3C99898F99729B9F10DFC0DB346992C2A592FBC9D6 |
SHA-512: | 2A3001509B41B9D5DF50668C64A94FB236CD34DD55AC01D722D3BF9D32EE6D90F348D9367EABD41BA2D0273314D5CF8A7B3B8D2940E365D71E26B1B37D0DF9AC |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7994 |
Entropy (8bit): | 5.6329723730127474 |
Encrypted: | false |
SSDEEP: | 192:+akFfXfrFxjschAsZ+GUI+xLb6ckMCDjDIToT:9CbjsUUGUI4b6xdcUT |
MD5: | A9751FDF594AAC3D12DF4548E7C94E5C |
SHA1: | 1BF71E12B1BCEF53A6902A6F7516D463EABA935C |
SHA-256: | B1F92A86AAC1B6670D371BF0777A5D33A3367104119B5A8B38396998B0BC0D08 |
SHA-512: | 0A9E6146EA2A1B0149D5A2F386E42728C988319FB28B3C2441C00E7F6C5D4DDD381C2BC381098BE3A047E4EA869BD75E5B44100810D245F904B0F079A5DF7AFF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 59568 |
Entropy (8bit): | 4.741164012289254 |
Encrypted: | false |
SSDEEP: | 1536:FEkPxLE4/6mHQpBCfdj9tMlXWwyutiJ+woECpesJlx:1PxA4/69pBUdxedx |
MD5: | 7190C65BA7C5B641D40B8E641F1ADDFB |
SHA1: | 8FEBC5368C014CB0AE03F8071FCE7CFDC8E4154A |
SHA-256: | A0B4379389210104B22B6B7BFD8089C91924100A39A156746A86FC3396EA5DCD |
SHA-512: | 6641B754575D09009BF80DFF1F0D9F4DFCC3376C38F1A9167CD255BF807B0EBCA40672AC551FDCCCF4C97D3BE2200A7B9A1D2FBB46A882CCDE5DDF7C8410DBE6 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/lib/font-awesome/5.13.0/css/all.min-76cb46c10b6c0293433b371bae2414b2.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 42 |
Entropy (8bit): | 4.129947184477478 |
Encrypted: | false |
SSDEEP: | 3:yLRmcsVMHSSALRAc:yL//AlV |
MD5: | E3BC05CC2804FF589F50B80C57B66A36 |
SHA1: | A56B8E56794A9D86C9A98815C76586C0DA020945 |
SHA-256: | D02F9D48E5E86255E31D99F4129CCB6524F76418E21A48073241D2E7CAE1AFE7 |
SHA-512: | 6A791785E851E668E295E1D06E237251FAE6C945F50771D85D595EB85E7396CA58E11630B7ED0068C0964024FFEDA3FB1DBCEA816104C1C93CBCE64DED1E16B3 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/help/Include/WebsiteName.txt |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 31 |
Entropy (8bit): | 4.284683810317086 |
Encrypted: | false |
SSDEEP: | 3:yLRmcsdRjpvn:yL/ajpvn |
MD5: | 53DB09D7614B4B6955F28504B9C062DC |
SHA1: | 7B326C34FA4639F2020C6BAD2A191CEB56A7DA27 |
SHA-256: | C27ECF6AAC261756BBEE5AA519D3AABC090314CFCD1C9CD06786AF8456EBBAE2 |
SHA-512: | C49D5D8C2C13AAC281AAFF07CD3176675D71CB1A9AAD5FAB5D5109A131A061C65208025C8D0D6D36142D0CDCD61432B6B8560E9363FEAE0994260FD126BC2CD0 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/help/Include/EMXWebsiteName.txt |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2618 |
Entropy (8bit): | 7.917905654499842 |
Encrypted: | false |
SSDEEP: | 48:7BS3d5gfYBLrat6w4MIQlGVGsHTmSoNSBXp0yhP21PgiAb4NX:WgfOBPM1luz67gjcl |
MD5: | 0D765F9D542BE474413B0468964C8B6D |
SHA1: | EC29369A72C7F050799AE0094266286CCCB0679B |
SHA-256: | F1C635C4782FCE1EEF7290194A81F790B0DC0655C6EAFDC43EB1498FD6B10295 |
SHA-512: | 2FF14ED86325965C6F765D6CCDF135E02BCE415D52FD53CE10F62AAABD02698259BDE331244091BC5B5554F05999232D830B122A01B0EA41FE024BA5A9D30B34 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/help/citilogo_branding_60x35.png |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4568 |
Entropy (8bit): | 5.026150010219114 |
Encrypted: | false |
SSDEEP: | 96:g9+AOA+izkrkUxSGV697hXbCzJmpuGDGxjR7uMhJZQeCFlpxyMUsja:ghL4rkASf97hX2a+NZNsja |
MD5: | EBCBB67D3E3830E928959EB68045E5C6 |
SHA1: | 465A31D9DC9366C57AE4BED9693BB21A27DE3DD6 |
SHA-256: | 52F9CBFC08D0A7FE241513EB503D97F052E9455A6E3796DFD12B3AAEEDB7C9A8 |
SHA-512: | DE96443CC9F0E8801F2EB57F45CD664D6CAB81EFF9C81D486989572F976F14DFF500189DF9EC99AD89D5876B59048930E00B73BDD1A83EDAC7960AC5445041EF |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/css/yui/css/container-ebcbb67d3e3830e928959eb68045e5c6.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 246 |
Entropy (8bit): | 5.203190120342505 |
Encrypted: | false |
SSDEEP: | 6:TMVBd/g/4hORq4FFc8LfXpEWxMLe5uJfT+UZzR3hR:TMHdthIDcaphxMkuZ+UR5hR |
MD5: | C40618B54F5DC062B162507AF9099FF5 |
SHA1: | 1879F330CD7541250C44B90A6F57AEE5C9007D1E |
SHA-256: | FA3D443A3C0C46C6DAE18732EDC04C5B0FCE8EAFC066C47CF0B28B34ED45B721 |
SHA-512: | 2CEB345C996342B86A8173E4D453E415F0B56469644E18CA599C3238262B9471698D501FD93B7ADED23D0C761CD1DD5DA697140BC2C84DC182182CF2690307E1 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 32461 |
Entropy (8bit): | 5.268643429515309 |
Encrypted: | false |
SSDEEP: | 384:pCwiEt7lcR8lOXHc11evBMzymUh+4y6Gk3KX0Sc7nfZBhVi:slEtiXHcEBMznURy6Gk3SkBhA |
MD5: | 48F332D9CE076957EC55C3E2DE09002C |
SHA1: | 3441975E52F1978B5307499E64331767E3B174E6 |
SHA-256: | 73DE6873B243CA33F83DE7D6FEC294BC1DFA7A1C9440BF05D3F14950D4F419A9 |
SHA-512: | 9F435674C2471AB59A9375DDBCFDE49ABFDEC1538772787B86BB58EBEC0FCDE1ADFE0BA7FFB01D5D753D179D22077534CAD286423039D8D6F3C64277EDFC7BCC |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/lib/jquery-ui/1.12.1/jquery-ui.min-0b5729a931d113be34b6fac13bcf5b29.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 15548 |
Entropy (8bit): | 5.293143563287801 |
Encrypted: | false |
SSDEEP: | 192:ti4ncR8lOG1bRCNPbtqxlhIuxrjv572hk/k52bZuQEjQDMsrsUR9P:tlcR8lOXHc11evs |
MD5: | 5581D20AA5062ED5C0B6048F68E76055 |
SHA1: | CF0560924A39F484D334498D5811836E4EC28E28 |
SHA-256: | AF16A2B37EDA9CA527A4BE50CD262D7BE26722C9A41A62C6F9984A4A4664C153 |
SHA-512: | A0CDB860EB208F5C820C7C16F3DE59B4AEF3A03420B1C9F09022D770F50DB13470A16D53D670C8BB0919ABF3BAA0B623A6ECF80DF103AF4D8F82EBBAF2BE3FDF |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/lib/jquery-ui/1.12.1/jquery-ui.structure.min-5581d20aa5062ed5c0b6048f68e76055.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 394 |
Entropy (8bit): | 6.9120485470354165 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPt07qMkaejxVQ6D4yBcNSEe+iZ2VVcdaTf0vid6lvjzIbCoWt+KtB5+ff/7:6v/7aqG6D41oEe+oVaTf3Ej1oJmgD |
MD5: | 6429449AF26F33E7D310707F93401BE5 |
SHA1: | 25205B961A7D93C130B3AC19B8A1A91AC87A7D39 |
SHA-256: | 957CD003BACFC3AFBADA7C8FA1C4FF06C7FF1213E458F003AD4A1EA5EC202A09 |
SHA-512: | E1A25B2BE1C5C804FB218C359FC22D52016148476C62EE4D76838EA214123D826D8F9ED71C234932902B4CAE7E5A21BF2461EE8BE59273992E42EB5AC4D4734E |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/images/help/bg.png |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 135 |
Entropy (8bit): | 5.086013101846766 |
Encrypted: | false |
SSDEEP: | 3:5RFKtK9m2iSlAvi0BAZkchvsPOcFSKP0JymKE0vsdJe5n:PIXm0gRv0R0JgvSe5n |
MD5: | 0C2E751C8B7E800EF063B8AF7D7AB037 |
SHA1: | 644E3AE8393907F20882D81F212DB578DDF26F21 |
SHA-256: | DBFDEC3A9160E064A64FE4264B3F7E94D0983BE3AA952296F8D88B4DE0AE2796 |
SHA-512: | 78D412D1E66E29469B27B0995EA7BB3F967CF871F26A5605D770022C7644F873D3E338E4F70E3453B8FB89E66C0904A778A208F53A47903CAE9606F0B95C9B30 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/custom.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 250 |
Entropy (8bit): | 4.921757621112411 |
Encrypted: | false |
SSDEEP: | 6:yL/3Fh0ytZrKH2LrWLO8UQGNlhHUFOiE2+8zhjDL8zj:iV+ytZrKHsKJUP0FOih+8zBX8zj |
MD5: | 1DAFCECD3FE7C3014190B095959CE484 |
SHA1: | EB42883133225034FAD3F07E8AE5D7B4DE52BD1A |
SHA-256: | 1EC72F03ADADA32D3106273631BB4EE98C13EF06172668DD08497167044E2387 |
SHA-512: | 0D78CCAE73C08859428497273765D560DC046A9543C0F17D9CE64C76CE5BA91B5DFD49C4C486760BC516224FEE5E1820CE7C00374A3242BFF9CABF67FA6081D3 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/help/Include/email.txt |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 111645 |
Entropy (8bit): | 5.238233881257157 |
Encrypted: | false |
SSDEEP: | 1536:ugxBXk/kfQFMcCvW1/EX7U7ychw+OgUTQWIhS9Qamo7+M8CkAWK9Zdpao707P/lz:BXtSV7ychw+DUTQaWr4pLrO9 |
MD5: | 617AEE75668310C75D23AEE0C3B39470 |
SHA1: | D845C3414C5A6579F97B694CDB5DC94B41F5C9D6 |
SHA-256: | AD541D1E0637B1825E1003F08269098A87048AE929AE6F45E3EA4C75461E10D4 |
SHA-512: | 73798E27921CE9261E5DD40E76D85B3CD4B822BD77E92A6062FB9272C93E763A6B9558BA2397CEB3DCAA888FA9DE0A479AB9AD8B691EA7842833B04199CFEFF7 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/css/emx-617aee75668310c75d23aee0c3b39470.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 202902 |
Entropy (8bit): | 6.343856116404981 |
Encrypted: | false |
SSDEEP: | 3072:I+t+A5t4nIbTOMjZUpyL175vPmazQXYIbbVaaKL/XbihFle5PZm34ehAMQ6nk:pt+AsnmqFpA7FmMQIIbbQxX+hFo5WUMQ |
MD5: | A0369EA57EB6D3843D6474C035111F29 |
SHA1: | 5BE5944A17E8B32589A12FDC2B8A8570C9081DB4 |
SHA-256: | 32501727BB23FC77615B1EC76B5F298EC22198C0F3D6A3E7D6FE4AC3CF315DB9 |
SHA-512: | FA38F5A543384762B98DE5A2AC50A506652522AB5052FFD533CDE8CB0789A281CA9693CA1EAC381A63A01DD318986351BE315E53811333C2F5158D7EA322BFC0 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/lib/font-awesome/5.13.0/webfonts/fa-solid-900-a0369ea57eb6d3843d6474c035111f29.eot? |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 8478 |
Entropy (8bit): | 5.705959923834961 |
Encrypted: | false |
SSDEEP: | 192:VkFzfrFxjschAifI+GUI+xLb6ckMCDjDIToI:VCnjsUxfFGUI4b6xdcUI |
MD5: | E283B6AEAA78BA7398D2C211675C4907 |
SHA1: | DCD896D6CA2526E871D38C7BB263A3D122230DC4 |
SHA-256: | 10CB44D679D90420F55EA018BBC87379F19A04A8193C39120D9F4F08FC3AF00C |
SHA-512: | A9B80FF6F81BDCE80131B40C544A36571939EBA93F259ADF1A47350CB0BB191B61FA46B18A3DA65E38021F0930FF3B67BFA4C6F985FB126CC26CEF8CD41AFC81 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/branding/citi/en_US/images/favicon.ico |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 5.195060039041692 |
Encrypted: | false |
SSDEEP: | 6:TMVBd/g/4hORq4FFc8LfXpEWxMLe5NfT+UZzR3hR:TMHdthIDcaphxMkl+UR5hR |
MD5: | D7EA014B92F8BE970149143674A3B706 |
SHA1: | 686A424D8BE360511BF707CA4A022BFFAD19BE50 |
SHA-256: | 57033BFF010B7A18A692C93A59D5402DF9D390413B877B34CA4A851C31D3C6C8 |
SHA-512: | 8CB5B845962EDA585E1236888469A2274DDA76D4091ABAF3A3EC54AD3E52646797BCDFBB6A381C674DA8882E9F3D3CBF8C35B0B82FEE860D05E98E7DB010E70A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 14234 |
Entropy (8bit): | 4.910931295609902 |
Encrypted: | false |
SSDEEP: | 192:tgGIzlzymUh+4y6Gk3KXt+xBm9v5B6xBpYPzFhCNBjVs5y6sybYw9QoFYx59BbAz:trMzymUh+4y6Gk3KX0Sc7nfZBhVi |
MD5: | 7FCCF8A29B8D5EE3B189D176060844B9 |
SHA1: | C1D6BB5DA1DDDE8EFDC37DDCC3FE07242A2C9BBF |
SHA-256: | 47C21A2BB94A45A20E808281EC55EDB5E18E39CCEBFA0241B6C09F88F575F5CF |
SHA-512: | 3FA24DF07A0A0D3F559602247D83979A099A745E17254611463BC3F01EA8B1AEE921636777B878B365C805EDA24AF9837F5AD6345E4697F68D7A44895A8DC0E4 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/lib/jquery-ui/1.12.1/jquery-ui.theme.min-c12cac44216cf877fd0c6903f3794407.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 18320 |
Entropy (8bit): | 5.285691068051606 |
Encrypted: | false |
SSDEEP: | 384:xXk+w7hwq/l7WssZf88hsbsIYlo4JFIjk8Yd4AfxQc6bsSQi/OL:Vk9loJhsoIYloUFIjm2Q |
MD5: | E50FA632490169CB2B40C194C235FE3A |
SHA1: | BCA5EDFEBB4117D004C6AC2381160F0AEFF298C7 |
SHA-256: | 617431D0D38A5613C5B409275DA7D70DB12DEEA308046CF89948ED5C95905536 |
SHA-512: | 96676CDAA3475BCD606167587E81675E1F51EA8D4949FBA3B8E374028AEB3B9079B882B84235DB933693D253A614980F730A12079D4C000807F650533E68FA72 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 6096 |
Entropy (8bit): | 5.214132763257284 |
Encrypted: | false |
SSDEEP: | 96:kIab+ZwpS9natScs68alqiObd4G82fWfrW2b/VWSS6VOLqB4/zx:kIab+ypYnatScs68alqEG82f6aKBV1Bk |
MD5: | 62AAB9B147A532D65ECD3031F51671A2 |
SHA1: | 6838D50E2BBB1BEFCE3BD66B5FBF0E11EDC8892D |
SHA-256: | 8D9BB8F4797A40846D5F2633F5BE29F2C38C3ACBE9B24DBC68A06BBFA830DE39 |
SHA-512: | 0CCD6E495538FC8480B3DE93CBDD7877E8959D5DFBC3ABB9286B0BDB3EBFEF610575E679A41FD8E91753D4DF2A0D5F5EF87D332B70F8BDC3107D2DF0494020CE |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/branding/citi/en_US/style_blue-62aab9b147a532d65ecd3031f51671a2.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 7116 |
Entropy (8bit): | 5.165438715962603 |
Encrypted: | false |
SSDEEP: | 192:Ccx8RbjMooRDyct8HM5uIsCNeQpNLf2gYdlA+j:xq9HMEYm+u |
MD5: | 261F536F2FA9D1391F8F0197EB51CD97 |
SHA1: | 70CC11402921FDC4421636AE6DF5A49758E54866 |
SHA-256: | 1BF059CE6E4D151DB11AF9FD354D5284ED5E51A51C4BC82938D03DE9A6A40FF7 |
SHA-512: | C7143326D8E96C50CC25F0F83683B8A796852745119AA3AAAEE5C914211F532BF7277CBFC2539D3CB28716D4DDB5EFAF0508FE0C32893EDEF33FA89EAA731E1F |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/help.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3946 |
Entropy (8bit): | 5.10928947659416 |
Encrypted: | false |
SSDEEP: | 96:tCbdyRa1xmwi63X18iubDyRWFL5SR470si1s3:t0QRP63F8iubDyYFoO70H23 |
MD5: | A2A91170178049A4A67597B76D340EBF |
SHA1: | 7E2DD24E4CEF8BF6897E03208B3D601E24A86FAD |
SHA-256: | C12EA545F852992543D006A546BD28C84108E3404EC51892723C37BD29F87BE8 |
SHA-512: | 85153F0343D20634AF2AF6E2845A86210B465876879E5CA6A933CBAE58F663D2291005D28C905DD7F22FC2F5D629D65193F3720B612EA8419D26839D4E3E59B9 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/scripts/language-menu.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3839 |
Entropy (8bit): | 4.938134075803056 |
Encrypted: | false |
SSDEEP: | 48:g9+Ac2j4LG9XVLECmB53I5s/e5BT05BlBZV5BSw+56t/5Btv:g9+Ac28LG9XVLEX73Os89CjBZnV0Ghjv |
MD5: | F601F344CD1FE72EB18EB9D46D2EAEAE |
SHA1: | E3BBD4A6DF9B67634FA241401B56AE37910EBEFA |
SHA-256: | 6C60E9D0D7240F23A1BA4FB471D142AB62BC10009A3C3370EBB1CA7DDA7F24B0 |
SHA-512: | EC88A7E415D9BBCF094CE6F9E2F938D501DF9D98D835E6802E50242AF9F445BD87A5AD70D64ED0252A99864D734F4823854A39DDC158A7D6FA1E494F0C8A3417 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/css/yui/css/button-f601f344cd1fe72eb18eb9d46d2eaeae.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 45260 |
Entropy (8bit): | 5.418204111935822 |
Encrypted: | false |
SSDEEP: | 768:1aRQYBWn5tJz8pxd6nCx4PXjOt1uyTkkcww7L10ocdDgDfoSbdneqoWHg2qMNU6z:yQYCnJQpxd6nCx4PX4uyTkkcww7L1pcu |
MD5: | 2CF685886A94F456479DB5FBBE946265 |
SHA1: | AD4210E99CA36BA17B5968E593B82CCC77BF9B15 |
SHA-256: | 4AE55512746537BD8653F576CE77A56A889A912BB19863C55C8468FFF150CDB8 |
SHA-512: | 30F1EB45DAA38B6D66BD6803A01D037769D182024A294DF651E49936781BB50511806EE651B1EDF9114D6C41DF8F976DBA745F99FE02E7B82AD195B71EBFFB76 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/js/emx.min-2cf685886a94f456479db5fbbe946265.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 253669 |
Entropy (8bit): | 5.142891188767758 |
Encrypted: | false |
SSDEEP: | 3072:FkHOJD1g7SV7opRBbDrtnAcKYvFJi/5PLO1aG0qF2/nwOW16j:q9/KvjOVlFYQ16j |
MD5: | C15B1008DEC3C8967EA657A7BB4BAAEC |
SHA1: | 78489E580ADAEF931E6E5B131DAB556C397E4A1A |
SHA-256: | 28CE75D953678C4942DF47A11707A15E3C756021CF89090E3E6AA7AD6B6971C3 |
SHA-512: | BADA3D9A5433AECE7D57020B70B89161E2CA3CF6D2FDB4FBD5D6BF38405813071D35493C8D8232F83D7BE91628A29D436BE7FD9AF918AE68F93022D9584B50B8 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/lib/jquery-ui/1.12.1/jquery-ui.min-c15b1008dec3c8967ea657a7bb4baaec.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 89476 |
Entropy (8bit): | 5.2896589255084425 |
Encrypted: | false |
SSDEEP: | 1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1 |
MD5: | DC5E7F18C8D36AC1D3D4753A87C98D0A |
SHA1: | C8E1C8B386DC5B7A9184C763C88D19A346EB3342 |
SHA-256: | F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D |
SHA-512: | 6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/lib/jquery/3.5.1/jquery.min-dc5e7f18c8d36ac1d3d4753a87c98d0a.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 8186 |
Entropy (8bit): | 7.759274877386528 |
Encrypted: | false |
SSDEEP: | 192:3jI/XhC9TKD1EnwGWcRRzrECyqUlFkbkxActICAcKL3z:3jIPh0aEwGWcR1yqUlFkqAcCcKjz |
MD5: | 6E1CB94279F139AAC29029F22288696D |
SHA1: | 011AC25B0CB2B25B20E85450B7F8F50456589407 |
SHA-256: | F788F187704E40BB8349E540340A0748A27E3A0EF000F4E575D6DCC1DF1C63B7 |
SHA-512: | 17B7B3148CA367FD2E37C226FC8D46E4E97120A88B117058F4BAB572E049E40A483431775209282E95C236579C611A190477AA07FE9232757693A57E4959791B |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/branding/citi/en_US/images/web_logo-6e1cb94279f139aac29029f22288696d.gif |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1062 |
Entropy (8bit): | 5.123047782201432 |
Encrypted: | false |
SSDEEP: | 12:UMMdHdfv34NKFLRj5zR0cdnV8ejtz4WLe6/4LBnc8POcLkD2Sxnn:g9fgNKFLRj5zRdEeBXCcIg3n |
MD5: | 86435AD2C45F02F39E1514F9ADE336AE |
SHA1: | 0EA89B453C754B559F6BC943C9E4895D0CB3FF93 |
SHA-256: | 44D3F86F07C617EEF81A9A1C4D2AC32BCE9E39A4E3A97144205F8E754D2CBCC2 |
SHA-512: | DBB2FCDFE49E01105CBD75B4CD72E563E5FE1D7DEACB9F5F651DA9F61C0B6664A39A598C4107851F12F11CCA38AA5F8DF15B2664B9324EEAFB44A097B971305F |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/css/yui/css/autocomplete-86435ad2c45f02f39e1514f9ade336ae.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5493 |
Entropy (8bit): | 7.7035084703150165 |
Encrypted: | false |
SSDEEP: | 96:G75u2qwUw5Q5HrX/9ekNqhtN60D5LVbmMiLGl6QV2anQ0bUUXaYhsaTMWREUKKDt:GwwUkQ9jFIPN6kPiMSGlHQwNRDPt |
MD5: | D3DE6F4BC837FC5CB9539266FD89D654 |
SHA1: | F9559568F6EA916F795355A0F9AD1BCF834E3503 |
SHA-256: | B72A8F8B7ED769364F1B0930373CD92BC39E94A9347221CB68CD449A09B4B031 |
SHA-512: | E35D996BE807093446CBD12BC7E7DEA9CBD4B33CCF65AE0F3AE80AD0AD934A618E4AEA4A06A717AFB391461C3EEE2519D7DDAFDBDEB6EC42A6D1BF7C1B285198 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/images/emailBanner.gif |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4359 |
Entropy (8bit): | 5.158727486978279 |
Encrypted: | false |
SSDEEP: | 96:PkiSJH010HbHarxhfCU4jZbtYR14yH2Ir7t11EsVeB5qbViN7:PNSu107SDfCU4sRWIt11EsVeB5Ca7 |
MD5: | 99B6AC1D0DA523A6F6F1EF6244752446 |
SHA1: | E2DE5597EB485C1CDC1667269517A711E6D0E8FB |
SHA-256: | 038A0E3C2BA3281E2704700B08DACF852AF50E2DDC2B4B1230082500EB8EC488 |
SHA-512: | 613E60B76EBEA461AB9C748B82245252492362390CA91F1D6858B4735EFA0AA190DF9C813554B24B23C7CCEA7D9B9F2BF2BE5B6F33BB4A4794AAAE40A007C692 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net/brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=emx/help/notice_privacy.html |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 303 |
Entropy (8bit): | 6.7535255176993525 |
Encrypted: | false |
SSDEEP: | 6:l/RSTLmGL56CTAgvHiFBR05MDW6Nb/ctRjFVR5BKHKkF:t8WGdpUBR5WMYtFFVRHvs |
MD5: | AD21C00038129400787AD15B4C33C75C |
SHA1: | A2343F8FBCF583CF44FF80DDE7467CF53626953D |
SHA-256: | 9F71F8A636B526DF03F0BF527EA25A27F7B670DADA8EDC196383B2C69ECE8814 |
SHA-512: | 79433DDE1B9D7F9577F0956DFD3C37F75210D81C5C9E76DFB06967DD339F19BAB1DC6E0EA36EB13D58D5A4FFE884AACEDC31D8E3772A500CECE8E0628E0C0DFD |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/images/help/bullet.gif |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 8072 |
Entropy (8bit): | 5.256304171192274 |
Encrypted: | false |
SSDEEP: | 96:SvgOcWu/o66xeCT79XLfstErR0OSaV33UmPG95xQN3:SYOcJ/Sxeo7NLfKErbjO95xQ9 |
MD5: | 240DC934A256036F3576AE6BB2C4761D |
SHA1: | 6A0A3253B884154F5F28B2E7153DE7EBDF2F37E8 |
SHA-256: | F1F7816505A6CD4ACE2FD7457967DC7CA4B6D8383C49EAAA4E3819632217EABE |
SHA-512: | 44933D9BD2CEB58A30E8131E047AC7764A11A8E3AB72CD72DAAB265EBC613725B37E61DEF477DF39F0B2EF29BDDF8E160AB05CCA5BA4720F4D229C09FE0936B9 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net/brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=emx/help/index.html |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 135 |
Entropy (8bit): | 5.086013101846766 |
Encrypted: | false |
SSDEEP: | 3:5RFKtK9m2iSlAvi0BAZkchvsPOcFSKP0JymKE0vsdJe5n:PIXm0gRv0R0JgvSe5n |
MD5: | 0C2E751C8B7E800EF063B8AF7D7AB037 |
SHA1: | 644E3AE8393907F20882D81F212DB578DDF26F21 |
SHA-256: | DBFDEC3A9160E064A64FE4264B3F7E94D0983BE3AA952296F8D88B4DE0AE2796 |
SHA-512: | 78D412D1E66E29469B27B0995EA7BB3F967CF871F26A5605D770022C7644F873D3E338E4F70E3453B8FB89E66C0904A778A208F53A47903CAE9606F0B95C9B30 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/branding/citi/en_US/custom-0c2e751c8b7e800ef063b8af7d7ab037.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 51 |
Entropy (8bit): | 4.603222890736579 |
Encrypted: | false |
SSDEEP: | 3:8XFtF/kGOCXLFSKPElvn:8VtF/k8hRKv |
MD5: | 4EF20B6C3169FFA786832A9C1310290A |
SHA1: | E05A6502BCE8182A2B0D3632E74D5D19D321F650 |
SHA-256: | ADF54AC3878188A8D5726392495B45AD8445908E51FC4F045A4C0E11AD9DCE5E |
SHA-512: | A1E5DE9049237824D59F895FFADEAA1EDF8267D2F51D3596F1213C808FC5238BD0A02E69CDCB4034DB575D705C988012F1D0735BB1D186ACF001F4DD9C9E7489 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/branding/citi/en_US/enterprise-4ef20b6c3169ffa786832a9c1310290a.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 34390 |
Entropy (8bit): | 6.319197647841965 |
Encrypted: | false |
SSDEEP: | 384:iNILLtPRwpXUazLuDULbN1TH/u9k4jx3I+89AyI6WcRwkDcQUd:iGLJPXy6DO7/uFx29uc5DcQUd |
MD5: | 261D666B0147C6C5CDA07265F98B8F8C |
SHA1: | 6299F0E32575F73D8D897F87CE899827F99E20FE |
SHA-256: | 01F4416F5DB59E2DD6B6FBD9DC32336D99DB18F7EB623A49F584D04AFD279473 |
SHA-512: | 9DB95A9FA6BF3899D6DD419EAB879B2B18C6D166913AA51CCB9B4D2C0D0BAA4A531B666CCE51F6CE99BD88861B4C33DF804179233DB439D8F86CE2A584E7577F |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://securemailcenter.citigroup.com/lib/font-awesome/5.13.0/webfonts/fa-regular-400-261d666b0147c6c5cda07265f98b8f8c.eot? |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 0.2886623259542523 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA+:kBqoxxJhHWSVSEab |
MD5: | B183189BDD15A7D7F3D8EB0DD9CAC415 |
SHA1: | 33B336039A349E033785533B70A4D0F7F71E44A2 |
SHA-256: | E1F732D31CF50545326D9CD53A8BF94E5A54B45EF105139D2B1320491B1FA759 |
SHA-512: | 4683D366330A486C9141857E0FFA6BDE5D1C4F070FA4BA165BC1041B0B1EA44D279B0C8CF32D4EF4DD49F9E52AD3D58E4B689278F671325059A78D0D04C3D955 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13029 |
Entropy (8bit): | 0.478811998390912 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loQs9loQ89lWQ+e:kBqoISM7e |
MD5: | AE2562DD75DCD7B4D117AC44FC37F9FC |
SHA1: | E78D586B1DFC59A69073EA7BB96F6E29CC8856D7 |
SHA-256: | 700825D33AE8ECD3D602F2A1E85BB378EB5AEA7BDB48E42D9ED9CEF24291414E |
SHA-512: | 623C65FF2003F87ABFCD81843BFA0D4DF981DDE5AF3E0CC9C72677FE2404177C785ED028C8E8B6DC807191FB5353FC0C4F876B796877D2C921136FFB8437E6EF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 55837 |
Entropy (8bit): | 1.0610001234443878 |
Encrypted: | false |
SSDEEP: | 192:kBqoxKAuqR+uoCLYL31vRTt++SqKH4Yn:kBqoxKAuqR+uoCLYL31vRTt++RKHn |
MD5: | A21F31F8A60DF4F1230B94F99D73D8B3 |
SHA1: | 0F9FC6054B56D42ACC6BB9041633928474639721 |
SHA-256: | C967CFF92D671F82272078CF32068795CE1A674B120229CBC07A15B7C07DF607 |
SHA-512: | 890784D26DFBADD1BD755CAF6590ADB559CDEB6BD9036B4F6DB7EB388D675D48EEDD9FD105B05EAA323B33148B3731987B2A0A88CE3D881AC3CFD741FE605550 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 11, 2021 06:49:56.094729900 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.095328093 CEST | 49689 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.384412050 CEST | 443 | 49690 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:56.384510040 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.384960890 CEST | 443 | 49689 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:56.385036945 CEST | 49689 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.390820026 CEST | 49689 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.390849113 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.680340052 CEST | 443 | 49690 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:56.680372000 CEST | 443 | 49689 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:56.681737900 CEST | 443 | 49689 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:56.681792021 CEST | 443 | 49689 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:56.681806087 CEST | 49689 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.681829929 CEST | 443 | 49689 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:56.681848049 CEST | 49689 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.681869030 CEST | 443 | 49690 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:56.681879044 CEST | 49689 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.681907892 CEST | 443 | 49690 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:56.681940079 CEST | 443 | 49690 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:56.681938887 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.681966066 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.681988001 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.713778019 CEST | 49689 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.722011089 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:56.724613905 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:57.005264044 CEST | 443 | 49689 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:57.005346060 CEST | 49689 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:57.013478041 CEST | 443 | 49690 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:57.013590097 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:57.055157900 CEST | 443 | 49690 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:57.115231991 CEST | 443 | 49690 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:57.115287066 CEST | 443 | 49690 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:49:57.115510941 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:57.115535021 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:57.118899107 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:49:57.408561945 CEST | 443 | 49690 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:50:03.273164034 CEST | 443 | 49690 | 124.47.150.19 | 192.168.2.5 |
Jun 11, 2021 06:50:03.273416042 CEST | 49690 | 443 | 192.168.2.5 | 124.47.150.19 |
Jun 11, 2021 06:50:03.504235983 CEST | 49692 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.505028009 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.665467024 CEST | 443 | 49692 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:03.665662050 CEST | 49692 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.666475058 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:03.666565895 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.668102980 CEST | 49692 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.668723106 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.827822924 CEST | 443 | 49692 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:03.828197002 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:03.828721046 CEST | 443 | 49692 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:03.828793049 CEST | 49692 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.828797102 CEST | 443 | 49692 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:03.828844070 CEST | 443 | 49692 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:03.828855038 CEST | 49692 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.828896046 CEST | 49692 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.829139948 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:03.829197884 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.829276085 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:03.829317093 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:03.829334974 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.829360962 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.845221996 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.845367908 CEST | 49692 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:03.845624924 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.004843950 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.004872084 CEST | 443 | 49692 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.004916906 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.005758047 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.005804062 CEST | 443 | 49692 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.005865097 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.005883932 CEST | 49692 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.051529884 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.051574945 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.051614046 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.051636934 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.051644087 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.051660061 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.051681042 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.051686049 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.051702976 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.051727057 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.051729918 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.051759005 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.051784039 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.051800013 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.051806927 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.051831007 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.051856995 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.051876068 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.051887989 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.051892996 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.051894903 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.051943064 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.161953926 CEST | 49692 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.164408922 CEST | 49694 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.165378094 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
Jun 11, 2021 06:50:04.165467024 CEST | 49693 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.165524006 CEST | 49695 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.169894934 CEST | 49696 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.170763969 CEST | 49697 | 443 | 192.168.2.5 | 192.193.154.4 |
Jun 11, 2021 06:50:04.211533070 CEST | 443 | 49693 | 192.193.154.4 | 192.168.2.5 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 11, 2021 06:49:47.233748913 CEST | 53183 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:47.298500061 CEST | 57587 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:47.307609081 CEST | 53 | 53183 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:49:47.351597071 CEST | 53 | 57587 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:49:47.419120073 CEST | 55432 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:47.472702026 CEST | 53 | 55432 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:49:48.216774940 CEST | 64936 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:48.268261909 CEST | 53 | 64936 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:49:49.468161106 CEST | 52704 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:49.520375967 CEST | 53 | 52704 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:49:50.394870043 CEST | 52212 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:50.448297024 CEST | 53 | 52212 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:49:51.934879065 CEST | 54302 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:51.985441923 CEST | 53 | 54302 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:49:53.051465988 CEST | 53784 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:53.104774952 CEST | 53 | 53784 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:49:54.014332056 CEST | 65307 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:54.066092014 CEST | 53 | 65307 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:49:54.785029888 CEST | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:54.844919920 CEST | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:49:56.023930073 CEST | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:56.082779884 CEST | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:49:56.188960075 CEST | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:49:56.242981911 CEST | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:03.358515024 CEST | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:03.502576113 CEST | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:13.271380901 CEST | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:13.420362949 CEST | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:14.612629890 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:14.681474924 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:17.418518066 CEST | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:17.484755993 CEST | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:24.798872948 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:24.849443913 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:25.621675968 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:25.682660103 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:25.821194887 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:25.880239010 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:26.733305931 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:26.783610106 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:26.821121931 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:26.871767044 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:27.760900974 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:27.819545984 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:28.869348049 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:28.928229094 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:29.777456045 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:29.827857018 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:32.884434938 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:32.936227083 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Jun 11, 2021 06:50:33.790391922 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Jun 11, 2021 06:50:33.840529919 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 11, 2021 06:49:56.023930073 CEST | 192.168.2.5 | 8.8.8.8 | 0x204 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 11, 2021 06:50:03.358515024 CEST | 192.168.2.5 | 8.8.8.8 | 0xbcc3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 11, 2021 06:50:13.271380901 CEST | 192.168.2.5 | 8.8.8.8 | 0xbd07 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 11, 2021 06:50:17.418518066 CEST | 192.168.2.5 | 8.8.8.8 | 0xedb0 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 11, 2021 06:49:56.082779884 CEST | 8.8.8.8 | 192.168.2.5 | 0x204 | No error (0) | 124.47.150.19 | A (IP address) | IN (0x0001) | ||
Jun 11, 2021 06:49:56.082779884 CEST | 8.8.8.8 | 192.168.2.5 | 0x204 | No error (0) | 103.13.69.19 | A (IP address) | IN (0x0001) | ||
Jun 11, 2021 06:50:03.502576113 CEST | 8.8.8.8 | 192.168.2.5 | 0xbcc3 | No error (0) | 192.193.154.4 | A (IP address) | IN (0x0001) | ||
Jun 11, 2021 06:50:13.420362949 CEST | 8.8.8.8 | 192.168.2.5 | 0xbd07 | No error (0) | 192.193.154.4 | A (IP address) | IN (0x0001) | ||
Jun 11, 2021 06:50:17.484755993 CEST | 8.8.8.8 | 192.168.2.5 | 0xedb0 | No error (0) | alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Jun 11, 2021 06:50:17.484755993 CEST | 8.8.8.8 | 192.168.2.5 | 0xedb0 | No error (0) | 3.17.15.199 | A (IP address) | IN (0x0001) | ||
Jun 11, 2021 06:50:17.484755993 CEST | 8.8.8.8 | 192.168.2.5 | 0xedb0 | No error (0) | 3.142.104.20 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jun 11, 2021 06:49:56.681829929 CEST | 124.47.150.19 | 443 | 192.168.2.5 | 49689 | CN=*.mimecast.com, O=Mimecast Services Limited, L=London, C=GB CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US | CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Fri Feb 19 01:00:00 CET 2021 Thu Sep 24 02:00:00 CEST 2020 | Wed Mar 23 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US | CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Thu Sep 24 02:00:00 CEST 2020 | Tue Sep 24 01:59:59 CEST 2030 | |||||||
Jun 11, 2021 06:49:56.681940079 CEST | 124.47.150.19 | 443 | 192.168.2.5 | 49690 | CN=*.mimecast.com, O=Mimecast Services Limited, L=London, C=GB CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US | CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Fri Feb 19 01:00:00 CET 2021 Thu Sep 24 02:00:00 CEST 2020 | Wed Mar 23 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US | CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Thu Sep 24 02:00:00 CEST 2020 | Tue Sep 24 01:59:59 CEST 2030 | |||||||
Jun 11, 2021 06:50:03.828844070 CEST | 192.193.154.4 | 443 | 192.168.2.5 | 49692 | CN=securemailcenter.citigroup.com, O=Citigroup Inc., L=New York, ST=New York, C=US, SERIALNUMBER=2154254, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Thu Mar 12 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013 | Sat May 21 14:00:00 CEST 2022 Sun Oct 22 14:00:00 CEST 2028 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Tue Oct 22 14:00:00 CEST 2013 | Sun Oct 22 14:00:00 CEST 2028 | |||||||
Jun 11, 2021 06:50:03.829317093 CEST | 192.193.154.4 | 443 | 192.168.2.5 | 49693 | CN=securemailcenter.citigroup.com, O=Citigroup Inc., L=New York, ST=New York, C=US, SERIALNUMBER=2154254, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Thu Mar 12 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013 | Sat May 21 14:00:00 CEST 2022 Sun Oct 22 14:00:00 CEST 2028 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Tue Oct 22 14:00:00 CEST 2013 | Sun Oct 22 14:00:00 CEST 2028 | |||||||
Jun 11, 2021 06:50:13.840441942 CEST | 192.193.154.4 | 443 | 192.168.2.5 | 49700 | CN=securemailcenter.citigroup.com, O=Citigroup Inc., L=New York, ST=New York, C=US, SERIALNUMBER=2154254, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Thu Mar 12 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013 | Sat May 21 14:00:00 CEST 2022 Sun Oct 22 14:00:00 CEST 2028 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Tue Oct 22 14:00:00 CEST 2013 | Sun Oct 22 14:00:00 CEST 2028 | |||||||
Jun 11, 2021 06:50:17.791421890 CEST | 3.17.15.199 | 443 | 192.168.2.5 | 49702 | CN=*.ssm.echoworx.net CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Tue May 25 20:53:28 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021 | Mon Aug 23 20:53:28 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 | |||||||
CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Jan 20 20:14:03 CET 2021 | Mon Sep 30 20:14:03 CEST 2024 | |||||||
Jun 11, 2021 06:50:17.800472975 CEST | 3.17.15.199 | 443 | 192.168.2.5 | 49703 | CN=*.ssm.echoworx.net CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Tue May 25 20:53:28 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021 | Mon Aug 23 20:53:28 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 | |||||||
CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Jan 20 20:14:03 CET 2021 | Mon Sep 30 20:14:03 CEST 2024 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 06:49:53 |
Start date: | 11/06/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7db200000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 06:49:54 |
Start date: | 11/06/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1090000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|