Windows
Analysis Report
airequipmentcorp-doc-08.11.2022.doc
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 1404 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | File opened: |
Software Vulnerabilities |
---|
Source: | File created: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
System Summary |
---|
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: |
Source: | OLE, VBA macro line: |
Source: | OLE indicator, VBA macros: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | LNK file: |
Source: | OLE indicator, Word Document stream: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: |
Source: | Static file information: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 12 Scripting | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Non-Application Layer Protocol | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 12 Exploitation for Client Execution | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 12 Scripting | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Ingress Tool Transfer | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
25% | Virustotal | Browse | ||
15% | ReversingLabs | Script-Macro.Trojan.Amphitryon | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.8.146.139 | unknown | Russian Federation | 44676 | VMAGE-ASRU | false |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 682577 |
Start date and time: | 2022-08-11 17:54:17 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | airequipmentcorp-doc-08.11.2022.doc |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.expl.winDOC@1/6@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, svchost.exe
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\rm[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 201 |
Entropy (8bit): | 5.110875983732391 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3bIGKCezocKqD:J0+oxBeRmR9etdzRxbIYez1T |
MD5: | 6DFF44B8B60DD046290A5420717F052E |
SHA1: | 2339B6BC052682B5CC618733AEEE776037485D3E |
SHA-256: | 2E519B2E823E2503B635A59BBC29A00170F18F86BC7F5330563188B105FF87D7 |
SHA-512: | 02E47727BE33B93C4CA538A0E089720C0AC6D7CDC758216ECE0AD3380A75C151D9E2C6BA66A564209E3AC750720CBD3E415FA202ADE20852785D507C488076C3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 201 |
Entropy (8bit): | 5.110875983732391 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3bIGKCezocKqD:J0+oxBeRmR9etdzRxbIYez1T |
MD5: | 6DFF44B8B60DD046290A5420717F052E |
SHA1: | 2339B6BC052682B5CC618733AEEE776037485D3E |
SHA-256: | 2E519B2E823E2503B635A59BBC29A00170F18F86BC7F5330563188B105FF87D7 |
SHA-512: | 02E47727BE33B93C4CA538A0E089720C0AC6D7CDC758216ECE0AD3380A75C151D9E2C6BA66A564209E3AC750720CBD3E415FA202ADE20852785D507C488076C3 |
Malicious: | true |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\airequipmentcorp-doc-08.11.2022.LNK
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1119 |
Entropy (8bit): | 4.556562729755983 |
Encrypted: | false |
SSDEEP: | 12:8HtbgXg/XAlCPCHaXRBktB/eLX+WjYW/xgi2LGejuicvbAKX9sxLG8DtZ3YilMM5:8H3/XThOMWW/xfKJeMM9KDv3qdu7D |
MD5: | 51CF1C4EF83B417D48E92CA74BE742C2 |
SHA1: | 38E231977EF7C325F301AA3339426BE481EB2232 |
SHA-256: | B9CD23C0F31C6C7561BF5CD58E6F3D85D646685451806418FC641A601B855B34 |
SHA-512: | 9726BD9997A3D9B7CCC794D070E34B191A326F32C34249BB0F15F338A75AB73DAB62176ED9071BD3C610438780791E713C7CF3C09F0AD989B8AF439D1A644954 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 113 |
Entropy (8bit): | 4.790918623838269 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlcMQJM3aBYUULX9omX1QM3aBYUULX9ov:bC3J+LX9Y+LX9y |
MD5: | FABCBFCDEE2E5C7BCD854D1758F6218D |
SHA1: | 6A00305F129D1A8D869B57A4029190C7514EC1CD |
SHA-256: | 479B8AA7CFCEF33DDADE106F1D5250BA2EA30DF81C166717AB75851E72F1053E |
SHA-512: | 4771DCF03B0BF31070EE0637151037C9D2A7CB5073074EB5743BF907E355D7E7763F67068C8C2EB2B90E1B0EA9ECBFE84E5449126A3FD6819189516F4F41284D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyaJybdJylp2bG/WWNJbilFGUld/ln:vdsCkWtz8Oz2q/rViXdH/l |
MD5: | 7CFA404FD881AF8DF49EA584FE153C61 |
SHA1: | 32D9BF92626B77999E5E44780BF24130F3D23D66 |
SHA-256: | 248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7 |
SHA-512: | F7CEC1177D4FF3F84F6F2A2A702E96713322AA56C628B49F728CD608E880255DA3EF412DE15BB58DF66D65560C03E68BA2A0DD6FDFA533BC9E428B0637562AEA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyaJybdJylp2bG/WWNJbilFGUld/ln:vdsCkWtz8Oz2q/rViXdH/l |
MD5: | 7CFA404FD881AF8DF49EA584FE153C61 |
SHA1: | 32D9BF92626B77999E5E44780BF24130F3D23D66 |
SHA-256: | 248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7 |
SHA-512: | F7CEC1177D4FF3F84F6F2A2A702E96713322AA56C628B49F728CD608E880255DA3EF412DE15BB58DF66D65560C03E68BA2A0DD6FDFA533BC9E428B0637562AEA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.993807361796733 |
TrID: |
|
File name: | airequipmentcorp-doc-08.11.2022.doc |
File size: | 2297841 |
MD5: | 84904f679048e45c43210c22f8fcc5df |
SHA1: | 7e23ee02e2543e51a2ad97b2ede96c441d34e6eb |
SHA256: | 78c296d80214d887820a3c55bc06fbc42b17db90fb01aef0766365b383f1e7f1 |
SHA512: | c7f757c4b357b72f8edc9988ef99dd73b2d0fb9c48f928a3d806c57fbc168b8d2d141a625a5ce76a4c7a6533708984d200031bc56d44b6d756e512cfd823b3d7 |
SSDEEP: | 49152:tqI9FlNmHCQkEV8Uxd938Vx8Z3rm06VNN9hTobO3b1:4I9F3miQkimVi3rD6VP4aB |
TLSH: | F8B53302D0155771C5F1C8F98C5AA1B842B8D2321521EE5F4B3CB81ACBBDDCA7B85ADE |
File Content Preview: | PK..........!..U~............._rels/.rels...J.@............4.E..D.....$....T..w-..j........|.zs..z..z.*X.%(v......6O.{PI........`S__._x .C..CR....:....t..R......hI.3..H.Q..*.;..=..y... n.......yo.......[vrf..A..6..3[.>_...-K....\NH!....<..r...E.B..P...<_. |
Icon Hash: | e4eea2aaa4b4b4a4 |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
General | |
Stream Path: | VBA/ThisDocument |
VBA File Name: | ThisDocument.cls |
Stream Size: | 2740 |
Data ASCII: | . . A t t r i b u t . e V B _ N a m . e = " T h i . s D o c u m e n . t " . . . B a s . . 1 N o r m a l . . . V G l o b a l ! . S p a c . l F a . l s e . J C r e a . t a b l . . P r e d e c l a . . I d . . # T r u . " E x p . o s e . . T e m p . l a t e D e r i . v . $ C u s t o m l i z C . P . . . . . D . ? P t r S a . f e F u n c t i o n . . . L i b " u s e . r 3 2 " A l i . a s " S e t T . i m e r " ( B . y V a l . . . . . . . A s L o n g , , { . . . . . . , . . ) . |
Data Raw: | 01 bc b4 00 41 74 74 72 69 62 75 74 00 65 20 56 42 5f 4e 61 6d 00 65 20 3d 20 22 54 68 69 00 73 44 6f 63 75 6d 65 6e 10 74 22 0d 0a 0a 8c 42 61 73 01 02 8c 31 4e 6f 72 6d 61 6c 02 2e 19 56 47 6c 6f 62 61 6c 21 01 aa 53 70 61 63 01 6c 46 61 08 6c 73 65 0c 4a 43 72 65 61 10 74 61 62 6c 15 1f 50 72 65 20 64 65 63 6c 61 00 06 49 64 11 00 23 54 72 75 0d 22 45 78 70 08 6f 73 65 14 1c 54 |
|
General | |
Stream Path: | PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 369 |
Entropy: | 5.245272756909884 |
Base64 Encoded: | True |
Data ASCII: | I D = " { E F 2 1 A C D 1 - 0 7 C 6 - 4 1 0 B - 8 1 6 A - F 3 5 B E 5 6 2 A 9 A 6 } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " F 5 F 7 1 8 1 1 F 8 0 2 F C 0 2 F C 0 2 F C 0 2 F C " . . D P B = " E A E 8 0 7 2 0 F D 2 1 F D 2 1 F D " . . G C = " D F D D 3 2 3 F D 2 C 1 C 6 C 2 C 6 C 2 3 9 " . . . . [ H o s t E x t e n d e r I n f |
Data Raw: | 49 44 3d 22 7b 45 46 32 31 41 43 44 31 2d 30 37 43 36 2d 34 31 30 42 2d 38 31 36 41 2d 46 33 35 42 45 35 36 32 41 39 41 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 65 72 73 69 6f 6e 43 6f 6d 70 61 74 69 |
General | |
Stream Path: | PROJECTwm |
File Type: | data |
Stream Size: | 41 |
Entropy: | 3.0773844850752607 |
Base64 Encoded: | False |
Data ASCII: | T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . . . |
Data Raw: | 54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 00 00 |
General | |
Stream Path: | VBA/_VBA_PROJECT |
File Type: | ISO-8859 text, with no line terminators |
Stream Size: | 7 |
Entropy: | 1.8423709931771088 |
Base64 Encoded: | False |
Data ASCII: | a . . . |
Data Raw: | cc 61 ff ff 00 00 00 |
General | |
Stream Path: | VBA/__SRP_2 |
File Type: | data |
Stream Size: | 5116 |
Entropy: | 1.9229388656001654 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . " . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 22 00 1f 00 00 00 00 00 01 00 01 00 00 00 01 00 71 07 00 00 00 00 00 00 00 00 00 00 a1 07 00 00 00 00 00 00 00 00 00 00 d1 07 |
General | |
Stream Path: | VBA/__SRP_3 |
File Type: | data |
Stream Size: | 2724 |
Entropy: | 2.6943726453670886 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . ` . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . Q . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . ` . q . . . . . . . . . . . , . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . . . . . . . Q . P . 1 . . . . . . . . . . . \\ . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 60 00 a1 08 00 00 00 00 00 00 00 00 00 00 00 00 04 70 10 00 fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
General | |
Stream Path: | VBA/dir |
File Type: | data |
Stream Size: | 486 |
Entropy: | 6.306571446096894 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . 0 . . . . . . H . . . . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . l . . . . . . . . R d - . . . " . < . . . . r s t d o . l e > . . s . t . . d . o . l . e . ( . . h . . ^ . . * \\ . G { 0 0 0 2 0 4 3 0 - . . . . C . . . . . 4 6 } # 2 . 0 # . 0 # C : \\ W i n . d o w s \\ s y s @ t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t . i o n . E N o r ( m a l E N C r . m . a F . . c E C . . . . . m . ! O f f i c g O . f . i . c g . . g 2 D F 8 D 0 . 4 C - 5 B F A - |
Data Raw: | 01 e2 b1 80 01 00 04 00 00 00 03 00 30 aa 02 02 90 09 00 20 14 06 48 03 00 a8 80 00 00 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 00 08 06 12 09 02 12 80 dc 52 f4 64 2d 00 0c 02 22 0a 3c 02 0a 16 02 72 73 74 64 6f 08 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 00 28 0d 00 68 00 11 5e 00 03 2a 5c 00 47 7b 30 30 30 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 11, 2022 17:55:11.708977938 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 17:55:11.812292099 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 17:55:11.812398911 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 17:55:11.812809944 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 17:55:11.916666031 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 17:55:11.928802013 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 17:55:11.928927898 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 17:55:16.934364080 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 17:55:16.934467077 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49171 | 45.8.146.139 | 80 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Aug 11, 2022 17:55:11.812809944 CEST | 0 | OUT | |
Aug 11, 2022 17:55:11.928802013 CEST | 1 | IN |
Target ID: | 0 |
Start time: | 17:55:12 |
Start date: | 11/08/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f630000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |