Analysis Report https://protect-au.mimecast.com/s/8ti1C71ZgjCjGK56cWI7kq?domain=pr.ssm.echoworx.net
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | File opened: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com | 3.17.15.199 | true | false | high | |
protect-au.mimecast.com | 124.47.150.19 | true | false | high | |
pr.ssm.echoworx.net | unknown | unknown | false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
124.47.150.19 | protect-au.mimecast.com | Australia | 17477 | MCT-SYDNEYMacquarieTelecomAU | false | |
3.17.15.199 | alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com | United States | 16509 | AMAZON-02US | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 433025 |
Start date: | 11.06.2021 |
Start time: | 06:49:02 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://protect-au.mimecast.com/s/8ti1C71ZgjCjGK56cWI7kq?domain=pr.ssm.echoworx.net |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@3/18@3/2 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30296 |
Entropy (8bit): | 1.8542030625178114 |
Encrypted: | false |
SSDEEP: | 96:r2ZJ7Z22yWatdAf11B1MHZT1TRc+fh1AlX:r2ZJ7Z22yWatGf11MZP9fhsX |
MD5: | 98D1CC7AB3008F6EDCC4887BE169F6B2 |
SHA1: | 330D51271FD8B73AF5FCC364C73386015AA6DD0E |
SHA-256: | B2E025CB4B8015BD6ABA01D9DBC4FA2F29D4C7A3000BF045C6125F2126EBAC45 |
SHA-512: | D45213B07FA890BD171E36E612A9B09AF62C7A1D1F237EDBC6162745A66C6E83043AD0D6086BE78BD95B247D38C83845BA8CA6F539CC5D71B2069EC02046111E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24352 |
Entropy (8bit): | 1.6654547840497167 |
Encrypted: | false |
SSDEEP: | 48:IwaGcpr7jGwpafG4pQfGrapbSwGQpBOGHHpcXTGUp8iGzYpmKvGop10/fsSZGP8g:reZJQx6jBS4jd2hWeMm7PGg |
MD5: | 270CA8896E61901D2C3597D599378727 |
SHA1: | 50C33F76CDC1F6630B68129B7BC4A223A2A3B616 |
SHA-256: | A6C62DF1728D551614E497EB3C59B48888B3167BDB9267A285035626727A5E1D |
SHA-512: | C02C15AF500E7D72DB68109135363769070D786EB62FA7D47263C16CAF7CDCE984D732D41EB1C35CA4E05E2F6B29CA258DE71616F0DC2D5486B9FB04A528DE03 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5659408419736596 |
Encrypted: | false |
SSDEEP: | 48:IwnGcprOjGwpavG4pQhGrapbSrGQpKpG7HpRwTGIpG:rNZiQh6xBSFAITkA |
MD5: | 10BAA0203E4E1C76C1BD5456CFB8ADC4 |
SHA1: | 3DB0A81672D85BC317E929E590DD1186E9B91BEE |
SHA-256: | EDCBDE54139CA1AC44772A388ADEADD388124EE2271E02943647108F99E3293C |
SHA-512: | 9F5D0880807AC84FB6E4A570C4D5A5CCA044730B08B0BB0EB3C2E12C5D5B0AADD638D84D5FE4C783B3D2ED2B9485529BD7017481711A505CDEDC09A25D9E7A7E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.081817752116938 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxOEGOnWimI002EtM3MHdNMNxOEGOnWimI00OVbVbkEtMb:2d6NxO4SZHKd6NxO4SZ7V6b |
MD5: | 32068C8D228C03C686D38F6BF1C24920 |
SHA1: | B192E58D1E9F532F9B929051124A7562FE893F91 |
SHA-256: | 54070EF8F96637350F32E9C7C36C21901946E275C8068C3177FA1AEB5076825C |
SHA-512: | 57C0C18B9C999F91BB8A8D0A89ED74EBF8E4E5D0C17D491B6590FC9B87B1B631414FFBB8732619ED4E30DF065BA3A6DE30CE5E7458E59A658AAA17AE28DA82E1 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.089896047179206 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxe2keioMnWimI002EtM3MHdNMNxe2keioMnWimI00OVbkak6EtMb:2d6Nxr2SZHKd6Nxr2SZ7VAa7b |
MD5: | 4C1B73BFD936285EC8229EE1F31E1D3A |
SHA1: | B6ED175CCF1E993CEBE8FBF0171952CAA53ADD83 |
SHA-256: | B75CC5597613C9779AB4C02DCD2DCC6212CF7C883095A0AB9B91B172FDE0A19A |
SHA-512: | 9FDA7F3D43EA2A852B02E899A67165ADA764A4E6E8B0F4A8C518D533C76B469DDB74369E12BF07CBFB01F39035A7221BA8045BC3C6E48F64AB57F1B9FD5DD413 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 665 |
Entropy (8bit): | 5.099914895563024 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxvLGOnWimI002EtM3MHdNMNxvLGOnWimI00OVbmZEtMb:2d6NxvRSZHKd6NxvRSZ7Vmb |
MD5: | A63FC11287365AF8EC53A2210F774331 |
SHA1: | D18CC658592F016CF560AFD79D40560F13BD3474 |
SHA-256: | B9DA91C3EDF3DF051F82053748CB614F66428A82891F14F1F55AA213464CC305 |
SHA-512: | B77CB5B4DF8BD5CB313E1F5A5E326769C4D47C06527455EAA313FD6A11F010A2B5C0A02B93A6174394C4D9386DCCDEC383AEE33993C99CA7501F4A966DEB6540 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 650 |
Entropy (8bit): | 5.09723889880327 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxiGOnWimI002EtM3MHdNMNxiGOnWimI00OVbd5EtMb:2d6NxuSZHKd6NxuSZ7VJjb |
MD5: | E756115ADD09EC8380173C251F31DD9B |
SHA1: | B582204CB74F0C95380968A38B0B923CC11119DC |
SHA-256: | 0A651A1840131D57A5FFE3D5E33BA10415FD0C41F90EDF3A7DBAEB2053DB0D99 |
SHA-512: | 43D1C6E256A07D46FEA91FB9FE340821D9C71B233D07FE9318C72BF5DD9A0B303D8D73EEA1C678ABE81EAFE4EDB8B4DD95C13806829B5D2A6177C3974FA5A571 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.1129820777831085 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxhGwGOnWimI002EtM3MHdNMNxhGwGOnWimI00OVb8K075EtMb:2d6NxQcSZHKd6NxQcSZ7VYKajb |
MD5: | D8D15A6B0D0EC81E3EB2D3EC04C04EAA |
SHA1: | 33C2B1923DADD384DC6847823F68BEEF5678575E |
SHA-256: | 45F6158AA83FFD4E3968C1203FFC2FFA1B0E2BF17043EF47985E3B8C2129F276 |
SHA-512: | 08379275746E07A259A7283F155273A657F2CB8570679374C75605B9EC8C88420D086ECEEFA1AA7B88B676BE538903AFF87288E7FB3F419BD952825F00AF9CBC |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.0830301930589075 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNx0nGOnWimI002EtM3MHdNMNx0nGOnWimI00OVbxEtMb:2d6Nx01SZHKd6Nx01SZ7Vnb |
MD5: | C56F7186749427532AD6DFD08CB6EEEF |
SHA1: | D431D2E40E03F1CB55B415AD37FB0A86E829200A |
SHA-256: | 265DE9F7F14B38481D524CE51EF4883B4060521A753B416B5DA43A721B7DFA6D |
SHA-512: | 3DCE0A9AC6D3B1693881041DC4F16A3401407B02624C4436A6597D36853D22B9D849F64A199FC9275778133F90F2818C0EBD75ADFF4D298ED1EB730E07223CC0 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.121618854079136 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxxGOnWimI002EtM3MHdNMNxxGOnWimI00OVb6Kq5EtMb:2d6NxvSZHKd6NxvSZ7Vob |
MD5: | 3A9B9EA3F160EBA02CAAC1E3BA641303 |
SHA1: | 85FDDC16D9AA9FD2B26569207EE34BDD6DD3E7B4 |
SHA-256: | 67B8619A2C43770DC2299980B95EEF119C2126175914B63D43BB8AC4B08D6CB9 |
SHA-512: | 4E004E85CA36DACB145B8101B3DA6E2E5A17F9E6046C7ED26876185AF560D4A03FFDD2E42A66A58B3B5AC63CC78CA5676F64CDC01840FC7D7C89BF6FF7F294F9 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 662 |
Entropy (8bit): | 5.091938853991822 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxceioMnWimI002EtM3MHdNMNxceiOnWimI00OVbVEtMb:2d6Nx+SZHKd6NxjSZ7VDb |
MD5: | 8D1A2DB4FB26C17A195704E30BB29858 |
SHA1: | 3D184FB5A82DDDE493DCC30926391FCFAA3E553A |
SHA-256: | 7F7D40A50ECF921837B0926B08618A05A0E32E016FCBBBEAF286F75E3965C8C3 |
SHA-512: | A16AF3743859756D65D49A8769AE3BF29DDF8A674ADCF57B6B468454D41ECBA16734DE2C650A14722969E3C93B665FF5B5374C0296466211C1FD8353EAEAAF8E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.082779872538658 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxfnGOnWimI002EtM3MHdNMNxfnGOnWimI00OVbe5EtMb:2d6Nx9SZHKd6Nx9SZ7Vijb |
MD5: | 1C87B1182ACEFE801B00CB8AF971ED95 |
SHA1: | DF0B69BF41261DD60E5F919929E3BD7177FDDC3D |
SHA-256: | 9D621E0827EBDAF741BF38EFC5F795FB005EB4DA8A948D867524B30301A5A384 |
SHA-512: | A051562FAA747DECB4B579913373C6BD962807117549EC5B63460DEA48BBF4578BEBD9089A2D2EB36338CDE2BA808AF390692ACA30B5BE6C42B83D743738998F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 246 |
Entropy (8bit): | 5.218638368552994 |
Encrypted: | false |
SSDEEP: | 6:TMVBd/g/4hORq4FFc8LfXpEWxMLe56R/DfT+UZzR3hR:TMHdthIDcaphxMk6RX+UR5hR |
MD5: | 149DFA4D944224CEE584064F50462B60 |
SHA1: | 99C0188CCF526518AEA06E8A012C466852F91366 |
SHA-256: | D8B1526B1CEAF780C3162E67D4D8C46A0D50575345C6432E0422944053DE2630 |
SHA-512: | 384749670F8A1798C606BF54D8060A60740CB6AA528D8E353A774D4099A63A8E3448BB9B12C455589B389688BB9348F809A47463F4F675FE4E7FD6237E7159E8 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net/favicon.ico |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2618 |
Entropy (8bit): | 7.917905654499842 |
Encrypted: | false |
SSDEEP: | 48:7BS3d5gfYBLrat6w4MIQlGVGsHTmSoNSBXp0yhP21PgiAb4NX:WgfOBPM1luz67gjcl |
MD5: | 0D765F9D542BE474413B0468964C8B6D |
SHA1: | EC29369A72C7F050799AE0094266286CCCB0679B |
SHA-256: | F1C635C4782FCE1EEF7290194A81F790B0DC0655C6EAFDC43EB1498FD6B10295 |
SHA-512: | 2FF14ED86325965C6F765D6CCDF135E02BCE415D52FD53CE10F62AAABD02698259BDE331244091BC5B5554F05999232D830B122A01B0EA41FE024BA5A9D30B34 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/help/citilogo_branding_60x35.png |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4359 |
Entropy (8bit): | 5.158727486978279 |
Encrypted: | false |
SSDEEP: | 96:PkiSJH010HbHarxhfCU4jZbtYR14yH2Ir7t11EsVeB5qbViN7:PNSu107SDfCU4sRWIt11EsVeB5Ca7 |
MD5: | 99B6AC1D0DA523A6F6F1EF6244752446 |
SHA1: | E2DE5597EB485C1CDC1667269517A711E6D0E8FB |
SHA-256: | 038A0E3C2BA3281E2704700B08DACF852AF50E2DDC2B4B1230082500EB8EC488 |
SHA-512: | 613E60B76EBEA461AB9C748B82245252492362390CA91F1D6858B4735EFA0AA190DF9C813554B24B23C7CCEA7D9B9F2BF2BE5B6F33BB4A4794AAAE40A007C692 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://pr.ssm.echoworx.net/brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=emx/help/notice_privacy.html |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13029 |
Entropy (8bit): | 0.4791264017153545 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lo19loV9lWigeyG2fk:kBqoI+ggybfk |
MD5: | 4028E9549C0479E06235D5CF428C3329 |
SHA1: | D9C6C6F30E410383F37F55E64E2581085A6982EC |
SHA-256: | 9E181C5822A2D793C94B152C92871BA1411E5B6818DA267231E226123768D524 |
SHA-512: | 30F116C100A3C56569AA416D6A7DDB2559F1E8D28C7D2F02DC64DB1380805942E711427A7641AEC5A2A64175DC7AE339D39402368D3B14D20877EEABF1137C5C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 0.27918767598683664 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab |
MD5: | AB889A32AB9ACD33E816C2422337C69A |
SHA1: | 1190C6B34DED2D295827C2A88310D10A8B90B59B |
SHA-256: | 4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA |
SHA-512: | BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34545 |
Entropy (8bit): | 0.382372108437617 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwZW9lwZ769l2Zqd9l2H:kBqoxKAuvScS+LFX+KIKX0/fsS0 |
MD5: | E531E1BAC024FA93D63D4D77AF7BE77D |
SHA1: | 5DFBDB4FA3DA8D4360221863C758FB068433DD30 |
SHA-256: | BC3BFE5F73364ACC6DBE0247EBED77391199899E95011812733F1E8B90E69C24 |
SHA-512: | 7C3FBB9BBF208F384C5B1D8A9E5C7BBE45D2E581B1907B8D3684B7AA35DDF420FEB80AE1E9C6D6440462BAE70826A5B5CB00F4A44683688EF286F3BC62B1B28C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 11, 2021 06:49:52.896141052 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:52.896965027 CEST | 49715 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.185051918 CEST | 443 | 49714 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.185080051 CEST | 443 | 49715 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.185240984 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.188692093 CEST | 49715 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.196625948 CEST | 49715 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.196661949 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.487396955 CEST | 443 | 49715 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.488101959 CEST | 443 | 49714 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.488452911 CEST | 443 | 49715 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.488497019 CEST | 443 | 49715 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.488532066 CEST | 443 | 49715 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.488548994 CEST | 49715 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.488598108 CEST | 49715 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.488605022 CEST | 49715 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.489211082 CEST | 443 | 49714 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.489253998 CEST | 443 | 49714 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.489284039 CEST | 443 | 49714 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.489337921 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.489430904 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.489439964 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.518937111 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.520503998 CEST | 49715 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.525055885 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.810175896 CEST | 443 | 49714 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.810328007 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.810977936 CEST | 443 | 49715 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:53.811094999 CEST | 49715 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:53.855684042 CEST | 443 | 49714 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:54.209718943 CEST | 443 | 49714 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:54.209784031 CEST | 443 | 49714 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:54.209939003 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:54.210004091 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:54.218255997 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:54.507224083 CEST | 443 | 49714 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:58.787702084 CEST | 443 | 49714 | 124.47.150.19 | 192.168.2.6 |
Jun 11, 2021 06:49:58.787951946 CEST | 49714 | 443 | 192.168.2.6 | 124.47.150.19 |
Jun 11, 2021 06:49:58.872083902 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:58.872134924 CEST | 49721 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.012017012 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.012326002 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.014271975 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.018022060 CEST | 443 | 49721 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.018340111 CEST | 49721 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.019881964 CEST | 49721 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.153918982 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.162545919 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.162589073 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.162637949 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.162669897 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.162679911 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.162720919 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.162729025 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.162733078 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.165704966 CEST | 443 | 49721 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.174318075 CEST | 443 | 49721 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.174371958 CEST | 443 | 49721 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.174407959 CEST | 443 | 49721 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.174417973 CEST | 49721 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.174443960 CEST | 443 | 49721 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.174494982 CEST | 49721 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.174550056 CEST | 49721 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.174875021 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.175312996 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.175575018 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.178508043 CEST | 49721 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.178946972 CEST | 49721 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.316286087 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.316528082 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.316556931 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.316651106 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.316690922 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.318106890 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.325751066 CEST | 443 | 49721 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.325783014 CEST | 443 | 49721 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.326018095 CEST | 443 | 49721 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.335400105 CEST | 49721 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.335443020 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.335500956 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.335541010 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.335575104 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.335602999 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.335597038 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.335633993 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.335639000 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.335676908 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.337146044 CEST | 49721 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.403953075 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.502463102 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.529855967 CEST | 443 | 49721 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.546638012 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.563565016 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.563618898 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.563652992 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.563679934 CEST | 443 | 49720 | 3.17.15.199 | 192.168.2.6 |
Jun 11, 2021 06:49:59.563699007 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.563755035 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.563806057 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
Jun 11, 2021 06:49:59.878592968 CEST | 49720 | 443 | 192.168.2.6 | 3.17.15.199 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 11, 2021 06:49:44.236893892 CEST | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:44.287075996 CEST | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:45.154815912 CEST | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:45.205399036 CEST | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:46.178725958 CEST | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:46.229497910 CEST | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:47.288608074 CEST | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:47.339334011 CEST | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:48.251399040 CEST | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:48.301599979 CEST | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:49.248955011 CEST | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:49.301238060 CEST | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:50.228514910 CEST | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:50.280530930 CEST | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:51.565171003 CEST | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:51.624222040 CEST | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:51.670892000 CEST | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:51.723994017 CEST | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:52.806663036 CEST | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:52.884427071 CEST | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:54.155527115 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:54.205874920 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:56.070228100 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:56.120417118 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:57.360879898 CEST | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:57.411514044 CEST | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:58.466937065 CEST | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:58.529037952 CEST | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:49:58.804078102 CEST | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:49:58.866739988 CEST | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:00.892452955 CEST | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:00.946038008 CEST | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:02.640511990 CEST | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:02.695547104 CEST | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:03.781336069 CEST | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:03.844701052 CEST | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:04.583234072 CEST | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:04.636890888 CEST | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:10.582756042 CEST | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:10.645833969 CEST | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:10.738950014 CEST | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:10.792041063 CEST | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:11.569263935 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:11.619601965 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:16.372633934 CEST | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:16.434716940 CEST | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:21.607191086 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:21.667524099 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:22.372471094 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:22.431260109 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:22.637332916 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:22.697768927 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:23.417274952 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:23.477365971 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:23.683056116 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:23.747996092 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:24.464900970 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:24.524734020 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:25.731291056 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:25.784548998 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:26.511292934 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:26.571794987 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:29.777399063 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:29.829013109 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:30.574150085 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:30.636538982 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:34.405864000 CEST | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:34.466727018 CEST | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:35.130315065 CEST | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:35.190814972 CEST | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:35.623259068 CEST | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:35.683223963 CEST | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:35.849730015 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:35.911269903 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:36.445476055 CEST | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:36.510792971 CEST | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:37.049515009 CEST | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:37.111593962 CEST | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:38.120421886 CEST | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:38.259500980 CEST | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:39.243570089 CEST | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:39.306793928 CEST | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:40.174675941 CEST | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:40.236625910 CEST | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:41.347383022 CEST | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:41.499370098 CEST | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:42.149908066 CEST | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:42.211060047 CEST | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:50:56.064095020 CEST | 58177 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:50:56.124412060 CEST | 53 | 58177 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:51:26.309387922 CEST | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:51:26.379045963 CEST | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:51:27.590250969 CEST | 54069 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:51:27.662661076 CEST | 53 | 54069 | 8.8.8.8 | 192.168.2.6 |
Jun 11, 2021 06:51:28.050021887 CEST | 61178 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 11, 2021 06:51:28.112843037 CEST | 53 | 61178 | 8.8.8.8 | 192.168.2.6 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 11, 2021 06:49:52.806663036 CEST | 192.168.2.6 | 8.8.8.8 | 0x247a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 11, 2021 06:49:58.804078102 CEST | 192.168.2.6 | 8.8.8.8 | 0xe99e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 11, 2021 06:50:10.582756042 CEST | 192.168.2.6 | 8.8.8.8 | 0xb010 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 11, 2021 06:49:52.884427071 CEST | 8.8.8.8 | 192.168.2.6 | 0x247a | No error (0) | 124.47.150.19 | A (IP address) | IN (0x0001) | ||
Jun 11, 2021 06:49:52.884427071 CEST | 8.8.8.8 | 192.168.2.6 | 0x247a | No error (0) | 103.13.69.19 | A (IP address) | IN (0x0001) | ||
Jun 11, 2021 06:49:58.866739988 CEST | 8.8.8.8 | 192.168.2.6 | 0xe99e | No error (0) | alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Jun 11, 2021 06:49:58.866739988 CEST | 8.8.8.8 | 192.168.2.6 | 0xe99e | No error (0) | 3.17.15.199 | A (IP address) | IN (0x0001) | ||
Jun 11, 2021 06:49:58.866739988 CEST | 8.8.8.8 | 192.168.2.6 | 0xe99e | No error (0) | 3.142.104.20 | A (IP address) | IN (0x0001) | ||
Jun 11, 2021 06:50:10.645833969 CEST | 8.8.8.8 | 192.168.2.6 | 0xb010 | No error (0) | alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Jun 11, 2021 06:50:10.645833969 CEST | 8.8.8.8 | 192.168.2.6 | 0xb010 | No error (0) | 3.17.15.199 | A (IP address) | IN (0x0001) | ||
Jun 11, 2021 06:50:10.645833969 CEST | 8.8.8.8 | 192.168.2.6 | 0xb010 | No error (0) | 3.142.104.20 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jun 11, 2021 06:49:53.488532066 CEST | 124.47.150.19 | 443 | 192.168.2.6 | 49715 | CN=*.mimecast.com, O=Mimecast Services Limited, L=London, C=GB CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US | CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Fri Feb 19 01:00:00 CET 2021 Thu Sep 24 02:00:00 CEST 2020 | Wed Mar 23 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US | CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Thu Sep 24 02:00:00 CEST 2020 | Tue Sep 24 01:59:59 CEST 2030 | |||||||
Jun 11, 2021 06:49:53.489284039 CEST | 124.47.150.19 | 443 | 192.168.2.6 | 49714 | CN=*.mimecast.com, O=Mimecast Services Limited, L=London, C=GB CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US | CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Fri Feb 19 01:00:00 CET 2021 Thu Sep 24 02:00:00 CEST 2020 | Wed Mar 23 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US | CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Thu Sep 24 02:00:00 CEST 2020 | Tue Sep 24 01:59:59 CEST 2030 | |||||||
Jun 11, 2021 06:49:59.162679911 CEST | 3.17.15.199 | 443 | 192.168.2.6 | 49720 | CN=*.ssm.echoworx.net CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Tue May 25 20:53:28 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021 | Mon Aug 23 20:53:28 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 | |||||||
CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Jan 20 20:14:03 CET 2021 | Mon Sep 30 20:14:03 CEST 2024 | |||||||
Jun 11, 2021 06:49:59.174443960 CEST | 3.17.15.199 | 443 | 192.168.2.6 | 49721 | CN=*.ssm.echoworx.net CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Tue May 25 20:53:28 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021 | Mon Aug 23 20:53:28 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 | |||||||
CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Jan 20 20:14:03 CET 2021 | Mon Sep 30 20:14:03 CEST 2024 | |||||||
Jun 11, 2021 06:50:10.958244085 CEST | 3.17.15.199 | 443 | 192.168.2.6 | 49726 | CN=*.ssm.echoworx.net CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Tue May 25 20:53:28 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021 | Mon Aug 23 20:53:28 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 | |||||||
CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Jan 20 20:14:03 CET 2021 | Mon Sep 30 20:14:03 CEST 2024 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 06:49:50 |
Start date: | 11/06/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff721e20000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 06:49:51 |
Start date: | 11/06/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1020000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|