Windows
Analysis Report
cnewton doc 08.11.2022.doc
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 2164 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira URL Cloud: |
Source: | Joe Sandbox ML: |
Source: | File opened: |
Software Vulnerabilities |
---|
Source: | File created: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
System Summary |
---|
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: |
Source: | OLE, VBA macro line: |
Source: | OLE indicator, VBA macros: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | LNK file: |
Source: | OLE indicator, Word Document stream: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: |
Source: | Static file information: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 12 Scripting | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Non-Application Layer Protocol | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 12 Exploitation for Client Execution | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 12 Scripting | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Ingress Tool Transfer | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | Virustotal | Browse | ||
15% | ReversingLabs | Script-Macro.Trojan.Amphitryon | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.8.146.139 | unknown | Russian Federation | 44676 | VMAGE-ASRU | false |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 682599 |
Start date and time: | 2022-08-11 18:33:53 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | cnewton doc 08.11.2022.doc |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal72.expl.winDOC@1/6@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, svchost.exe
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\-f[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 201 |
Entropy (8bit): | 5.120826232488609 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3LZKCezocKqD:J0+oxBeRmR9etdzRxLFez1T |
MD5: | 33A7649A487B43D650E4D478C96E4588 |
SHA1: | F10EA1CC461B73EEE86CBE992CC4724F7B4C5175 |
SHA-256: | 469501F44D054081AD49D1D0AB0B8031ECCE6986D17D346CC39DFB7BCF327F76 |
SHA-512: | 24CDCCA259970B669949BD197AA55FD6E05D91B53A05984D3EBB3B219B6D26BDD67165967F1C8960D55E517D7AC46E1E515DD6E5C45DE4923F2FB1B1A98BCF22 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 201 |
Entropy (8bit): | 5.120826232488609 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3LZKCezocKqD:J0+oxBeRmR9etdzRxLFez1T |
MD5: | 33A7649A487B43D650E4D478C96E4588 |
SHA1: | F10EA1CC461B73EEE86CBE992CC4724F7B4C5175 |
SHA-256: | 469501F44D054081AD49D1D0AB0B8031ECCE6986D17D346CC39DFB7BCF327F76 |
SHA-512: | 24CDCCA259970B669949BD197AA55FD6E05D91B53A05984D3EBB3B219B6D26BDD67165967F1C8960D55E517D7AC46E1E515DD6E5C45DE4923F2FB1B1A98BCF22 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1074 |
Entropy (8bit): | 4.550387546578268 |
Encrypted: | false |
SSDEEP: | 12:8Lk19gXg/XAlCPCHaXBKBnB/xQpX+WZMfcfaiFGnicvbS5V7p9lAG9DtZ3YilMM4:8Li/XTRKJIHtneWhp9bDv3qgu7D |
MD5: | FFCF751B3266A73B93E151333BA38E3A |
SHA1: | E50E161857F409856D7EF18B12D6AC7F70592035 |
SHA-256: | ADE28AE8C44098CCDAE6DFEB0AC504D5CEF8FAF199B1674162F25CF5115EA6A7 |
SHA-512: | E1A41006EC895F41D5BA3E73841A9D8325C4CD404B227F7C56D342005D6B4C210CE09B87AAF1D8F16DAED0568162A8845E052589F2271C38DAC9DD93537223E4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 95 |
Entropy (8bit): | 4.627376468057002 |
Encrypted: | false |
SSDEEP: | 3:bDuMJle+FXF7Uk9omX1c6FXF7Uk9ov:bCMXF7p9kuXF7p9y |
MD5: | 92FF1982FE0A0AF246E8E293141DD9D0 |
SHA1: | 2B3D182D219D3178040B9F2F41B196A4742FE18B |
SHA-256: | 23ED12834D5AB9375C9AA71150EFFA53645FD337190A76B86AEA3381372D8EC0 |
SHA-512: | 4F9D1DAFADD29B0826B11BEE4AA9F87637B8BD82540FD57C66FC9073442399DB3BA6C0FE4FAAACDC282DFA932E440CA1EBE1D385FE82E690FA37F0BB00664519 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.993716519832146 |
TrID: |
|
File name: | cnewton doc 08.11.2022.doc |
File size: | 2343230 |
MD5: | ee1d6eb5b07b99e65fc0cb477193c35c |
SHA1: | 9d4dbf701c8ede93a79036dd5a0316da988a2eeb |
SHA256: | 23b9a20a59041fc7d484957e49ffa7e0f6dba7dbbec0628a4adb69c2e05863ab |
SHA512: | 869cdd01eb85cd12a1a27dc0099250e4fb33b3ed72a7e0375e80206b07b01aaff108ede1626de99f29c9a7cbc7524a4e4947b976be2e392b2d777c8df1fc54fc |
SSDEEP: | 49152:xyG/bJ98ozhp4kBA4Y0bRfqmlYOxtKW72swkql:QS8otukBbRfqUjRy7T |
TLSH: | C4B5333D16FB0348D87D3A125E1F1EC212BDCD45E01BC82F684B657AB5377846A68EE8 |
File Content Preview: | PK..........!..U~............._rels/.rels...J.@............4.E..D.....$....T..w-..j........|.zs..z..z.*X.%(v......6O.{PI........`S__._x .C..CR....:....t..R......hI.3..H.Q..*.;..=..y... n.......yo.......[vrf..A..6..3[.>_...-K....\NH!....<..r...E.B..P...<_. |
Icon Hash: | e4eea2aaa4b4b4a4 |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
General | |
Stream Path: | VBA/ThisDocument |
VBA File Name: | ThisDocument.cls |
Stream Size: | 2836 |
Data ASCII: | . J . A t t r i b u t . e V B _ N a m . e = " T h i . s D o c u m e n . t " . . . B a s . . 1 N o r m a l . . . V G l o b a l ! . S p a c . l F a . l s e . J C r e a . t a b l . . P r e d e c l a . . I d . . # T r u . " E x p . o s e . . T e m p . l a t e D e r i . v . $ C u s t o m l i z C . P . . . . . D . ? P t r S a . f e F u n c t . i o n . L i . b " u s e r 3 . 2 " A l i a s . " S e t T i m . e r " ( B y V 8 a l . . . . . A s L o n g * , . . . . . . . 5 . . . . . . . |
Data Raw: | 01 4a b4 00 41 74 74 72 69 62 75 74 00 65 20 56 42 5f 4e 61 6d 00 65 20 3d 20 22 54 68 69 00 73 44 6f 63 75 6d 65 6e 10 74 22 0d 0a 0a 8c 42 61 73 01 02 8c 31 4e 6f 72 6d 61 6c 02 2e 19 56 47 6c 6f 62 61 6c 21 01 aa 53 70 61 63 01 6c 46 61 08 6c 73 65 0c 4a 43 72 65 61 10 74 61 62 6c 15 1f 50 72 65 20 64 65 63 6c 61 00 06 49 64 11 00 23 54 72 75 0d 22 45 78 70 08 6f 73 65 14 1c 54 |
|
General | |
Stream Path: | PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 369 |
Entropy: | 5.302596554682153 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 1 4 9 A B 1 3 B - 1 5 A A - 4 3 8 2 - 8 9 7 7 - F C 2 5 F 7 E D D 7 B A } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 3 A 3 8 C 5 0 D F B 1 1 F B 1 1 F B 1 1 F B 1 1 " . . D P B = " 7 4 7 6 8 B 4 F F F 8 8 0 0 8 8 0 0 8 8 " . . G C = " A E A C 5 1 9 1 B 1 F 1 E A F 2 E A F 2 1 5 " . . . . [ H o s t E x t e n d e r I n f |
Data Raw: | 49 44 3d 22 7b 31 34 39 41 42 31 33 42 2d 31 35 41 41 2d 34 33 38 32 2d 38 39 37 37 2d 46 43 32 35 46 37 45 44 44 37 42 41 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 65 72 73 69 6f 6e 43 6f 6d 70 61 74 69 |
General | |
Stream Path: | PROJECTwm |
File Type: | data |
Stream Size: | 41 |
Entropy: | 3.0773844850752607 |
Base64 Encoded: | False |
Data ASCII: | T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . . . |
Data Raw: | 54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 00 00 |
General | |
Stream Path: | VBA/_VBA_PROJECT |
File Type: | ISO-8859 text, with no line terminators |
Stream Size: | 7 |
Entropy: | 1.8423709931771088 |
Base64 Encoded: | False |
Data ASCII: | a . . . |
Data Raw: | cc 61 ff ff 00 00 00 |
General | |
Stream Path: | VBA/__SRP_2 |
File Type: | data |
Stream Size: | 5108 |
Entropy: | 1.9370407590218233 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . " . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` ) > . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 22 00 1f 00 00 00 00 00 01 00 01 00 00 00 01 00 71 07 00 00 00 00 00 00 00 00 00 00 a1 07 00 00 00 00 00 00 00 00 00 00 d1 07 |
General | |
Stream Path: | VBA/__SRP_3 |
File Type: | data |
Stream Size: | 2724 |
Entropy: | 2.6897674029679903 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . ` . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . 1 . . . . . . . . . . . , . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` . a . . . . . . . . . . . X . . p . . . . . . ! . . . . . . . . . . . a . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 60 00 b1 08 00 00 00 00 00 00 00 00 00 00 00 00 04 70 10 00 fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
General | |
Stream Path: | VBA/dir |
File Type: | data |
Stream Size: | 486 |
Entropy: | 6.304387507848704 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . 0 . . . . . . H . . . . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . l . . . . . . . . I d - . . . " . < . . . . r s t d o . l e > . . s . t . . d . o . l . e . ( . . h . . ^ . . * \\ . G { 0 0 0 2 0 4 3 0 - . . . . C . . . . . 4 6 } # 2 . 0 # . 0 # C : \\ W i n . d o w s \\ s y s @ t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t . i o n . E N o r ( m a l E N C r . m . a F . . c E C . . . . m . ! O f f i c g O . f . i . c g . . g 2 D F 8 D 0 . 4 C - 5 B F A - . |
Data Raw: | 01 e2 b1 80 01 00 04 00 00 00 03 00 30 aa 02 02 90 09 00 20 14 06 48 03 00 a8 80 00 00 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 00 08 06 12 09 02 12 80 c5 49 f4 64 2d 00 0c 02 22 0a 3c 02 0a 16 02 72 73 74 64 6f 08 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 00 28 0d 00 68 00 11 5e 00 03 2a 5c 00 47 7b 30 30 30 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 11, 2022 18:34:48.710539103 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 18:34:48.814019918 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 18:34:48.814181089 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 18:34:48.814735889 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 18:34:48.917928934 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 18:34:48.936649084 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 18:34:48.936789989 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 18:34:53.941994905 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 18:34:53.942373991 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49171 | 45.8.146.139 | 80 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Aug 11, 2022 18:34:48.814735889 CEST | 0 | OUT | |
Aug 11, 2022 18:34:48.936649084 CEST | 1 | IN |
Target ID: | 0 |
Start time: | 18:35:14 |
Start date: | 11/08/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f580000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |