Windows
Analysis Report
valliant.document.08.11.2022.doc
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 1256 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | File opened: |
Software Vulnerabilities |
---|
Source: | File created: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
System Summary |
---|
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro line: |
Source: | OLE, VBA macro line: |
Source: | OLE indicator, VBA macros: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | LNK file: |
Source: | OLE indicator, Word Document stream: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Initial sample: |
Source: | Static file information: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 12 Scripting | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Non-Application Layer Protocol | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 12 Exploitation for Client Execution | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 12 Scripting | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Ingress Tool Transfer | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
27% | Virustotal | Browse | ||
18% | ReversingLabs | Script-Macro.Trojan.Amphitryon | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.8.146.139 | unknown | Russian Federation | 44676 | VMAGE-ASRU | false |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 682606 |
Start date and time: | 2022-08-11 19:04:30 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | valliant.document.08.11.2022.doc |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Run name: | Without Instrumentation |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.expl.winDOC@1/6@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, svchost.exe
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\-f[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 201 |
Entropy (8bit): | 5.120826232488609 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3LZKCezocKqD:J0+oxBeRmR9etdzRxLFez1T |
MD5: | 33A7649A487B43D650E4D478C96E4588 |
SHA1: | F10EA1CC461B73EEE86CBE992CC4724F7B4C5175 |
SHA-256: | 469501F44D054081AD49D1D0AB0B8031ECCE6986D17D346CC39DFB7BCF327F76 |
SHA-512: | 24CDCCA259970B669949BD197AA55FD6E05D91B53A05984D3EBB3B219B6D26BDD67165967F1C8960D55E517D7AC46E1E515DD6E5C45DE4923F2FB1B1A98BCF22 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 201 |
Entropy (8bit): | 5.120826232488609 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3LZKCezocKqD:J0+oxBeRmR9etdzRxLFez1T |
MD5: | 33A7649A487B43D650E4D478C96E4588 |
SHA1: | F10EA1CC461B73EEE86CBE992CC4724F7B4C5175 |
SHA-256: | 469501F44D054081AD49D1D0AB0B8031ECCE6986D17D346CC39DFB7BCF327F76 |
SHA-512: | 24CDCCA259970B669949BD197AA55FD6E05D91B53A05984D3EBB3B219B6D26BDD67165967F1C8960D55E517D7AC46E1E515DD6E5C45DE4923F2FB1B1A98BCF22 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 107 |
Entropy (8bit): | 4.673221101791497 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlLWRBKHIALRlj9omX10JFRBKHIALRlj9ov:bCAeB7ALr9IbB7ALr9y |
MD5: | 2135B655295683DA0D22CC6878E83DDE |
SHA1: | EA560ECC587FEA774ACEA061F176B6A5698001CF |
SHA-256: | 3780877B180EE7F306F8141657DA6AD4F3C93B3866521397CC4F36A5472E94DC |
SHA-512: | 7C680FB5839D5025F6D5DA2AFF60D7293666F72CC8C8ADB2999FE72D2897A8C8C780EBCF8AAC6C8C18838589F5D2E407C858C826D45B3CA412044880F53AFFAE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1104 |
Entropy (8bit): | 4.548778185539719 |
Encrypted: | false |
SSDEEP: | 12:8Pq5gXg/XAlCPCHaXRBktB/zxkpX+WKcf/xgiO0Oicvb2B789jH0IDtZ3YilMMEO:8y/XThOxqX/xfZe689dDv3q+Au7D |
MD5: | 8DB1D365F8053FFD5CAA7D3BDE115D22 |
SHA1: | DCAA23670EBE8171DDAD3C81BB841755927ED042 |
SHA-256: | F9C92DDE1225902A5C0B44EA1BA248225B3E71DB4C668632852CC701476627A1 |
SHA-512: | 2E8845E0923FE2ADE624245E6AFB34C717BEB236D982BF4C62B0854A9C76F49AE9548283C2A401DABA5BFF7E83CCE6DCFA3E0ECEB8E47EEFECB5B35ACF2009E1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyaJybdJylp2bG/WWNJbilFGUld/ln:vdsCkWtz8Oz2q/rViXdH/l |
MD5: | 7CFA404FD881AF8DF49EA584FE153C61 |
SHA1: | 32D9BF92626B77999E5E44780BF24130F3D23D66 |
SHA-256: | 248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7 |
SHA-512: | F7CEC1177D4FF3F84F6F2A2A702E96713322AA56C628B49F728CD608E880255DA3EF412DE15BB58DF66D65560C03E68BA2A0DD6FDFA533BC9E428B0637562AEA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyaJybdJylp2bG/WWNJbilFGUld/ln:vdsCkWtz8Oz2q/rViXdH/l |
MD5: | 7CFA404FD881AF8DF49EA584FE153C61 |
SHA1: | 32D9BF92626B77999E5E44780BF24130F3D23D66 |
SHA-256: | 248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7 |
SHA-512: | F7CEC1177D4FF3F84F6F2A2A702E96713322AA56C628B49F728CD608E880255DA3EF412DE15BB58DF66D65560C03E68BA2A0DD6FDFA533BC9E428B0637562AEA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.993464543538008 |
TrID: |
|
File name: | valliant.document.08.11.2022.doc |
File size: | 2316502 |
MD5: | cadb9d5ed47b8df81a2addefed302a03 |
SHA1: | f7197fa991510f99f25af2b502c40d3b48d1abbc |
SHA256: | 9cb01729327bd958e32aa9481d5a81303627ab7a59b9ae134fb6600ef4e5b680 |
SHA512: | 1b5ed9721c8d1aed9d09a850cb43afd6d756bbf6957ca6d8321c1fb5ea89a88a448f0aaa60348a70e30eda299c554619961c89b12888ea2ad6a6a5d058a54b07 |
SSDEEP: | 49152:7t3L6IYFlSbzCFelOb0h5CZTsXG97qRbET6DLZ6dGbrG5j:BPYYgelO9T6G97qVg6DLZ6dGbyh |
TLSH: | 6DB533ED89E8E561F1433E32380557F3A45410D6EA5AC84A30C6FFC197962BB36E4F92 |
File Content Preview: | PK..........!..U~............._rels/.rels...J.@............4.E..D.....$....T..w-..j........|.zs..z..z.*X.%(v......6O.{PI........`S__._x .C..CR....:....t..R......hI.3..H.Q..*.;..=..y... n.......yo.......[vrf..A..6..3[.>_...-K....\NH!....<..r...E.B..P...<_. |
Icon Hash: | e4eea2aaa4b4b4a4 |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
General | |
Stream Path: | VBA/ThisDocument |
VBA File Name: | ThisDocument.cls |
Stream Size: | 2826 |
Data ASCII: | . . A t t r i b u t . e V B _ N a m . e = " T h i . s D o c u m e n . t " . . . B a s . . 1 N o r m a l . . . V G l o b a l ! . S p a c . l F a . l s e . J C r e a . t a b l . . P r e d e c l a . . I d . . # T r u . " E x p . o s e . . T e m p . l a t e D e r i . v . $ C u s t o m l i z C . P . . . . . D . ? P t r S a . f e F u n c t . i o n > . . . . . . . . . L . i b " u s e r . 3 2 " A l i a . s " S e t T i . m e r " ( B y 8 V a l . . . . A s L o n g . , . . . . 3 . 9 . . |
Data Raw: | 01 fa b4 00 41 74 74 72 69 62 75 74 00 65 20 56 42 5f 4e 61 6d 00 65 20 3d 20 22 54 68 69 00 73 44 6f 63 75 6d 65 6e 10 74 22 0d 0a 0a 8c 42 61 73 01 02 8c 31 4e 6f 72 6d 61 6c 02 2e 19 56 47 6c 6f 62 61 6c 21 01 aa 53 70 61 63 01 6c 46 61 08 6c 73 65 0c 4a 43 72 65 61 10 74 61 62 6c 15 1f 50 72 65 20 64 65 63 6c 61 00 06 49 64 11 00 23 54 72 75 0d 22 45 78 70 08 6f 73 65 14 1c 54 |
|
General | |
Stream Path: | PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 369 |
Entropy: | 5.261233037013654 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 8 B 8 0 C 6 E 6 - B 7 5 8 - 4 1 8 F - A 2 4 D - 0 6 C 5 2 D 3 9 3 F 8 5 } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 0 5 0 7 D 9 E 6 D B E F D F E F D F E F D F E F D F " . . D P B = " 0 A 0 8 D 6 E 1 D A E 2 D A E 2 D A " . . G C = " 0 F 0 D D 3 E C D D F 4 E 3 F 5 E 3 F 5 1 C " . . . . [ H o s t E x t e n d e r I n f |
Data Raw: | 49 44 3d 22 7b 38 42 38 30 43 36 45 36 2d 42 37 35 38 2d 34 31 38 46 2d 41 32 34 44 2d 30 36 43 35 32 44 33 39 33 46 38 35 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 65 72 73 69 6f 6e 43 6f 6d 70 61 74 69 |
General | |
Stream Path: | PROJECTwm |
File Type: | data |
Stream Size: | 41 |
Entropy: | 3.0773844850752607 |
Base64 Encoded: | False |
Data ASCII: | T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . . . |
Data Raw: | 54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 00 00 |
General | |
Stream Path: | VBA/_VBA_PROJECT |
File Type: | ISO-8859 text, with no line terminators |
Stream Size: | 7 |
Entropy: | 1.8423709931771088 |
Base64 Encoded: | False |
Data ASCII: | a . . . |
Data Raw: | cc 61 ff ff 00 00 00 |
General | |
Stream Path: | VBA/__SRP_2 |
File Type: | data |
Stream Size: | 5100 |
Entropy: | 1.9259173726592043 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . " . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 22 00 1f 00 00 00 00 00 01 00 01 00 00 00 01 00 71 07 00 00 00 00 00 00 00 00 00 00 a1 07 00 00 00 00 00 00 00 00 00 00 d1 07 |
General | |
Stream Path: | VBA/__SRP_3 |
File Type: | data |
Stream Size: | 2724 |
Entropy: | 2.7004238887086345 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . ` . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . , . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . Q . P . . . . . . . . . . . . . \\ . . p |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 60 00 c1 08 00 00 00 00 00 00 00 00 00 00 00 00 04 70 10 00 fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
General | |
Stream Path: | VBA/dir |
File Type: | data |
Stream Size: | 486 |
Entropy: | 6.3067050501427175 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . 0 . . . . . . H . . . . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . l . . . . . . . . @ d - . . . " . < . . . . r s t d o . l e > . . s . t . . d . o . l . e . ( . . h . . ^ . . * \\ . G { 0 0 0 2 0 4 3 0 - . . . . C . . . . . 4 6 } # 2 . 0 # . 0 # C : \\ W i n . d o w s \\ s y s @ t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t . i o n . E N o r ( m a l E N C r . m . a F . . c E C . . . . . m . ! O f f i c g O . f . i . c g . . g 2 D F 8 D 0 . 4 C - 5 B F A - |
Data Raw: | 01 e2 b1 80 01 00 04 00 00 00 03 00 30 aa 02 02 90 09 00 20 14 06 48 03 00 a8 80 00 00 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 00 08 06 12 09 02 12 80 d3 40 f4 64 2d 00 0c 02 22 0a 3c 02 0a 16 02 72 73 74 64 6f 08 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 00 28 0d 00 68 00 11 5e 00 03 2a 5c 00 47 7b 30 30 30 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 11, 2022 19:09:40.824311972 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 19:09:40.927889109 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 19:09:40.928020954 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 19:09:40.928749084 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 19:09:41.031919956 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 19:09:41.050225019 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 19:09:41.050380945 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
Aug 11, 2022 19:09:46.056094885 CEST | 80 | 49171 | 45.8.146.139 | 192.168.2.22 |
Aug 11, 2022 19:09:46.056456089 CEST | 49171 | 80 | 192.168.2.22 | 45.8.146.139 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49171 | 45.8.146.139 | 80 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Aug 11, 2022 19:09:40.928749084 CEST | 0 | OUT | |
Aug 11, 2022 19:09:41.050225019 CEST | 1 | IN |
Target ID: | 0 |
Start time: | 19:10:11 |
Start date: | 11/08/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13ffb0000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |