Edit tour
Windows
Analysis Report
https://www.bnaminexg.com/Invoice-yetdr.zip
Overview
General Information
| Sample URL: | https://www.bnaminexg.com/Invoice-yetdr.zip |
| Analysis ID: | 1467155 |
| Infos: |   |
 | |
Detection
| Score: | 76 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Yara detected VBS Downloader Generic
Downloads suspicious files via Chrome
Loading BitLocker PowerShell Module
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: Suspicious Script Execution From Temp Folder
Suspicious execution chain found
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: PowerShell Script Run in AppData
Classification
- System is w10x64
chrome.exe (PID: 3184 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 2996 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2036 --fi eld-trial- handle=193 6,i,141027 3495351018 0185,65570 3732774991 9800,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) 
unarchiver.exe (PID: 424 cmdline: "C:\Window s\SysWOW64 \unarchive r.exe" "C: \Users\use r\Download s\Invoice- yetdr.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2) - 7za.exe (PID: 4052 cmdline:
"C:\Window s\System32 \7za.exe" x -pinfect ed -y -o"C :\Users\us er\AppData \Local\Tem p\vqyu22il .thm" "C:\ Users\user \Downloads \Invoice-y etdr.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C) 
conhost.exe (PID: 2740 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5612 cmdline:
"cmd.exe" /c powersh ell.exe -e x bypass - command Mo unt-DiskIm age -Image Path "C:\U sers\user\ AppData\Lo cal\Temp\v qyu22il.th m\Invoice- yetdr.img" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 2032 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
powershell.exe (PID: 2620 cmdline: powershell .exe -ex b ypass -com mand Mount -DiskImage -ImagePat h "C:\User s\user\App Data\Local \Temp\vqyu 22il.thm\I nvoice-yet dr.img" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) - notepad.exe (PID: 2828 cmdline:
"C:\Window s\system32 \NOTEPAD.E XE" D:\aut orun.inf MD5: E92D3A824A0578A50D2DD81B5060145F)
- chrome.exe (PID: 4420 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://www.b naminexg.c om/Invoice -yetdr.zip " MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_VBS_Downloader_Generic | Yara detected VBS Downloader Generic | Joe Security |
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): | ||
| Source: | Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: | ||
| Source: | Author: Florian Roth (Nextron Systems), Jonhnathan Ribeiro, oscd.community: | ||
| Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): | ||
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Spreading | |
|---|
| Source: | File source: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Software Vulnerabilities | |
|---|
| Source: | Child: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | File dump: | Jump to dropped file | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Code function: | 5_2_0132B1D6 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 1 Replication Through Removable Media | 1 Exploitation for Client Execution | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Peripheral Device Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 13 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | malware |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bnaminexg.com | 162.210.199.135 | true | false | unknown | |
| www.google.com | 142.250.184.228 | true | false | unknown | |
| www.bnaminexg.com | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
| 162.210.199.135 | bnaminexg.com | United States | 30633 | LEASEWEB-USA-WDCUS | false | |
| 142.250.184.228 | www.google.com | United States | 15169 | GOOGLEUS | false |
| IP |
|---|
| 192.168.2.6 |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1467155 |
| Start date and time: | 2024-07-03 19:21:52 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 28s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | browseurl.jbs |
| Sample URL: | https://www.bnaminexg.com/Invoice-yetdr.zip |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 2 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal76.spre.expl.win@30/12@4/4 |
| EGA Information: |
|
| HCA Information: |
|
- Exclude process from analysis (whitelisted): vhdmp.sys, dllhost.exe, WMIADAP.exe, SIHClient.exe, fsdepends.sys, svchost.exe
- Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.185.174, 64.233.166.84, 34.104.35.123, 192.229.221.95, 199.232.214.172, 142.250.185.67
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://www.bnaminexg.com/Invoice-yetdr.zip
| Time | Type | Description |
|---|---|---|
| 13:22:54 | API Interceptor | |
| 13:23:26 | API Interceptor |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2316 |
| Entropy (8bit): | 5.371915725961079 |
| Encrypted: | false |
| SSDEEP: | 48:rNyvWSU4y4RQmFoUeWmfgZ9tK8NPCSHcj7u1iMLgeRwHU2lfcW+lh3:JwLHyIFKL3IZ2KqS8jOLgiyll0W+X |
| MD5: | B5FAEA7B6DF2BB99A63DA8B820FEA9A6 |
| SHA1: | C9B466D9EAFD81BDD0573FF9F24DD0BC17321222 |
| SHA-256: | 095EF4EF2856338BCA4D62380954FAB59F632DEA3EC991522F985568D1483683 |
| SHA-512: | A55014BA17647F733355F077D07F7515FC4C5257A9A8FD5660AFF7B3BF0EAE999B89AE0E437F73AEB2286E484343F6BC6C3872C540817EF1DEFA13EE968E2609 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.038920595031593 |
| Encrypted: | false |
| SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
| MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
| SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
| SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
| SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\unarchiver.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2959 |
| Entropy (8bit): | 5.022918788943039 |
| Encrypted: | false |
| SSDEEP: | 48:+N6G9Gb9G9Gp3GQIG9GpKGbrGxGlGe+GEcG9G0G9GhG+ZXb/PG9G9GycGBLGa8Gm:+V+HFg8nE |
| MD5: | 30D06CC848D46FF02F7FD4FFD1A3523A |
| SHA1: | 31BC5F0A033874B8D112DCD025BB8C9B6D07285A |
| SHA-256: | 30520BA1CE387887A8DB1547DF3DAEBC91A50D91A2B30924CB26BF1F81B6BFEF |
| SHA-512: | 66D293C9EDCF190178EA2161430B7435B428BC6A05EAD71A6F4A916D883B4DEC3CBC7211187CCA23C0ECD8129DB749A5B2D5E86EEC82FE25F7F6C9E134B39F54 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\7za.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1245184 |
| Entropy (8bit): | 0.2169424580643057 |
| Encrypted: | false |
| SSDEEP: | 768:bg/Is5zAAJAVZFay4c+n2/0LKj1LnUAlX485awqhk:cwmzALZFay4c+n2cLKxLnb7qhk |
| MD5: | 64DCC2BB66F6450412E78430228AEEDE |
| SHA1: | 9427E6557781BE0BA3510183BAF8C2F4B3888603 |
| SHA-256: | 8DCC4F9F8D9412950C10C2CBBEE463F85AE0DE5F8E62E0F855BBC2739E73D90D |
| SHA-512: | 1FA88D58C7158BAB72FEDACA9967430EF9128EAEB234657D563AE9A5C5DAC30F400DE7934FECAE8DF8FD74738F0386EB7326D58A64C2798D4BB541904034CB85 |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10969 |
| Entropy (8bit): | 7.494414953479185 |
| Encrypted: | false |
| SSDEEP: | 192:ZBjozCKnmGt60B4V0Vsh9xX7AOaO/Yw4vzSliYDiuJxHq6gtXxMB5Qm:ZmVv6cVsh9FNaO/Yjq7P6NXxA6m |
| MD5: | AF97EA764AB3719CE4410BE794CE9700 |
| SHA1: | 6C77222A3C25A7A18E31DC951699B5691F79464D |
| SHA-256: | 57509FEF665EE4F7E331DBC8ABA5D93682CA61ADC155F7E5E58CCC6A7F3FCAAD |
| SHA-512: | 6B6F433A4D8FBA63FBA46E1F37023F11886650C58BC78205679C1439069BCCA847299E70346F5F8C4D14E87472BFFDB669E6F3B2D38E98D310BFEA6A7F6FB46E |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10969 |
| Entropy (8bit): | 7.494414953479185 |
| Encrypted: | false |
| SSDEEP: | 192:ZBjozCKnmGt60B4V0Vsh9xX7AOaO/Yw4vzSliYDiuJxHq6gtXxMB5Qm:ZmVv6cVsh9FNaO/Yjq7P6NXxA6m |
| MD5: | AF97EA764AB3719CE4410BE794CE9700 |
| SHA1: | 6C77222A3C25A7A18E31DC951699B5691F79464D |
| SHA-256: | 57509FEF665EE4F7E331DBC8ABA5D93682CA61ADC155F7E5E58CCC6A7F3FCAAD |
| SHA-512: | 6B6F433A4D8FBA63FBA46E1F37023F11886650C58BC78205679C1439069BCCA847299E70346F5F8C4D14E87472BFFDB669E6F3B2D38E98D310BFEA6A7F6FB46E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 10969 |
| Entropy (8bit): | 7.494414953479185 |
| Encrypted: | false |
| SSDEEP: | 192:ZBjozCKnmGt60B4V0Vsh9xX7AOaO/Yw4vzSliYDiuJxHq6gtXxMB5Qm:ZmVv6cVsh9FNaO/Yjq7P6NXxA6m |
| MD5: | AF97EA764AB3719CE4410BE794CE9700 |
| SHA1: | 6C77222A3C25A7A18E31DC951699B5691F79464D |
| SHA-256: | 57509FEF665EE4F7E331DBC8ABA5D93682CA61ADC155F7E5E58CCC6A7F3FCAAD |
| SHA-512: | 6B6F433A4D8FBA63FBA46E1F37023F11886650C58BC78205679C1439069BCCA847299E70346F5F8C4D14E87472BFFDB669E6F3B2D38E98D310BFEA6A7F6FB46E |
| Malicious: | false |
| Reputation: | low |
| URL: | https://www.bnaminexg.com/Invoice-yetdr.zip |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 39480 |
| Entropy (8bit): | 3.5308387198196156 |
| Encrypted: | false |
| SSDEEP: | 768:Y/Is5zAAJAVZFay4c+n2/0LKj1LnUAlX485awqhkC:YwmzALZFay4c+n2cLKxLnb7qhkC |
| MD5: | 8D7BE07DCCBCE475730BA1D70A69E076 |
| SHA1: | E6EBAC1A816B5B8328AE311F2A3945C5370E1A1D |
| SHA-256: | 67FC3C64DD2897E1BD6F15F70955104F428A66232A49174D6025F3F80AC9CF21 |
| SHA-512: | 967C6BD62610D21F7CA096A48726C57BCA8906D207F59D4944371074927B570B77335A7975BCC288377B39E9907CCF190AD50C2D4A9D83F2182818C38468DDE0 |
| Malicious: | true |
| Yara Hits: |
|
| Reputation: | low |
| Preview: |
⊘No static file info
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 3, 2024 19:22:38.252749920 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
| Jul 3, 2024 19:22:38.252749920 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
| Jul 3, 2024 19:22:38.565201998 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
| Jul 3, 2024 19:22:47.463922024 CEST | 49713 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:47.463937044 CEST | 443 | 49713 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:47.464005947 CEST | 49713 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:47.465025902 CEST | 49713 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:47.465034008 CEST | 443 | 49713 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:47.938443899 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
| Jul 3, 2024 19:22:47.938499928 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
| Jul 3, 2024 19:22:48.235301018 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
| Jul 3, 2024 19:22:48.253787994 CEST | 443 | 49713 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:48.253858089 CEST | 49713 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:48.259815931 CEST | 49713 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:48.259826899 CEST | 443 | 49713 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:48.260133982 CEST | 443 | 49713 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:48.262079954 CEST | 49713 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:48.262176991 CEST | 49713 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:48.262183905 CEST | 443 | 49713 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:48.262342930 CEST | 49713 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:48.308490992 CEST | 443 | 49713 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:48.441526890 CEST | 443 | 49713 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:48.442703009 CEST | 49713 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:48.442719936 CEST | 443 | 49713 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:48.442832947 CEST | 49713 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:49.365536928 CEST | 49716 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.365576029 CEST | 443 | 49716 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.365642071 CEST | 49716 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.365936995 CEST | 49716 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.365945101 CEST | 443 | 49716 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.366467953 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.366498947 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.366555929 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.366777897 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.366790056 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.872126102 CEST | 443 | 49705 | 173.222.162.64 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.872209072 CEST | 49705 | 443 | 192.168.2.6 | 173.222.162.64 |
| Jul 3, 2024 19:22:49.921037912 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.921902895 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.921917915 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.922913074 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.922977924 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.939188957 CEST | 443 | 49716 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.959563017 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.959728003 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.959739923 CEST | 49716 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.959759951 CEST | 443 | 49716 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.960011959 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.960028887 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.961042881 CEST | 443 | 49716 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.961091995 CEST | 49716 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.961427927 CEST | 49716 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:49.961482048 CEST | 443 | 49716 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:50.004048109 CEST | 49716 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:50.004072905 CEST | 443 | 49716 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:50.004777908 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:50.048492908 CEST | 49716 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:50.061183929 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:50.061217070 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:50.061224937 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:50.061274052 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:50.061296940 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:50.061306000 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:50.061333895 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:50.061343908 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:50.061369896 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:50.110419989 CEST | 49717 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:22:50.110449076 CEST | 443 | 49717 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:22:51.346970081 CEST | 49720 | 443 | 192.168.2.6 | 142.250.184.228 |
| Jul 3, 2024 19:22:51.347003937 CEST | 443 | 49720 | 142.250.184.228 | 192.168.2.6 |
| Jul 3, 2024 19:22:51.347124100 CEST | 49720 | 443 | 192.168.2.6 | 142.250.184.228 |
| Jul 3, 2024 19:22:51.347723007 CEST | 49720 | 443 | 192.168.2.6 | 142.250.184.228 |
| Jul 3, 2024 19:22:51.347740889 CEST | 443 | 49720 | 142.250.184.228 | 192.168.2.6 |
| Jul 3, 2024 19:22:52.003861904 CEST | 443 | 49720 | 142.250.184.228 | 192.168.2.6 |
| Jul 3, 2024 19:22:52.007992983 CEST | 49720 | 443 | 192.168.2.6 | 142.250.184.228 |
| Jul 3, 2024 19:22:52.008012056 CEST | 443 | 49720 | 142.250.184.228 | 192.168.2.6 |
| Jul 3, 2024 19:22:52.009021044 CEST | 443 | 49720 | 142.250.184.228 | 192.168.2.6 |
| Jul 3, 2024 19:22:52.009341002 CEST | 49720 | 443 | 192.168.2.6 | 142.250.184.228 |
| Jul 3, 2024 19:22:52.031497002 CEST | 49720 | 443 | 192.168.2.6 | 142.250.184.228 |
| Jul 3, 2024 19:22:52.031615973 CEST | 443 | 49720 | 142.250.184.228 | 192.168.2.6 |
| Jul 3, 2024 19:22:52.083498001 CEST | 49720 | 443 | 192.168.2.6 | 142.250.184.228 |
| Jul 3, 2024 19:22:52.083512068 CEST | 443 | 49720 | 142.250.184.228 | 192.168.2.6 |
| Jul 3, 2024 19:22:52.131000996 CEST | 49720 | 443 | 192.168.2.6 | 142.250.184.228 |
| Jul 3, 2024 19:22:52.168598890 CEST | 49722 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:52.168633938 CEST | 443 | 49722 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:52.168752909 CEST | 49722 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:52.172071934 CEST | 49722 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:52.172091007 CEST | 443 | 49722 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:52.876991034 CEST | 443 | 49722 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:52.877079964 CEST | 49722 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:52.883697033 CEST | 49722 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:52.883704901 CEST | 443 | 49722 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:52.883985996 CEST | 443 | 49722 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:52.924266100 CEST | 49722 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:52.980840921 CEST | 49722 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:53.024511099 CEST | 443 | 49722 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:53.347124100 CEST | 443 | 49722 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:53.347183943 CEST | 443 | 49722 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:53.347321033 CEST | 49722 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:53.347321033 CEST | 49722 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:53.347343922 CEST | 443 | 49722 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:53.347369909 CEST | 49722 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:53.347376108 CEST | 443 | 49722 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:53.438611984 CEST | 49723 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:53.438653946 CEST | 443 | 49723 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:53.438798904 CEST | 49723 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:53.439502001 CEST | 49723 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:53.439517021 CEST | 443 | 49723 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:54.345626116 CEST | 443 | 49723 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:54.345777988 CEST | 49723 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:54.375518084 CEST | 49723 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:54.375540018 CEST | 443 | 49723 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:54.375837088 CEST | 443 | 49723 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:54.381642103 CEST | 49723 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:54.428494930 CEST | 443 | 49723 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:54.641280890 CEST | 443 | 49723 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:54.641340971 CEST | 443 | 49723 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:54.641525984 CEST | 49723 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:54.759579897 CEST | 49723 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:54.759602070 CEST | 443 | 49723 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:54.759614944 CEST | 49723 | 443 | 192.168.2.6 | 2.18.97.153 |
| Jul 3, 2024 19:22:54.759622097 CEST | 443 | 49723 | 2.18.97.153 | 192.168.2.6 |
| Jul 3, 2024 19:22:56.293463945 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:56.293529987 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:56.293601036 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:56.294610023 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:56.294625998 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:57.417035103 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:57.417120934 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:57.419037104 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:57.419048071 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:57.419286966 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:57.421401978 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:57.421482086 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:57.421487093 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:57.421622038 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:57.464512110 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:57.598169088 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:57.598370075 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:57.598436117 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:57.598695040 CEST | 49724 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:22:57.598711014 CEST | 443 | 49724 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:22:58.473958015 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:58.473993063 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:58.474123955 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:58.475987911 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:58.476006031 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.467226028 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.467298031 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:59.469687939 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:59.469701052 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.469969034 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.509866953 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:59.693676949 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:59.736504078 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.959856033 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.959880114 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.959887028 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.959903955 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.959940910 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.959953070 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:59.959968090 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.959981918 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:59.960005045 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:59.960300922 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.960360050 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:59.960366011 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.960752964 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.960803986 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:59.985167027 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:59.985183001 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:22:59.985199928 CEST | 49725 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:22:59.985204935 CEST | 443 | 49725 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:01.921587944 CEST | 443 | 49720 | 142.250.184.228 | 192.168.2.6 |
| Jul 3, 2024 19:23:01.921662092 CEST | 443 | 49720 | 142.250.184.228 | 192.168.2.6 |
| Jul 3, 2024 19:23:01.921724081 CEST | 49720 | 443 | 192.168.2.6 | 142.250.184.228 |
| Jul 3, 2024 19:23:02.285671949 CEST | 59275 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jul 3, 2024 19:23:02.290513992 CEST | 53 | 59275 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:23:02.290647984 CEST | 59275 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jul 3, 2024 19:23:02.295449018 CEST | 53 | 59275 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:23:02.739659071 CEST | 59275 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jul 3, 2024 19:23:02.745341063 CEST | 53 | 59275 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:23:02.745687962 CEST | 59275 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jul 3, 2024 19:23:03.879170895 CEST | 49720 | 443 | 192.168.2.6 | 142.250.184.228 |
| Jul 3, 2024 19:23:03.879204988 CEST | 443 | 49720 | 142.250.184.228 | 192.168.2.6 |
| Jul 3, 2024 19:23:10.052567959 CEST | 443 | 49716 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:23:10.052639008 CEST | 443 | 49716 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:23:10.052702904 CEST | 49716 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:23:11.870388031 CEST | 59276 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:11.870433092 CEST | 443 | 59276 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:11.870500088 CEST | 59276 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:11.871124029 CEST | 59276 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:11.871138096 CEST | 443 | 59276 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:11.878305912 CEST | 49716 | 443 | 192.168.2.6 | 162.210.199.135 |
| Jul 3, 2024 19:23:11.878320932 CEST | 443 | 49716 | 162.210.199.135 | 192.168.2.6 |
| Jul 3, 2024 19:23:12.705756903 CEST | 443 | 59276 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:12.705883026 CEST | 59276 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:12.710864067 CEST | 59276 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:12.710875988 CEST | 443 | 59276 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:12.711102009 CEST | 443 | 59276 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:12.712948084 CEST | 59276 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:12.713124990 CEST | 59276 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:12.713124990 CEST | 59276 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:12.713130951 CEST | 443 | 59276 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:12.756500959 CEST | 443 | 59276 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:12.888523102 CEST | 443 | 59276 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:12.888607025 CEST | 443 | 59276 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:12.888901949 CEST | 59276 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:12.891535997 CEST | 59276 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:12.891549110 CEST | 443 | 59276 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:28.868741989 CEST | 59277 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:28.868848085 CEST | 443 | 59277 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:28.869075060 CEST | 59277 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:28.871571064 CEST | 59277 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:28.871604919 CEST | 443 | 59277 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:29.684752941 CEST | 443 | 59277 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:29.684865952 CEST | 59277 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:29.689166069 CEST | 59277 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:29.689203978 CEST | 443 | 59277 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:29.689479113 CEST | 443 | 59277 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:29.694536924 CEST | 59277 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:29.698165894 CEST | 59277 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:29.698184013 CEST | 443 | 59277 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:29.698338032 CEST | 59277 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:29.744507074 CEST | 443 | 59277 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:29.874139071 CEST | 443 | 59277 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:29.874340057 CEST | 443 | 59277 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:29.874409914 CEST | 59277 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:29.874512911 CEST | 59277 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:29.874569893 CEST | 443 | 59277 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:38.912954092 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:38.912987947 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:38.913145065 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:38.913439989 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:38.913455963 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:39.788748980 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:39.788836002 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:39.790622950 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:39.790632963 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:39.790970087 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:39.800419092 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:39.844497919 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:40.116544962 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:40.116571903 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:40.116588116 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:40.116657972 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:40.116694927 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:40.116759062 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:40.116873980 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:40.116914988 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:40.116944075 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:40.116947889 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:40.116974115 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:40.117753983 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:40.117822886 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:40.121948957 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:40.121969938 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:40.121980906 CEST | 59278 | 443 | 192.168.2.6 | 40.127.169.103 |
| Jul 3, 2024 19:23:40.121985912 CEST | 443 | 59278 | 40.127.169.103 | 192.168.2.6 |
| Jul 3, 2024 19:23:54.604024887 CEST | 59280 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:54.604062080 CEST | 443 | 59280 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:54.604144096 CEST | 59280 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:54.604737043 CEST | 59280 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:54.604752064 CEST | 443 | 59280 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:55.422935963 CEST | 443 | 59280 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:55.423024893 CEST | 59280 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:55.425259113 CEST | 59280 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:55.425270081 CEST | 443 | 59280 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:55.425497055 CEST | 443 | 59280 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:55.427391052 CEST | 59280 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:55.427465916 CEST | 59280 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:55.427472115 CEST | 443 | 59280 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:55.427597046 CEST | 59280 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:55.472501040 CEST | 443 | 59280 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:55.601890087 CEST | 443 | 59280 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:55.601979017 CEST | 443 | 59280 | 40.115.3.253 | 192.168.2.6 |
| Jul 3, 2024 19:23:55.602057934 CEST | 59280 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:55.612879038 CEST | 59280 | 443 | 192.168.2.6 | 40.115.3.253 |
| Jul 3, 2024 19:23:55.612900019 CEST | 443 | 59280 | 40.115.3.253 | 192.168.2.6 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 3, 2024 19:22:47.385581970 CEST | 53 | 58923 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:22:47.447639942 CEST | 53 | 50484 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:22:48.447303057 CEST | 53 | 64249 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:22:48.976356030 CEST | 64718 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jul 3, 2024 19:22:48.976557016 CEST | 51751 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jul 3, 2024 19:22:49.362898111 CEST | 53 | 51751 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:22:49.364818096 CEST | 53 | 64718 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:22:51.336572886 CEST | 56412 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jul 3, 2024 19:22:51.336572886 CEST | 53079 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jul 3, 2024 19:22:51.343621016 CEST | 53 | 56412 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:22:51.344239950 CEST | 53 | 53079 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:23:02.285170078 CEST | 53 | 52848 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:23:05.503540039 CEST | 53 | 53170 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:23:24.246593952 CEST | 53 | 51975 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:23:46.904511929 CEST | 53 | 58717 | 1.1.1.1 | 192.168.2.6 |
| Jul 3, 2024 19:23:46.908826113 CEST | 53 | 59609 | 1.1.1.1 | 192.168.2.6 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jul 3, 2024 19:22:48.976356030 CEST | 192.168.2.6 | 1.1.1.1 | 0x2ca2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 3, 2024 19:22:48.976557016 CEST | 192.168.2.6 | 1.1.1.1 | 0x865a | Standard query (0) | 65 | IN (0x0001) | false | |
| Jul 3, 2024 19:22:51.336572886 CEST | 192.168.2.6 | 1.1.1.1 | 0x3d69 | Standard query (0) | 65 | IN (0x0001) | false | |
| Jul 3, 2024 19:22:51.336572886 CEST | 192.168.2.6 | 1.1.1.1 | 0x9b58 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jul 3, 2024 19:22:49.362898111 CEST | 1.1.1.1 | 192.168.2.6 | 0x865a | No error (0) | bnaminexg.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jul 3, 2024 19:22:49.364818096 CEST | 1.1.1.1 | 192.168.2.6 | 0x2ca2 | No error (0) | bnaminexg.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jul 3, 2024 19:22:49.364818096 CEST | 1.1.1.1 | 192.168.2.6 | 0x2ca2 | No error (0) | 162.210.199.135 | A (IP address) | IN (0x0001) | false | ||
| Jul 3, 2024 19:22:51.343621016 CEST | 1.1.1.1 | 192.168.2.6 | 0x3d69 | No error (0) | 65 | IN (0x0001) | false | |||
| Jul 3, 2024 19:22:51.344239950 CEST | 1.1.1.1 | 192.168.2.6 | 0x9b58 | No error (0) | 142.250.184.228 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 0 | 192.168.2.6 | 49713 | 40.115.3.253 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-03 17:22:48 UTC | 71 | OUT | |
| 2024-07-03 17:22:48 UTC | 249 | OUT | |
| 2024-07-03 17:22:48 UTC | 1064 | OUT | |
| 2024-07-03 17:22:48 UTC | 218 | OUT | |
| 2024-07-03 17:22:48 UTC | 14 | IN | |
| 2024-07-03 17:22:48 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.6 | 49717 | 162.210.199.135 | 443 | 2996 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-03 17:22:49 UTC | 677 | OUT | |
| 2024-07-03 17:22:50 UTC | 213 | IN | |
| 2024-07-03 17:22:50 UTC | 7979 | IN | |
| 2024-07-03 17:22:50 UTC | 2990 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.6 | 49722 | 2.18.97.153 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-03 17:22:52 UTC | 161 | OUT | |
| 2024-07-03 17:22:53 UTC | 466 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.6 | 49723 | 2.18.97.153 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-03 17:22:54 UTC | 239 | OUT | |
| 2024-07-03 17:22:54 UTC | 534 | IN | |
| 2024-07-03 17:22:54 UTC | 55 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 4 | 192.168.2.6 | 49724 | 40.115.3.253 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-03 17:22:57 UTC | 71 | OUT | |
| 2024-07-03 17:22:57 UTC | 249 | OUT | |
| 2024-07-03 17:22:57 UTC | 1064 | OUT | |
| 2024-07-03 17:22:57 UTC | 218 | OUT | |
| 2024-07-03 17:22:57 UTC | 14 | IN | |
| 2024-07-03 17:22:57 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.6 | 49725 | 40.127.169.103 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-03 17:22:59 UTC | 306 | OUT | |
| 2024-07-03 17:22:59 UTC | 560 | IN | |
| 2024-07-03 17:22:59 UTC | 15824 | IN | |
| 2024-07-03 17:22:59 UTC | 8666 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 6 | 192.168.2.6 | 59276 | 40.115.3.253 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-03 17:23:12 UTC | 71 | OUT | |
| 2024-07-03 17:23:12 UTC | 249 | OUT | |
| 2024-07-03 17:23:12 UTC | 1064 | OUT | |
| 2024-07-03 17:23:12 UTC | 218 | OUT | |
| 2024-07-03 17:23:12 UTC | 14 | IN | |
| 2024-07-03 17:23:12 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 7 | 192.168.2.6 | 59277 | 40.115.3.253 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-03 17:23:29 UTC | 71 | OUT | |
| 2024-07-03 17:23:29 UTC | 249 | OUT | |
| 2024-07-03 17:23:29 UTC | 1064 | OUT | |
| 2024-07-03 17:23:29 UTC | 218 | OUT | |
| 2024-07-03 17:23:29 UTC | 14 | IN | |
| 2024-07-03 17:23:29 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.6 | 59278 | 40.127.169.103 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-03 17:23:39 UTC | 306 | OUT | |
| 2024-07-03 17:23:40 UTC | 560 | IN | |
| 2024-07-03 17:23:40 UTC | 15824 | IN | |
| 2024-07-03 17:23:40 UTC | 14181 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 9 | 192.168.2.6 | 59280 | 40.115.3.253 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-03 17:23:55 UTC | 71 | OUT | |
| 2024-07-03 17:23:55 UTC | 249 | OUT | |
| 2024-07-03 17:23:55 UTC | 1064 | OUT | |
| 2024-07-03 17:23:55 UTC | 218 | OUT | |
| 2024-07-03 17:23:55 UTC | 14 | IN | |
| 2024-07-03 17:23:55 UTC | 58 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 13:22:41 |
| Start date: | 03/07/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff684c40000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 13:22:45 |
| Start date: | 03/07/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff684c40000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 13:22:48 |
| Start date: | 03/07/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff684c40000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 13:22:52 |
| Start date: | 03/07/2024 |
| Path: | C:\Windows\SysWOW64\unarchiver.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xa20000 |
| File size: | 12'800 bytes |
| MD5 hash: | 16FF3CC6CC330A08EED70CBC1D35F5D2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 6 |
| Start time: | 13:22:53 |
| Start date: | 03/07/2024 |
| Path: | C:\Windows\SysWOW64\7za.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xcd0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 77E556CDFDC5C592F5C46DB4127C6F4C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 13:22:53 |
| Start date: | 03/07/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff66e660000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 8 |
| Start time: | 13:22:54 |
| Start date: | 03/07/2024 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1c0000 |
| File size: | 236'544 bytes |
| MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 13:22:54 |
| Start date: | 03/07/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff66e660000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 13:22:54 |
| Start date: | 03/07/2024 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xe60000 |
| File size: | 433'152 bytes |
| MD5 hash: | C32CA4ACFCC635EC1EA6ED8A34DF5FAC |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 14 |
| Start time: | 13:22:58 |
| Start date: | 03/07/2024 |
| Path: | C:\Windows\SysWOW64\notepad.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x4b0000 |
| File size: | 165'888 bytes |
| MD5 hash: | E92D3A824A0578A50D2DD81B5060145F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 23.3% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 79 |
| Total number of Limit Nodes: | 4 |
Graph
Callgraph
Function 0132B1D6 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132B246 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132AD04 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132AB76 Relevance: 1.6, APIs: 1, Instructions: 93pipeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A5DC Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A120 Relevance: 1.6, APIs: 1, Instructions: 85fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132AD2A Relevance: 1.6, APIs: 1, Instructions: 80COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132B276 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A850 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A933 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A5FE Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A78F Relevance: 1.6, APIs: 1, Instructions: 73COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132AA0B Relevance: 1.6, APIs: 1, Instructions: 70COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A6D4 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A962 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132B64C Relevance: 1.6, APIs: 1, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A882 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A2AE Relevance: 1.6, APIs: 1, Instructions: 53COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132B1B4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132AF8B Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A7C2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132AA46 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132ABE6 Relevance: 1.5, APIs: 1, Instructions: 47pipeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132B66E Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A716 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132AFB2 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0132A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01440799 Relevance: 1.5, Strings: 1, Instructions: 284COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01440C99 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01440CA8 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01440FAB Relevance: 1.1, Instructions: 1142COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 014402C0 Relevance: .3, Instructions: 285COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01440E40 Relevance: .1, Instructions: 97COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01440E50 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 014607A4 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01440BA0 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01460808 Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 014605E0 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0146082E Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01460606 Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01440C50 Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01440C60 Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01440DD1 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 013223F4 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 013223BC Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 01440DE0 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|