Windows
Analysis Report
wpswireless-invoice-08.11.22.doc
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 1600 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | File opened: |
Software Vulnerabilities |
---|
Source: | File created: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
System Summary |
---|
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: |
Source: | OLE, VBA macro line: |
Source: | OLE indicator, VBA macros: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | LNK file: |
Source: | OLE indicator, Word Document stream: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Initial sample: |
Source: | Static file information: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 12 Scripting | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Non-Application Layer Protocol | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 12 Exploitation for Client Execution | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 12 Scripting | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Ingress Tool Transfer | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | Virustotal | Browse | ||
15% | ReversingLabs | Script-Macro.Trojan.Amphitryon | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.8.146.139 | unknown | Russian Federation | 44676 | VMAGE-ASRU | false |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 682568 |
Start date and time: | 2022-08-11 18:04:19 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | wpswireless-invoice-08.11.22.doc |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Run name: | Without Instrumentation |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.expl.winDOC@1/6@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, svchost.exe
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\rm[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 201 |
Entropy (8bit): | 5.110875983732391 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3bIGKCezocKqD:J0+oxBeRmR9etdzRxbIYez1T |
MD5: | 6DFF44B8B60DD046290A5420717F052E |
SHA1: | 2339B6BC052682B5CC618733AEEE776037485D3E |
SHA-256: | 2E519B2E823E2503B635A59BBC29A00170F18F86BC7F5330563188B105FF87D7 |
SHA-512: | 02E47727BE33B93C4CA538A0E089720C0AC6D7CDC758216ECE0AD3380A75C151D9E2C6BA66A564209E3AC750720CBD3E415FA202ADE20852785D507C488076C3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 201 |
Entropy (8bit): | 5.110875983732391 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3bIGKCezocKqD:J0+oxBeRmR9etdzRxbIYez1T |
MD5: | 6DFF44B8B60DD046290A5420717F052E |
SHA1: | 2339B6BC052682B5CC618733AEEE776037485D3E |
SHA-256: | 2E519B2E823E2503B635A59BBC29A00170F18F86BC7F5330563188B105FF87D7 |
SHA-512: | 02E47727BE33B93C4CA538A0E089720C0AC6D7CDC758216ECE0AD3380A75C151D9E2C6BA66A564209E3AC750720CBD3E415FA202ADE20852785D507C488076C3 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 107 |
Entropy (8bit): | 4.724609804997727 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlKCsAWWIKGHjXbUmX1mWfsAWWIKGHjXbUv:bC0s+GHjXbSgs+GHjXb2 |
MD5: | 6D22B1B60083716F1E8936205BB774BE |
SHA1: | E0BF33F423B44E56CE3507E5D0F6E4A62D6F46B6 |
SHA-256: | A2F799C1F3ECF0CC33F6001EEB53D6DECF031021A4749D88506141300BAA0710 |
SHA-512: | D6BBBA16D4A4D27183D85129F9781D9D67E9A3DB3A2984639079451B802FCAA5F39DE2BEF15AA1BC811C9D537FCC82166DAB165AB8DC392142365E2FD2EF807B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1104 |
Entropy (8bit): | 4.561004267303822 |
Encrypted: | false |
SSDEEP: | 12:8LN5gXg/XAlCPCHaXNBQtB/SxXX+W0xcfaimWeIrzricvb8IvjXjBIrzXDtZ3YiW:8Lt/XT9SUlthtueZvrYXDv3qEu7D |
MD5: | 172066224B93DB8E18E4AF37E4975409 |
SHA1: | 1E7CC9415ED3E0693A1E2D08B3875FCF33960267 |
SHA-256: | 888F9777FD24A7B93DEB9C21358D2C7A2F17A234769DC85F52747C0BE5F32F91 |
SHA-512: | 0EE82ADB1C1F349C5437BCC0A3D34766988100ECF685346DB400D8411BF4A1D21ECAEB45BB3528321975DBC217DE8524F8661ABF708FEA2AF80463E90B8BF98D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.994091181083785 |
TrID: |
|
File name: | wpswireless-invoice-08.11.22.doc |
File size: | 2350727 |
MD5: | 672ff75cfa223733b4d42382089a57b2 |
SHA1: | 02dd6b448c2373dc1223724b1ab1aff920528aa6 |
SHA256: | aabc9295e27a673dcfb902960b8196a561923cef78ddb061956cb627fcfa782c |
SHA512: | 67ae70869362e5f55cec2655cbe924387baed91a0104abfb47ead979aac7b56684af5e5413b305ea1fdaeb5ccd7053e7ff398a341dd2fcc7c8b325f05ac2e272 |
SSDEEP: | 49152:eT3UFkBPa/06xtvpz126ejPDkZ3T4EtUxFc2mpXfQK9B:qUke3v912tAJT45xF6pXfQK7 |
TLSH: | 3BB533A9751FE67ED0C8DE700D12EA9433A7E9DE4AC8049CC234CAD21DFC225B55F85A |
File Content Preview: | PK..........!..U~............._rels/.rels...J.@............4.E..D.....$....T..w-..j........|.zs..z..z.*X.%(v......6O.{PI........`S__._x .C..CR....:....t..R......hI.3..H.Q..*.;..=..y... n.......yo.......[vrf..A..6..3[.>_...-K....\NH!....<..r...E.B..P...<_. |
Icon Hash: | e4eea2aaa4b4b4a4 |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
General | |
Stream Path: | VBA/ThisDocument |
VBA File Name: | ThisDocument.cls |
Stream Size: | 2739 |
Data ASCII: | . . . A t t r i b u t . e V B _ N a m . e = " T h i . s D o c u m e n . t " . . . B a s . . 1 N o r m a l . . . V G l o b a l ! . S p a c . l F a . l s e . J C r e a . t a b l . . P r e d e c l a . . I d . . # T r u . " E x p . o s e . . T e m p . l a t e D e r i . v . $ C u s t o m l i z C . P . . . . . D . ? P t r S a . f e F u n c t . i o n . . . . . . L . i b " u s e r . 3 2 " A l i a . s " S e t T i . m e r " ( B y V a l . . . . . . . . A s L o n g y . 1 , . . . . . . |
Data Raw: | 01 0e b4 00 41 74 74 72 69 62 75 74 00 65 20 56 42 5f 4e 61 6d 00 65 20 3d 20 22 54 68 69 00 73 44 6f 63 75 6d 65 6e 10 74 22 0d 0a 0a 8c 42 61 73 01 02 8c 31 4e 6f 72 6d 61 6c 02 2e 19 56 47 6c 6f 62 61 6c 21 01 aa 53 70 61 63 01 6c 46 61 08 6c 73 65 0c 4a 43 72 65 61 10 74 61 62 6c 15 1f 50 72 65 20 64 65 63 6c 61 00 06 49 64 11 00 23 54 72 75 0d 22 45 78 70 08 6f 73 65 14 1c 54 |
|
General | |
Stream Path: | PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 365 |
Entropy: | 5.260544526473288 |
Base64 Encoded: | True |
Data ASCII: | I D = " { C 6 A 0 3 1 7 C - 6 7 D 6 - 4 9 C 1 - 8 B 7 0 - 9 3 8 0 6 A 5 0 A 3 C E } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " E B E 9 2 2 5 9 0 9 5 D 0 9 5 D 0 9 5 D 0 9 5 D " . . D P B = " D 6 D 4 1 F 7 6 E 1 8 A C D 8 B C D 8 B C D " . . G C = " C 1 C 3 0 8 8 D 0 9 8 D 0 9 7 2 " . . . . [ H o s t E x t e n d e r I n f o ] . . |
Data Raw: | 49 44 3d 22 7b 43 36 41 30 33 31 37 43 2d 36 37 44 36 2d 34 39 43 31 2d 38 42 37 30 2d 39 33 38 30 36 41 35 30 41 33 43 45 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 65 72 73 69 6f 6e 43 6f 6d 70 61 74 69 |
General | |
Stream Path: | PROJECTwm |
File Type: | data |
Stream Size: | 41 |
Entropy: | 3.0773844850752607 |
Base64 Encoded: | False |
Data ASCII: | T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . . . |
Data Raw: | 54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 00 00 |
General | |
Stream Path: | VBA/_VBA_PROJECT |
File Type: | ISO-8859 text, with no line terminators |
Stream Size: | 7 |
Entropy: | 1.8423709931771088 |
Base64 Encoded: | False |
Data ASCII: | a . . . |
Data Raw: | cc 61 ff ff 00 00 00 |
General | |
Stream Path: | VBA/__SRP_2 |
File Type: | data |
Stream Size: | 5100 |
Entropy: | 1.9204222100936061 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . " . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` ) . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . q . . . . . . |
Data Raw: | 72 55 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 22 00 1f 00 00 00 00 00 01 00 01 00 00 00 01 00 71 07 00 00 00 00 00 00 00 00 00 00 a1 07 00 00 00 00 00 00 00 00 00 00 d1 07 |
General | |
Stream Path: | VBA/__SRP_3 |
File Type: | data |
Stream Size: | 2724 |
Entropy: | 2.7016840900812285 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . ` . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . Q . . . . . . . . . . . , . . p . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . . . . . ` . Q . . . . . . . . . . . X . . p . . . . . . Q . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 60 00 c1 08 00 00 00 00 00 00 00 00 00 00 00 00 04 70 10 00 fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
General | |
Stream Path: | VBA/dir |
File Type: | data |
Stream Size: | 486 |
Entropy: | 6.296812220423808 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . 0 . . . . . . H . . . . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . l . . . . . . . . . A d - . . . " . < . . . . r s t d o . l e > . . s . t . . d . o . l . e . ( . . h . . ^ . . * \\ . G { 0 0 0 2 0 4 3 0 - . . . . C . . . . . 4 6 } # 2 . 0 # . 0 # C : \\ W i n . d o w s \\ s y s @ t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t . i o n . E N o r ( m a l E N C r . m . a F . . c E C . . . . . m . ! O f f i c g O . f . i . c g . . g 2 D F 8 D 0 . 4 C - 5 B F A |
Data Raw: | 01 e2 b1 80 01 00 04 00 00 00 03 00 30 aa 02 02 90 09 00 20 14 06 48 03 00 a8 80 00 00 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 00 08 06 12 09 02 12 80 07 41 f4 64 2d 00 0c 02 22 0a 3c 02 0a 16 02 72 73 74 64 6f 08 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 00 28 0d 00 68 00 11 5e 00 03 2a 5c 00 47 7b 30 30 30 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 11, 2022 18:05:30.804837942 CEST | 49181 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 18:05:30.908679962 CEST | 80 | 49181 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 18:05:30.908760071 CEST | 49181 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 18:05:30.909040928 CEST | 49181 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 18:05:31.012741089 CEST | 80 | 49181 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 18:05:31.033143044 CEST | 80 | 49181 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 18:05:31.033260107 CEST | 49181 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 18:05:36.038661003 CEST | 80 | 49181 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 18:05:36.038923979 CEST | 49181 | 80 | 192.168.2.22 | 45.8.146.139 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49181 | 45.8.146.139 | 80 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Aug 11, 2022 18:05:30.909040928 CEST | 0 | OUT | |
Aug 11, 2022 18:05:31.033143044 CEST | 1 | IN |
Target ID: | 0 |
Start time: | 18:05:18 |
Start date: | 11/08/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fac0000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |