Windows Analysis Report SCM Requirements for Sellers during COVID-19 - FINAL JULY 12 21 FINAL.pdf
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 446654 |
Start date: | 10.07.2021 |
Start time: | 01:27:17 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | SCM Requirements for Sellers during COVID-19 - FINAL JULY 12 21 FINAL.pdf |
Cookbook file name: | defaultwindowshtmlcookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.winPDF@7/15@0/0 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33368 |
Entropy (8bit): | 1.8723867146155309 |
Encrypted: | false |
SSDEEP: | 96:rSZJZbX2bKWb7htb7hfb7RRMb7pYb7Nb7wb7ytb70i3:rSZJZT2mWxtxfBRMZY9Aitki3 |
MD5: | 456268A88A54E2E92F4F30FE4B29927D |
SHA1: | A0AA1B7D41AA1224CFD56462F06265415C455E57 |
SHA-256: | 5425AF1998A7431A59D02E51E14AD27FEA633FC9CB662022DEDB1836BED712B1 |
SHA-512: | 7FACF1977B82999F7B6D0A54BB892F221075681A36925D28A7CA9ED81F093AA3498BFEB6997B71F1859A6025975D6EDCBFC640D0B0FC439BFC32883A23AA705B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27116 |
Entropy (8bit): | 1.750182820432524 |
Encrypted: | false |
SSDEEP: | 96:rtZKQ+66BSTjNfL2NdVWNKMNl11j8JW1oKA:rtZKQ+66kTjNfL2NdVWNKMNlPj0U3A |
MD5: | BC5395152A2EA417006ED1CA24B52774 |
SHA1: | 7C8AF14CE5DABFED12355B81FCF6A62EF43DECEB |
SHA-256: | 36C38AC1E185EF5B16D0D1F183DA764DC96C049860C451EF72348958A8556B8E |
SHA-512: | 7B9B8A1C4040573DBB9810737195FB83AEFB930D6A64AA48CD16B75F8786D9CD40AA9A8FE1031EE5DA1C1FA21ED884250037F6B493905C18EDEBE2F9B17C23CE |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5639854119598748 |
Encrypted: | false |
SSDEEP: | 48:IwkGcprtGwpa8G4pQIGrapbS8q9GQpKVG7HpRiTGIpG:r4Z3Qc6WBS82AET2A |
MD5: | 4FAB506E3495FF145F3542445449993E |
SHA1: | 2F6B9E73CA0441610CF6A427B97EB907CB2493C1 |
SHA-256: | 2408598FB902D55DD23DDAC670EB18A7130290A7C1417145D129D4393CB153BF |
SHA-512: | C1D27E5BFE7C25E48DA9F782DD7A055D0DA208B46DB113313E6BF0C6CA1A40EB5BBC5B1D09757A30DBCAC13FDC34484EDB48E69270005DD14664D451749975A5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.123521259946243 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxOEImtmgnWimI002EtM3MHdNMNxOEImtmgnWimI00ObVbkEtMb:2d6NxOrmtmgSZHKd6NxOrmtmgSZ76b |
MD5: | 684634A6581A6F29B5171504EA355A02 |
SHA1: | 8D0A15A17FA31EEC549B20E4D41B1A5D77D23208 |
SHA-256: | 2F3EBB1A8DBEEC6F234318180659ABBB9146ACC11341FD75D7B6A7F69F849915 |
SHA-512: | 2414B0FE1A88B4B232437D87BC78287EDA668C50491F1508DCB1253B3FF81630BB6DEE7287563F906BBD1B4F2F510E68316E36F1185D3EEB51AAA72E6F7E2312 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.1757579353923155 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxe2kbKWnWimI002EtM3MHdNMNxe2kbKWnWimI00Obkak6EtMb:2d6Nxr4SZHKd6Nxr4SZ7Aa7b |
MD5: | D3C5B3BC01E5C7C298E876DC5C54C121 |
SHA1: | C2C555E86BFF3140295F24BC56C9580A4DD1ECD3 |
SHA-256: | 5C3A76A239A3F5CE495956D8FDB25C964D01040BD77C7FD9063BD0BB38057DAE |
SHA-512: | B810512BD35FA668527A20E4245D51E9492DB5AB4A1D48CB4FAD55F7A0E970A3DEE8796441F70603414931DA703AFD0FAB58069658A95BCD8BCA84269F5EEC9F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 662 |
Entropy (8bit): | 5.14197931262454 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxvLImtmgnWimI002EtM3MHdNMNxvLImtmgnWimI00ObmZEtMb:2d6NxvsmtmgSZHKd6NxvsmtmgSZ7mb |
MD5: | 1EA75A91BEC291EB4D469AA9DC74A004 |
SHA1: | E6F4DA6D27AB049F3C2983CF826CAC18FA8D527A |
SHA-256: | 883AE49FEC27791B8CC6907BB06BA772136D96F3C9A64856990EDAA905AD8823 |
SHA-512: | 50A8FE2B5546A9351328EB49953882128AAE7F1E5B887581B04AAEC12726513235BA16C9E6385C7401104CECBDA0840DABEACC10B2DA371F0B521DE3C8824E9A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 647 |
Entropy (8bit): | 5.169036851737172 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxibKWnWimI002EtM3MHdNMNxibrmgnWimI00Obd5EtMb:2d6Nx2SZHKd6NxkmgSZ7Jjb |
MD5: | 987C9D741E455CBC8E92152F79610E2A |
SHA1: | 0B5C87469E08AC87B673799E036CE4173C728AF1 |
SHA-256: | 30355BBF97FA70BF6E7829EC41FF71C23820EDBD4FB59331948F13DFBB971BC9 |
SHA-512: | EAD742206E092D142C938026868F188B2B0E3BB36E2349212E8ED3F6484FCDD3BB3232C658C808E2099339F88CEDF9C7787157D2517AE2B14B1DBDDBEF765353 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.193446235028963 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxhGwJnWimI002EtM3MHdNMNxhGwJnWimI00Ob8K075EtMb:2d6NxQYSZHKd6NxQYSZ7YKajb |
MD5: | FA25ED624DF2FDA47AFF5770E1FA989C |
SHA1: | 574596991379021086DA674C5AECAF7A20A1D179 |
SHA-256: | 4BDAC41D6BD985DA6024E52D6556372542AC9B16A633D4B1AB1848A854DF2A9E |
SHA-512: | 1F3876AC5B3CDD44025C7B38646FC38C43730EA1D97C3A6775E32D1AF6AC430EFB6EF54FD3C488DEB6B8D307A46A2B77FC985D5D3F4AC1C568266DA38F924EC9 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.124393907750963 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNx0nImtmgnWimI002EtM3MHdNMNx0nImtmgnWimI00ObxEtMb:2d6Nx0ImtmgSZHKd6Nx0ImtmgSZ7nb |
MD5: | 7698523B60C066EC412B4B569BA01D25 |
SHA1: | 3CF5842A437389BFD16BC93552EFF05C22CD7911 |
SHA-256: | 586ABA0CDB02F288E872297F883AB458A7EE342A88FBF756CC085A84AE46BF60 |
SHA-512: | 1737630A49CE40C00D6736A2CDB173085A1960A110BD8F476D7632433908C1DEA2503CCE6997B124CFD06599557D78512B33415FDFC58E2EE983456B1E557667 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.163944961216941 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxxImtmgnWimI002EtM3MHdNMNxxImtmgnWimI00Ob6Kq5EtMb:2d6NximtmgSZHKd6NximtmgSZ7ob |
MD5: | 3517A4EB0DA85C40D1F77410C2FFCD66 |
SHA1: | 34A140817F8DACE1A65A48D357C4D38FBA087596 |
SHA-256: | A7E7097979A1FB5A1CBCCC3245113FD33C41FD833F593FC8ACEFCBB4A294A127 |
SHA-512: | C3529810C78AA9FC2678BD58E2F19C83846DAD66C73E1B1D1CB33B8A98E965B297AC63A1012C16A9A37DCD21F55341052B1FB5809F9DF866A9A92FB4CFF4F658 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.1738619691987635 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxcbKWnWimI002EtM3MHdNMNxcbKWnWimI00ObVEtMb:2d6NxgSZHKd6NxgSZ7Db |
MD5: | F8ACC5E62973C6D921639DD1C6A239B4 |
SHA1: | AF25E807D7A3E079FA00F193C45FE3070467C867 |
SHA-256: | 5FD8A26F05379610E34CF89D457E4448225606F336D7FFB35F0B7DEFD50EEB13 |
SHA-512: | EC349B2B1CF38DD82F112C4D6C06EA6EBC9CD16A0D6BA43A2FE8D5001A72172B0451E0B10FFEF7B9D088863C08D68501615309C290549F65FA89508771BFEE3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.154197668045525 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxfnbKWnWimI002EtM3MHdNMNxfnbKWnWimI00Obe5EtMb:2d6NxlSZHKd6NxlSZ7ijb |
MD5: | 4D26BCF5DF1F350C63A5999C8A820D02 |
SHA1: | 68880048F9B856A8D7D8F48C61713A54D493494D |
SHA-256: | 838FD1A759B7F2BCDFDE9769E03B799A45CB775F7BDB7482AF32A0DD0F853240 |
SHA-512: | 6B95452FE3BB8B0E834085BD8D437F07164D7DE2822CFF6AF64A69F571F0969313117D43A3890E7C0CA40C347E18359AF19AF1936BCDE3B89059D137547B3F47 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 0.27918767598683664 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab |
MD5: | AB889A32AB9ACD33E816C2422337C69A |
SHA1: | 1190C6B34DED2D295827C2A88310D10A8B90B59B |
SHA-256: | 4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA |
SHA-512: | BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13077 |
Entropy (8bit): | 0.5119802161770426 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lobqF9lobm9lWbb9ChhCNShCB:kBqoIbxb3bb9CjCNQCB |
MD5: | CC1B1ADDCE28AB62F06F38858A4B3882 |
SHA1: | DEBA19A5E0D04E23B363B4995EAD4EE7257A7A28 |
SHA-256: | B90796D0CC0465900628907FB0838CD07DA5E2288A92CBDF7054BCE9D2C4DC6D |
SHA-512: | 9D6A893E1883A0B1B141B52D56F2FD1A4B92F4FCE97F5C64FA81F8ED529E2D0C35780F170FDCE241A6E9F96B0DA9224E6A55A2BCA69A8BD5610952647B1C8161 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38653 |
Entropy (8bit): | 0.406427771420416 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKAuvScS+NMNqNwNRNdINdZCmjdcVSCmwcV:kBqoxKAuvScS+NMNqNwNRNaN31jZ1 |
MD5: | EFBD1F1639296066C876A857336A20D2 |
SHA1: | FB406207012FDBCB2DF11D986B6CBE3A6596545A |
SHA-256: | 852F545C52CA93947A28AAEF010F0516C3D83C8AB31464013863EC8AA6694816 |
SHA-512: | 102AA02FD17F027FF66753BBF39924F22489D472DBA6E733F9E56F9A649E9B2E3A6B8256434888228454137AECE8C79B1D81C55F1A99EF8BABF92FB1E6F58682 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.982031180418199 |
TrID: |
|
File name: | SCM Requirements for Sellers during COVID-19 - FINAL JULY 12 21 FINAL.pdf |
File size: | 317 |
MD5: | 65e60bff8b0523a162ae96668ee24a1c |
SHA1: | 2ad84df8272de40de999d8c77b8a9beea1fb0b14 |
SHA256: | 1dd7144e5a2639935ad32cfd8d9b464985165298c737a027e737811398e1f7aa |
SHA512: | 47813f6ef747d0edf3637e716c392458cb94f85d8c24fd223fcab0525b0161438c4162f6a2f229f3b8988ecaf5fb4d35742b6d6fb2393a6309bfb22d008eda4a |
SSDEEP: | 6:hxuJL/ps6OqB10L98IV9zYwUQJqbc0MYkFbmNYQCI6xRMGOF8uJYUuahX4QL:hYoVH3G9j2bmx9Giu7ahoQL |
File Content Preview: | <!DOCTYPE html>.<html>. <body style="font-family: Arial, sans-serif;">. <h1>Updated 7/12/2021 - GM SCM COVID-19 Requirements</h1>. <div>Good morning, <br>There is an update to the GM SCM COVID-19 requirements. Please check the attched fil |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/10/21-01:31:05.954900 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.3 | 192.168.2.1 |
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 10, 2021 01:28:05.167567015 CEST | 54260 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:05.189088106 CEST | 53 | 54260 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:35.183939934 CEST | 51904 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:35.224975109 CEST | 61328 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:35.225071907 CEST | 53 | 51904 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:35.238091946 CEST | 53 | 61328 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:36.020592928 CEST | 54130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:36.036119938 CEST | 53 | 54130 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:36.249680042 CEST | 61328 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:36.263597012 CEST | 53 | 61328 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:37.095231056 CEST | 54130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:37.108314991 CEST | 53 | 54130 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:37.296776056 CEST | 61328 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:37.313421965 CEST | 53 | 61328 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:38.096057892 CEST | 54130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:38.112080097 CEST | 53 | 54130 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:39.297271967 CEST | 61328 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:39.310481071 CEST | 53 | 61328 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:40.094078064 CEST | 54130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:40.107086897 CEST | 53 | 54130 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:43.362620115 CEST | 61328 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:43.375571012 CEST | 53 | 61328 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:44.141340017 CEST | 54130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:44.156666040 CEST | 53 | 54130 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:28:55.455971003 CEST | 56961 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:28:55.477262020 CEST | 53 | 56961 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:29:45.517252922 CEST | 59353 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:29:45.530178070 CEST | 53 | 59353 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:29:46.882071972 CEST | 52238 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:29:46.895216942 CEST | 53 | 52238 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:29:47.942488909 CEST | 49873 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:29:47.956267118 CEST | 53 | 49873 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:29:50.785048962 CEST | 53196 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:29:50.798084974 CEST | 53 | 53196 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:29:51.983361006 CEST | 56777 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:29:51.997783899 CEST | 53 | 56777 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:29:53.533293962 CEST | 58643 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:29:53.546399117 CEST | 53 | 58643 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:29:54.583268881 CEST | 60985 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:29:54.596293926 CEST | 53 | 60985 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:29:56.996171951 CEST | 50200 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:29:57.009654999 CEST | 53 | 50200 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:29:58.083550930 CEST | 51281 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:29:58.097975016 CEST | 53 | 51281 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:29:59.342057943 CEST | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:29:59.355233908 CEST | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:30:00.555725098 CEST | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:30:00.570599079 CEST | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:30:01.749897957 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:30:01.765396118 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:30:03.539745092 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:30:03.556171894 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:30:04.749686956 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:30:04.762578011 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:30:06.114039898 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:30:06.127262115 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:30:07.474628925 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:30:07.493439913 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:30:09.643014908 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:30:09.657274961 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:30:10.663006067 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:30:10.678597927 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:30:12.283303022 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:30:12.298430920 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Jul 10, 2021 01:30:13.928263903 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 10, 2021 01:30:13.942990065 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 01:28:04 |
Start date: | 10/07/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7b4760000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 01:28:05 |
Start date: | 10/07/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xed0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 01:28:07 |
Start date: | 10/07/2021 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1300000 |
File size: | 2571312 bytes |
MD5 hash: | B969CF0C7B2C443A99034881E8C8740A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 01:28:09 |
Start date: | 10/07/2021 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1300000 |
File size: | 2571312 bytes |
MD5 hash: | B969CF0C7B2C443A99034881E8C8740A |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Disassembly |
---|