Analysis Report http://ipv4.icanhazip.com
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
No Antivirus matches |
---|
No Antivirus matches |
---|
No Antivirus matches |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ipv4.icanhazip.com | 172.67.71.9 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.71.9 | ipv4.icanhazip.com | United States | 13335 | CLOUDFLARENETUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 367953 |
Start date: | 12.03.2021 |
Start time: | 16:50:19 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://ipv4.icanhazip.com |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@3/17@2/1 |
Cookbook Comments: |
|
Warnings: | Show All
|
No simulations |
---|
No context |
---|
No context |
---|
No context |
---|
No context |
---|
No context |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30296 |
Entropy (8bit): | 1.8553473180588764 |
Encrypted: | false |
SSDEEP: | 96:riZ1Z/2GjW3tkbfakDKMALqLxQixfCki6X:riZ1Z/2GjW3t0faxMbWcfCMX |
MD5: | 6FEE92C9DF3946835A4723BE5DE9BF7E |
SHA1: | E14EF2CD9B324665358E5BB4C0CF9E8EC050E8FF |
SHA-256: | DE6516924B1CA1285F78586365F94DA0D41ACF96FB456A428640895FAC11A914 |
SHA-512: | 6A884E718D2024909326C0A3E180ACA8332DC24A2C4C488965DCE234DAD38CD6239DE46D4AD3B71698D7861C8AA29B2EC4E078DA3E6DADF15262B247251C1FC8 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24164 |
Entropy (8bit): | 1.6297055954203157 |
Encrypted: | false |
SSDEEP: | 48:IwiGcprbGwparG4pQ/GrapbSyGQpBGGHHpc77TGUp8CGzYpms5GopSeDbxGmXpm:rWZ1Qt6DBSajF27VW+Mm4IBg |
MD5: | CF19BB1CBC03984CCE00072FD83EE250 |
SHA1: | DA81C4632F68897DCC56A13CA2022AFA811A7592 |
SHA-256: | ED1DB1F99CD93BCFD7710588F1732AD4D9E561E809DAB9517074A4FD2185AA56 |
SHA-512: | 4E3D6309555CC1BBB5325759719A2EEFEED12F848846A887A0DC32CB1E9B5C65330C3A2F95854FCB5776036036E2A56BB4928A1767EA5E2ECA7B439AF07F3305 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5663313852941265 |
Encrypted: | false |
SSDEEP: | 48:Iw1GcprcGwpaN9G4pQ/vGrapbSQGQpK+G7HpRnTGIpG:rrZUQJ6LBSYA5TVA |
MD5: | A8AAB2D3CA2E176C26CBF40F2C19C6C4 |
SHA1: | 9AB5EC6300ECB8789EFC5D50344ECB4BC4FA1BB6 |
SHA-256: | E391E704393D1D68E38441CEB86385C470465283AF473E74E29ED3C0F0D20D39 |
SHA-512: | 0A94206920F9447AADB6010B5C1F6DD9138147AB5E34591E41FF0E825A27A8A7AA2B552C16EE258F3DF65532BDBDE57B63C6C29CD9316B18AD382FA4D1A15321 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 657 |
Entropy (8bit): | 5.045601742711359 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxOE8mawmAnWimI002EtM3MHdNMNxOE8mawmAnWimI00ONVbkEtMb:2d6NxO/jwDSZHKd6NxO/jwDSZ7Qb |
MD5: | 0BC9CA0B08525335DECC2285D22F53B2 |
SHA1: | 8D600C1B6F2094DF9315D2E2C84C798F27694A1B |
SHA-256: | CDFC667E4F977E1F1DE91954EA345F7BFE85B0539DD78BB4BEA7809C419037E6 |
SHA-512: | DA2BF63A4C41D24781524225461E012C4231626A129715A9A97B423F513D605E0EC5413998D024332CE7B5DCB572560625226A4024F5B11247A59C21B4F8ADE9 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 654 |
Entropy (8bit): | 5.096805192786078 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxe2kmuaCuAnWimI002EtM3MHdNMNxe2kmuaCuAnWimI00ONkak6EtMb:2d6NxrbMSZHKd6NxrbMSZ72a7b |
MD5: | 91C69E2737976AB297D163AD80CA18D3 |
SHA1: | 57F892AD154B6AA164DBD599AE37F8A337A30FEF |
SHA-256: | D56B92CE2F66E636438EA965C6A8E143A48076AEFBAC6AEA921DBA1A4AB3E7EE |
SHA-512: | 5731FB339BAE95C449A2BDED5437B005EA098E3EA836D2765FFC0C233FB75E4596B743663C94999010085FCEEFF59AD9378F015EF952577180029374F2D33327 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 663 |
Entropy (8bit): | 5.050182096003947 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxvLKvYua+vYuAnWimI002EtM3MHdNMNxvLKvYua+vYuAnWimI00ONmZEs:2d6NxveE+2SZHKd6NxveE+2SZ7Ub |
MD5: | 884C05D906498F5BC732D715DCCCED8A |
SHA1: | 578128E79A16190ABBDAE95DC80BAD9443583E26 |
SHA-256: | FCBFF03DE904649F72799D42FA11498ECE6841F9F974A1E19B8BA786CC71D39B |
SHA-512: | 1CE1A1EA812F7B0F2CEA1B929078B67400E274E78387F6894ECBB8784BCAA45FBBA0F23AF796292257A0F0CA190A44714B0A1770EC32F7E0EDDF622F8D78EE1D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 648 |
Entropy (8bit): | 5.002389011856365 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxiguaMuAnWimI002EtM3MHdNMNxiguaMuAnWimI00ONd5EtMb:2d6Nxr7MLSZHKd6Nxr7MLSZ7njb |
MD5: | 00E04BE34145C7BF43E95A4EBF72C16E |
SHA1: | 7FE28B75E1B44E0AF58F6F17BEA801E144273050 |
SHA-256: | 4DD2353367549ACAD8E25279478D3C2644DB9D6C1B9A9FDCBD2A209B5E536B18 |
SHA-512: | DEE2B9993D428D0EC9A20E0643637B3B701B5F1A98E54F9639CE9C3002035C628E0EF2BC98907031E85E4A093D23C3230E880F0EFA280767DDC3F1D578B5C4C3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 657 |
Entropy (8bit): | 5.0609806620694675 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxhGwKvYua+vYuAnWimI002EtM3MHdNMNxhGwKvYua+vYuAnWimI00ON8V:2d6NxQZE+2SZHKd6NxQZE+2SZ7uKajb |
MD5: | B77FA6DA5FEF6C4EFDF476FD8D585698 |
SHA1: | 6877007AE8514E6D186E46A811A0417E465FC548 |
SHA-256: | 8275C62D63FE7F7A51862D3536ADD12FFE2A2B3326C550396630DECA767DA58D |
SHA-512: | 6AFDF666BB75C4D9C3F56855A803A766CE27391ABF9528B68B3E8B487D078690C2ABC64BFD6B5FCC952CD4EAACAF4450E1F5A24E9CBB0E58C69D1ED0E7E5D62C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 654 |
Entropy (8bit): | 5.049126427817431 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNx0n8mawmAnWimI002EtM3MHdNMNx0n8mawmAnWimI00ONxEtMb:2d6Nx08jwDSZHKd6Nx08jwDSZ7Vb |
MD5: | 3BF2E0271F02E582F0605D31C3267826 |
SHA1: | 8F9464BC7F3279F7AD09E81FE09921F47EFB4101 |
SHA-256: | 4FAEABA71405EE42C1F470D623A078ADBEAB11A969F0600E5EC650C6D415F73A |
SHA-512: | 1D64511A59C66EDF8C83BE4DF77DD434CF46ADE8C58BF7C950EE9622AD1DE1977AC42F03B922446571ABCC0D6983852074D3EB2329F56338F3A808984E8E01C5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 657 |
Entropy (8bit): | 5.028259256492253 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxxguaMuAnWimI002EtM3MHdNMNxxguaMuAnWimI00ON6Kq5EtMb:2d6Nx+7MLSZHKd6Nx+7MLSZ7ub |
MD5: | 90CA115FEED1E7A272CAE5466A3FA4A6 |
SHA1: | 8A7E016876B0B2D7807168CB54C975E54183AC25 |
SHA-256: | 21D317B9862E1E6AEA5F542E4A6E29B340085DB4127B22395AF99F6604217E39 |
SHA-512: | 47C19D092295980E6C50BE41710E3232510EF4BA49EAF095698D65D64C1EDA8D825B15B6C20122FBE2DD7D230C515FB1AE7519D587128BF8914682218BA042CB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 660 |
Entropy (8bit): | 5.087529602857279 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxczzanzAnWimI002EtM3MHdNMNxczzanzAnWimI00ONVEtMb:2d6NxXcSZHKd6NxXcSZ71b |
MD5: | ACE7514BE22BF3947080D58A565B3629 |
SHA1: | 00C799C3BE227565C9DB96B9CE5F20EC7A0222A3 |
SHA-256: | 1C93F50092E5532CE12EC2ACEB2BC6F8BE5BC8B6699D8A292EC110726D7AED0B |
SHA-512: | FB6A2AA0F394FD47FFB99C65A6572F4BC056859F031BBE3F834383F0F13299EA709B368E38D18F26D29744D55DD5774852B5547B1E7A2BCFDC758FB31AB0BBFA |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 654 |
Entropy (8bit): | 4.9886463217607515 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxfnguaMuAnWimI002EtM3MHdNMNxfnguaMuAnWimI00ONe5EtMb:2d6NxI7MLSZHKd6NxI7MLSZ7Ejb |
MD5: | EA7F63160559982BE50C5C001FBF6603 |
SHA1: | 0260F219E89C9B4D24FC1EEBF1D8093FAA2B020F |
SHA-256: | 01F6B668E32568C41389E527883FF8086B97143E36BD4330F1C2B0ED03AEBF46 |
SHA-512: | 37C0E0F926FA62CB2D51C3E48F1A2CCA37AC1DE289C1FFE6A3766B130DFBD3D31BAA606EE93B6D66A40CA2D5BA16DACDF415A18CD00F790F9F3C7C1C6E26FE24 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 12 |
Entropy (8bit): | 2.855388542207534 |
Encrypted: | false |
SSDEEP: | 3:HLLVn:fVn |
MD5: | FC96F339DF308FEDB14A4DC6932E5EB4 |
SHA1: | 0F02D70B4E8FC479A4FAEFF1201F6DEFDB40C5A1 |
SHA-256: | 8313FBE13840F492FB297AAE15577A3721524FDB0C98EE3F35F9EF7C427F105F |
SHA-512: | 36248865DB6AE11B63EEC12D19C26BAA09A0109F5222BDB1601FD2E12596AFEACBCB767CB2AB0B3D9081B3A1BA70D3E5B5D999A709E403EC832A26AD4932A365 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | http://ipv4.icanhazip.com/ |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 12 |
Entropy (8bit): | 2.855388542207534 |
Encrypted: | false |
SSDEEP: | 3:HLLVn:fVn |
MD5: | FC96F339DF308FEDB14A4DC6932E5EB4 |
SHA1: | 0F02D70B4E8FC479A4FAEFF1201F6DEFDB40C5A1 |
SHA-256: | 8313FBE13840F492FB297AAE15577A3721524FDB0C98EE3F35F9EF7C427F105F |
SHA-512: | 36248865DB6AE11B63EEC12D19C26BAA09A0109F5222BDB1601FD2E12596AFEACBCB767CB2AB0B3D9081B3A1BA70D3E5B5D999A709E403EC832A26AD4932A365 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | http://ipv4.icanhazip.com/favicon.ico |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13029 |
Entropy (8bit): | 0.47930874029847625 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loW9loG9lWtUagdj:kBqoIRXVEj |
MD5: | B5A3DAF5C1B7F6DB52A96C053D0447FC |
SHA1: | 91DFF4BE0F33E2F0CE03AC522643344911F4352B |
SHA-256: | 5994EF4AB1017B329814F6C9FC3190FDF44B8D14091FB01711015C7E09D00D06 |
SHA-512: | C4F147C8EA4BB693C46508BAA107EB8EE84DFE20ED2DBA185F73675F7F37FB4E0F6E9B403586C2D1FA5D1A5B74630CC1C2BA8D9F9AC7A15CFD0B90CBA9D7D23A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 0.3016025495338294 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab |
MD5: | BF8FB2E7F651545A0DD4F12D4042C515 |
SHA1: | 76BDD22AC8585C130C2D98471A8949E03B14EA37 |
SHA-256: | 9DC17AC3D8C857C51B93742F390936DA10880F7AD3956E3FAD80625C4365C1C2 |
SHA-512: | B7E51E4F8F43A133BBB1288ED315960DD15D9743DAC6F65F875CF61CBAA667D6B9A4937C1AE5D44F64C56AFAB9301EC427BA1BABE4AA62A1DEBD84B362C23A00 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34357 |
Entropy (8bit): | 0.3483741353113905 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwDqF9lwfi9l2M9l2s9o:kBqoxKAuvScS+djBgsIsseDt |
MD5: | 1E81407B7131F4F5F7255A844AA30D6C |
SHA1: | 72568DF84FB742BD6086E819501F5B93C49D5F04 |
SHA-256: | 97ED7B366FC26C58E7F217DD4629D7638FA64984279AC74266B81BC12FA641AE |
SHA-512: | C4BE26EFEE99B7F51D441D42314238EFC809E518B0DEE88297A9F3E2504FD66512C6873C6797A8A6AC6609C7913986F2778EEEC8C8A68C542D34A1E6A406CDBC |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
- Total Packets: 45
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 12, 2021 16:51:09.981350899 CET | 49718 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:09.981554985 CET | 49719 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:10.023454905 CET | 80 | 49718 | 172.67.71.9 | 192.168.2.5 |
Mar 12, 2021 16:51:10.023588896 CET | 49718 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:10.023731947 CET | 80 | 49719 | 172.67.71.9 | 192.168.2.5 |
Mar 12, 2021 16:51:10.024122953 CET | 49718 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:10.024257898 CET | 49719 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:10.066267967 CET | 80 | 49718 | 172.67.71.9 | 192.168.2.5 |
Mar 12, 2021 16:51:10.073417902 CET | 80 | 49718 | 172.67.71.9 | 192.168.2.5 |
Mar 12, 2021 16:51:10.073555946 CET | 49718 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:10.337838888 CET | 49718 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:10.380335093 CET | 80 | 49718 | 172.67.71.9 | 192.168.2.5 |
Mar 12, 2021 16:51:10.384949923 CET | 80 | 49718 | 172.67.71.9 | 192.168.2.5 |
Mar 12, 2021 16:51:10.385067940 CET | 49718 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:25.069351912 CET | 80 | 49719 | 172.67.71.9 | 192.168.2.5 |
Mar 12, 2021 16:51:25.069541931 CET | 49719 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:26.772542953 CET | 49721 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:26.813396931 CET | 80 | 49721 | 172.67.71.9 | 192.168.2.5 |
Mar 12, 2021 16:51:26.813498974 CET | 49721 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:26.813637972 CET | 49721 | 80 | 192.168.2.5 | 172.67.71.9 |
Mar 12, 2021 16:51:26.854275942 CET | 80 | 49721 | 172.67.71.9 | 192.168.2.5 |
Mar 12, 2021 16:51:26.860012054 CET | 80 | 49721 | 172.67.71.9 | 192.168.2.5 |
Mar 12, 2021 16:51:26.860096931 CET | 49721 | 80 | 192.168.2.5 | 172.67.71.9 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 12, 2021 16:51:01.067811012 CET | 53784 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:01.119606018 CET | 53 | 53784 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:01.246773958 CET | 65307 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:01.295993090 CET | 53 | 65307 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:01.503623009 CET | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:01.555286884 CET | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:01.686949015 CET | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:01.702244043 CET | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:01.740183115 CET | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:01.761904001 CET | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:02.143227100 CET | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:02.196130037 CET | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:02.964092970 CET | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:03.015671968 CET | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:04.144978046 CET | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:04.193869114 CET | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:05.421128035 CET | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:05.470411062 CET | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:06.249793053 CET | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:06.298629999 CET | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:07.221616030 CET | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:07.278606892 CET | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:08.064259052 CET | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:08.116206884 CET | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:08.683094978 CET | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:08.747661114 CET | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:08.918798923 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:08.971889973 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:09.919946909 CET | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:09.969944000 CET | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:26.717281103 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:26.767903090 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:29.617755890 CET | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:29.685508013 CET | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:32.294934034 CET | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:32.345942974 CET | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:38.675745010 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:38.726711988 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:39.360367060 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:39.419212103 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:39.711124897 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:39.759890079 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:40.237248898 CET | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:40.285937071 CET | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:40.366391897 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:40.423923016 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:40.725403070 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:40.783809900 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:41.469686985 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:41.518722057 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:41.577528000 CET | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:41.629446030 CET | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:42.805063963 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:42.864029884 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:43.490082026 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:43.553606987 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:46.827338934 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:46.876033068 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:47.491436958 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:47.548516035 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:55.921880960 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:55.983628035 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Mar 12, 2021 16:51:56.821487904 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 12, 2021 16:51:56.881496906 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Mar 12, 2021 16:51:09.919946909 CET | 192.168.2.5 | 8.8.8.8 | 0xc9a5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 12, 2021 16:51:26.717281103 CET | 192.168.2.5 | 8.8.8.8 | 0x8677 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Mar 12, 2021 16:51:09.969944000 CET | 8.8.8.8 | 192.168.2.5 | 0xc9a5 | No error (0) | 172.67.71.9 | A (IP address) | IN (0x0001) | ||
Mar 12, 2021 16:51:09.969944000 CET | 8.8.8.8 | 192.168.2.5 | 0xc9a5 | No error (0) | 104.26.11.175 | A (IP address) | IN (0x0001) | ||
Mar 12, 2021 16:51:09.969944000 CET | 8.8.8.8 | 192.168.2.5 | 0xc9a5 | No error (0) | 104.26.10.175 | A (IP address) | IN (0x0001) | ||
Mar 12, 2021 16:51:26.767903090 CET | 8.8.8.8 | 192.168.2.5 | 0x8677 | No error (0) | 172.67.71.9 | A (IP address) | IN (0x0001) | ||
Mar 12, 2021 16:51:26.767903090 CET | 8.8.8.8 | 192.168.2.5 | 0x8677 | No error (0) | 104.26.11.175 | A (IP address) | IN (0x0001) | ||
Mar 12, 2021 16:51:26.767903090 CET | 8.8.8.8 | 192.168.2.5 | 0x8677 | No error (0) | 104.26.10.175 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49718 | 172.67.71.9 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 12, 2021 16:51:10.024122953 CET | 1382 | OUT | |
Mar 12, 2021 16:51:10.073417902 CET | 1383 | IN | |
Mar 12, 2021 16:51:10.337838888 CET | 1387 | OUT | |
Mar 12, 2021 16:51:10.384949923 CET | 1387 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49721 | 172.67.71.9 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 12, 2021 16:51:26.813637972 CET | 1388 | OUT | |
Mar 12, 2021 16:51:26.860012054 CET | 1389 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
Start time: | 16:51:08 |
Start date: | 12/03/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6e70b0000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
Timing Activities
Windows UI Activities
Network Activities
Object Security Activities
LPC Port Activities
Start time: | 16:51:08 |
Start date: | 12/03/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x210000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
Timing Activities
Windows UI Activities
Network Activities
Object Security Activities
LPC Port Activities
Disassembly |
---|