Play interactive tour

Edit tour

Analysis Report https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?

Overview

General Information

Sample URL:	https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?
Analysis ID:	387611
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Startup

System is w10x64

iexplore.exe (PID: 4808 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 2108 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4808 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 3.121.154.182:443 -> 192.168.2.4:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.121.154.182:443 -> 192.168.2.4:49716 version: TLS 1.2

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc3cd27a7,0x01d731e8</date><accdate>0xc3cd27a7,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc3cd27a7,0x01d731e8</date><accdate>0xc3cd27a7,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc3d1ec5e,0x01d731e8</date><accdate>0xc3d1ec5e,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc3d1ec5e,0x01d731e8</date><accdate>0xc3d1ec5e,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc3d44eb9,0x01d731e8</date><accdate>0xc3d44eb9,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc3d44eb9,0x01d731e8</date><accdate>0xc3d44eb9,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: s.eu.socialsmp.com

Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: ~DF16ED33ACCDC8ED8C.TMP.1.dr	String found in binary or memory: https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?
Source: {EE399BA2-9DDB-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?Root

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 3.121.154.182:443 -> 192.168.2.4:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.121.154.182:443 -> 192.168.2.4:49716 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/18@2/1

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EE399BA0-9DDB-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF0508E6335F59A50C.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4808 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4808 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?	0%	Virustotal		Browse
https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
s.eu.socialsmp.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?	0%	Virustotal		Browse
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?Root	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s.eu.socialsmp.com	3.121.154.182	true	false	0%, Virustotal, Browse	unknown
cofense.com	35.188.168.180	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.wikipedia.com/	msapplication.xml6.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.amazon.com/	msapplication.xml.1.dr	false		high
https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?Root	{EE399BA2-9DDB-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://www.nytimes.com/	msapplication.xml3.1.dr	false		high
http://www.live.com/	msapplication.xml2.1.dr	false		high
https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?	~DF16ED33ACCDC8ED8C.TMP.1.dr	false	0%, Virustotal, Browse	unknown
http://www.reddit.com/	msapplication.xml4.1.dr	false		high
http://www.twitter.com/	msapplication.xml5.1.dr	false		high
http://www.youtube.com/	msapplication.xml7.1.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
3.121.154.182	s.eu.socialsmp.com	United States		16509	AMAZON-02US	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	387611
Start date:	15.04.2021
Start time:	13:15:01
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/18@2/1
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): ielowutil.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 104.43.139.144, 104.42.151.234, 88.221.62.148, 152.199.19.161, 40.88.32.150, 52.255.188.83, 13.88.21.125, 168.61.161.212 Excluded domains from analysis (whitelisted): ie9comview.vo.msecnd.net, skypedataprdcolcus17.cloudapp.net, skypedataprdcolcus16.cloudapp.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, skypedataprdcoleus17.cloudapp.net, go.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, watson.telemetry.microsoft.com, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EE399BA0-9DDB-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.85509974745926
Encrypted:	false
SSDEEP:	192:rNZ6ZL20WQt7ifyxPzMC3BR9D4sf5xejX:rjmCj0cDiD3O
MD5:	911BC667437E41B76A276BB012BBC36B
SHA1:	37FDA7968327F0E8CEC5DA2119762B55BAC674B9
SHA-256:	82E9AD20FABA782603DFF9C6D88CF80FD14B862034A128F9470F6853B276ACB1
SHA-512:	574DB0BFCF5A683CE4BF7DF750D0F9D8C2674650D6D638E73C31E62BF06014FAE754B854197B2BC30C949F947654D2E12E5B79E72D92C00852A444F4A3D55F2C
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EE399BA2-9DDB-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	24268
Entropy (8bit):	1.6486849338717935
Encrypted:	false
SSDEEP:	48:IwpGcprIGwpaEG4pQYGrapbSk9GQpBCGHHpcJTGUp8tGzYpmAiGop71GG9cGg/Ng:rvZQQ06mBSkHjZ2LWTM7V1y1g
MD5:	94783773594A52C6CE48ABB7144B66EE
SHA1:	90238FE2001D33BED48BD4DEED3B8C668F60370B
SHA-256:	D47F78FCEBEFA40DAE39CA7E37327702A7932DE9F8C0B89C7CC893D06DBF79B4
SHA-512:	F38AB62FB0825C597A153A8321FCFEAA6F0245FDB03CED795EEE1ADB7E75A8A8F13EE3DDB7EADE3290DFABE53AFBF339A82BC3B8AFFA1D743C632CE432556A3E
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EE399BA3-9DDB-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5659384006596835
Encrypted:	false
SSDEEP:	48:Iw8GcprtGwpahG4pQyGrapbSfGQpKhG7HpRMTGIpG:rgZ3Qz60BSJAQTYA
MD5:	43BB88170F0A85EE39F9E97BBDE239B6
SHA1:	DC593CA609D0D918D138DAC38F0C6B420CF46280
SHA-256:	1FA66BC07BA4DBC4F28278814C842A53F0C420D474A0B970C7F5A8463993E929
SHA-512:	6E3A122A18A6A1CD068C64A69314E9DF7DB5A394FB5C1558462FF646608728C9F952AC515E2EEF71A2F954BB52967B0F78B0ADDCC1A326111DF100044BBB9DB9
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.015599242141623
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEOsDwseCnWimI002EtM3MHdNMNxOEOsDwseCnWimI00OYGVbkEtMb:2d6NxOFs8s1SZHKd6NxOFs8s1SZ7YLb
MD5:	EE78A3668CA969484F673FC98DC21624
SHA1:	AF7C26476A6630CB443FB3DAFA262C4C60AD82DA
SHA-256:	160C88AEB6EC171C7D48992C98C356AF54C865B972EF1D0B83F4EBA638FDED60
SHA-512:	0CA3BFE4AF06074CC46A214FD8C62C9A65D1846C28D3EDB427A82BDF4FB091EFBC094DF03D5AF1D799312F9563C0E0F5993DE5E3A2737BA8CCDB85C71230BAEF
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc3d1ec5e,0x01d731e8</date><accdate>0xc3d1ec5e,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc3d1ec5e,0x01d731e8</date><accdate>0xc3d1ec5e,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.051647763331936
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kKCD0CeCnWimI002EtM3MHdNMNxe2kKCD0CeCnWimI00OYGkak6Ety:2d6NxrCn1SZHKd6NxrCn1SZ7Yza7b
MD5:	D05010EC1E6A36C015F73912315D953F
SHA1:	4EEB86AF6F19CE6963A704854C9334D255253424
SHA-256:	A700D71A8360EAD28532898B5125AAED6CBB61685EB5B0D5EC9233B3A1BC96B1
SHA-512:	9A659C9FA28C71CBAD1627E64E4FD595248D729C159F1A2A06FADA5F7176BE64FFAFBA1A6D229451D123FC3CD6B660D2C348191FF5E4C1C8FB547FC6B1086FA4
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xc3cac550,0x01d731e8</date><accdate>0xc3cac550,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xc3cac550,0x01d731e8</date><accdate>0xc3cac550,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.035282169867705
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLOsDwseCnWimI002EtM3MHdNMNxvLOsDwseCnWimI00OYGmZEtMb:2d6Nxvis8s1SZHKd6Nxvis8s1SZ7Yjb
MD5:	2B3FCCAA29E694D36C600BD979DA8D21
SHA1:	41FB11F4555FD2D37698E6F5EB62F2792A8EBECE
SHA-256:	117792371BCC7EF33B44FEC03901E6011862DDC58A11C93CBCE95969C28B76AE
SHA-512:	3A34743FD00B8AF5ABFA28AAB3F12D4A2FFFBBFC4F6BDBEFBEE2E33D2F43D1EFDCA072FB71F9671583C20342C3B93F61B478FC48C682E890DB146943CA669EF0
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xc3d1ec5e,0x01d731e8</date><accdate>0xc3d1ec5e,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xc3d1ec5e,0x01d731e8</date><accdate>0xc3d1ec5e,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.062308740468682
Encrypted:	false
SSDEEP:	12:TMHdNMNxiFDbeCnWimI002EtM3MHdNMNxiFDbeCnWimI00OYGd5EtMb:2d6NxAn1SZHKd6NxAn1SZ7YEjb
MD5:	59E9832F7E2105AAA1D968B1E4E159E4
SHA1:	0AAE080F7C53C4795660EFD52D889A497D5014C5
SHA-256:	DD822226EEDC02415A8A0325C7AEFA237216B6A6CB2F5DBEBF405918F50B89A8
SHA-512:	6C0EA29CA4A55F4A142B35B455F74B8FC3285EB36AC803D4A7482D71C71D4AD5C87179E47775477AF6038D8DEEDC368292AD4EE3CA67CE400E7E0C54BD2AA298
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xc3cf8a23,0x01d731e8</date><accdate>0xc3cf8a23,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xc3cf8a23,0x01d731e8</date><accdate>0xc3cf8a23,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.110628544064296
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwO3/TDw3/TeCnWimI002EtM3MHdNMNxhGwO3/TDw3/TeCnWimI00O0:2d6NxQxb8b1SZHKd6NxQxb8b1SZ7YrKG
MD5:	323FDF1D9B8E0CD1DEDBC7C079CEBCB6
SHA1:	EDAE6BB6A688B0B83AD580FCC81F24230416128F
SHA-256:	AC048DBEB994D6ADCAAB79498DC9723739C239CAB5E98CC1B7859E37C52D523B
SHA-512:	499EAAED82F7AB9DBFA09D00C50B28CCD0668DB5156EF11A0C6F7A28CA0C57069594AEC6BB2C21C711C402E7433CAD3725F42B7847A88B52F38D29747A6C7318
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc3d44eb9,0x01d731e8</date><accdate>0xc3d44eb9,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc3d44eb9,0x01d731e8</date><accdate>0xc3d44eb9,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.016451262310295
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nOsDwseCnWimI002EtM3MHdNMNx0nOsDwseCnWimI00OYGxEtMb:2d6Nx0Os8s1SZHKd6Nx0Os8s1SZ7Ygb
MD5:	AFC079FED72AD8BBDF4745481C04E1C6
SHA1:	8F8274B9122104BAACF49ABBBDA9F1089BD0D98F
SHA-256:	A0F735AFF7A284F15D007F4FA27725D930BD04007C4E82C63850640F3F48CC15
SHA-512:	48D85791CEE31E9090490CB8D695C12E18724CF3657AF13007F8097CBAEDC8132FA822A69860CE085C40919F24BB6217A3AC99AC0CB2461C23B2D3BE2C783EBC
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xc3d1ec5e,0x01d731e8</date><accdate>0xc3d1ec5e,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xc3d1ec5e,0x01d731e8</date><accdate>0xc3d1ec5e,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.087127949201045
Encrypted:	false
SSDEEP:	12:TMHdNMNxxFDbeCnWimI002EtM3MHdNMNxxFDbeCnWimI00OYG6Kq5EtMb:2d6NxPn1SZHKd6NxPn1SZ7Yhb
MD5:	3E0CE69F827BCE01111FF82B156AEFAA
SHA1:	F8B986311E0E03FB1C5C6CAD330271A4C61EE404
SHA-256:	B94401E10103048F50DB4F23EA61FCB76D97ACB337DE06EDF52862F95D17B2C1
SHA-512:	46364F33B27F1AB222D5FA2A6E4FDDD96D79C5B05907AA1CF3FF39B73A10D916D73B92ED805E7D3B29ED1B6CD5B81ABD8EE5E33DCE488659F9E697EB7844AD67
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xc3cf8a23,0x01d731e8</date><accdate>0xc3cf8a23,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xc3cf8a23,0x01d731e8</date><accdate>0xc3cf8a23,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.062753121421771
Encrypted:	false
SSDEEP:	12:TMHdNMNxcEDSeCnWimI002EtM3MHdNMNxcEDSeCnWimI00OYGVEtMb:2d6Nxb+1SZHKd6Nxb+1SZ7Ykb
MD5:	8A342B3F87D3936A99CF6D9EC2DF9D43
SHA1:	B4CEE2624D846ED8E9EB3D165F22FE3E8BA5C29C
SHA-256:	B8BC909BAAC9D70F7691D360A5FE6F0343F28FE6F86EC1377E11FAFAD159706F
SHA-512:	D4E672D4A8375B0E804A1CE0C819C4C1CCE39202C03638FC017CF654717AB1D6FA4D78DCF08AFB8E2D225D5263A549C4090D6321BEE1A7F93C4F137596B60486
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc3cd27a7,0x01d731e8</date><accdate>0xc3cd27a7,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc3cd27a7,0x01d731e8</date><accdate>0xc3cd27a7,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.047461764887951
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnEDSeCnWimI002EtM3MHdNMNxfnEDbeCnWimI00OYGe5EtMb:2d6Nxs+1SZHKd6Nxsn1SZ7YLjb
MD5:	C562BB74A23E8A9228F0FC03BF74963C
SHA1:	98B2CC20BDB0E8BA4D5C68AC1E15EF27B23E25DF
SHA-256:	9B674E62CEB4FE178722620EA07AFE022A700DD5FD3A42ED039167A4E5C96D5A
SHA-512:	7CA210ACD106C87BF2019F8236D32714F9BD93F5F5D85D0B31176E7C01C2122403859604F6DD35EA8198D5B270A6496BE49FCB728458E2158F07910A8D5AE573
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xc3cd27a7,0x01d731e8</date><accdate>0xc3cd27a7,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xc3cd27a7,0x01d731e8</date><accdate>0xc3cf8a23,0x01d731e8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\phishme_spear_phishing_quick_tip[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1600 x 816, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	94817
Entropy (8bit):	7.8733715349847255
Encrypted:	false
SSDEEP:	1536:06r8C2nUYxozd6KiTfZQ7ocae+fq7eBOUbAvgu3Rfri6m32JVt:0w8dtxozk4o/lfqXvguhDtm3OVt
MD5:	52E71C716B54E62FDB5903D743E6FDB5
SHA1:	B958A3205364A0E529F54A5176D1FCF052AF94AB
SHA-256:	E106B2B8A45566462A60CECBE4E8F8C1FFB287E40222B1DB28FC46E7DA43766D
SHA-512:	00BAB392040B3DCE9C5EC323A6DB62F69682E96E12DCF83849786B19980CFB87F14CFCFEAAB43359DA68CC3681429861C7E58AC0AC5FCED93A1D04499ABD2B50
Malicious:	false
Reputation:	low
IE Cache URL:	https://s.eu.socialsmp.com/images/www/phishme_spear_phishing_quick_tip.png
Preview:	.PNG........IHDR...@...0.....x.......tEXtSoftware.Adobe ImageReadyq.e<..r.IDATx...o...}....(..D.,9.8..!..%QSBh.0......kq.9l.=,.k.{.q....g.w...3s/. .f.X`....!.<...i...kWb..'...-.1eY...42I.s..y..........~..53..U.z...<J.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................P..>.\ ..........Hy.........`............`.0..........F.. ........`.0..........F.. ........`.0..........F.. ........`.0..........F.. ........`.0..........F.. ........`.0..........F.. ........`.0.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\phishme_spear_phishing_quick_tip_title[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1600 x 263, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	88898
Entropy (8bit):	7.968310151770459
Encrypted:	false
SSDEEP:	1536:koZmTL1BsqNJoOj2g5kp22LKnuKHK5FQrqhXG/m4nAt0kP8C9X0RGq:QLjs8pl5kpCnuHQV/9At98CpcGq
MD5:	838B3AA2C0A05D4629CF4E11DB18F502
SHA1:	DF1F498F9EA1A004188A1FDE44E6EB059CD485A1
SHA-256:	8079376A80D57CF462AAD98F4D21542871852B4F4EDC5FE3DB2F2F1839FDC87D
SHA-512:	64F35F37305E733F1D358AE615B97B540DC655211000025DC106C40BD00047B895D8CBBB256C33EDE73EF4D32ADE59C7ECFEAADFE233F0BECBBD594CFD22C1E0
Malicious:	false
Reputation:	low
IE Cache URL:	https://s.eu.socialsmp.com/images/www/phishme_spear_phishing_quick_tip_title.png
Preview:	.PNG........IHDR...@.................tEXtSoftware.Adobe ImageReadyq.e<..Z.IDATx.....E....{.........E.".D~ ?.........(..BQ..U@.H....."....z.........^....y........<3.Ly.h.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\reporter[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 280 x 357, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	12310
Entropy (8bit):	7.954432113545429
Encrypted:	false
SSDEEP:	192:a3d6vnT3bBYoUq3HHWk1s6/7aOQ5Z31mbwUHwqAOyQfLU+rsr8YxXeGxeY/KB52D:MUT3bBYov3HHWkxmOMOwUHEQfLQxuGd7
MD5:	6D1A6B807CEF30298277D86801115EF9
SHA1:	D85FFA1E9C7CEBEB9D92E3DB9BAA502BADE99DE6
SHA-256:	B66912EC278B45CE43A38E270D8F94F39296787DD3857274002951D7B773761A
SHA-512:	1E9235DD124E66E394711EF6B087FFA815C941DACC3AE10DBC9DA3DDD3ACAC5637FB89D9916761882FDFDC4434401C6FC77C7B09F77A82A29BA3466B21C3CA5F
Malicious:	false
Reputation:	low
IE Cache URL:	https://s.eu.socialsmp.com/images/www/reporter.png
Preview:	.PNG........IHDR.......e.....02......sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.01/23/19........tEXtSoftware.Adobe Fireworks CS6.... .IDATx...{\Te....n..r7/..!..b.....a...uSS...?k]5.ZuM-...LS.4/..55M.......4A".@M..[....~C...33.3s...z.........<.y.s.0z.......T..".......!"a...0...j.AD.p.P<.....-."...CD.0`.H......!"a.0D$.....a...0.."...CD.0`.H......!"a.0D$.....a...0.."...CD.0`.H......!"a.0D$.....a...0.."...CD.0`.H......!"a.0D$.....a...0.."........VR...h.}...@..'.K".1`.)xg$.-'...\|.;r..UO.`..8....;#...d4....~...n=..WFOW.2R......"...+.&....W'.tpe$....kr...I.......OCn<3...y9.2...C........[+.....0`Hq.......sV....{q}...."50`H1.E....hz...^.}...+".1`.n....-.....M..VE..C6kr......!.....A..UE..C6..H...m...5.b.(^5.(..Y...~.6....9.o..(......0`H6....{..K.r.=9Q.c..a.P...,G.mo+.j1.-..e...=&9...5..".Z.R....*.R...\.0d.o.>...U.9.......f.r..4....;69......f9Z.....r.O.f(.9\...y0`.F...h..\|.zU.yn=..y/:..!...-..U...%....~.r.\.........1...F.....`...!.!....1

C:\Users\user\AppData\Local\Temp\~DF0508E6335F59A50C.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.47786946570958383
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9low9loA9lW4RVmX:kBqoILti8
MD5:	8D54A32D353402F08EA0F598D9A61285
SHA1:	C474B8A0064FE972E6B85F330977EF19A1D73ADF
SHA-256:	10F38AD1ED6683EB49DC66E9F95051CDD86A093F56D0CA478CB0718EC5056CA7
SHA-512:	01FDE6960D15BD750F5647DAB6178C7B58E585CA4002E248E6E17CEF8B96E45BD76BB1A520881B98E019D0F8C6BBF7AFD0E3541EB8B4D41754B565A7335FACB1
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF16ED33ACCDC8ED8C.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	34461
Entropy (8bit):	0.36878645349121075
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwjS9lwjP69l2jU9l2jd:kBqoxKAuvScS+RP98AIA51GG9z
MD5:	336DE3E977F6C7AB9D64D0526F19B965
SHA1:	E38BE85E4D5A4421C290066EF75E14DF01BE90B6
SHA-256:	06AD1993A5733F403569D3459EDA0F5467603CDDCA52D02F9C07FD8F273ACAE2
SHA-512:	93BA54A0B6814FA3E8FFD4BBA6DA31E4361D30F47BBDA8F3C852D853D262C5092C6DEED471F43A0EB7C5C6638C161C3A13FB93AE6704750A1D7254F7DB3ED1AC
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFA2C58AF2ECD02190.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.3663602836851404
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA0fX1:kBqoxxJhHWSVSEab0P1
MD5:	A0F8D4A8C82D9D5E56160FB5B4D52010
SHA1:	240907574AAE21BDF7E2E50407513BC359E0F1B2
SHA-256:	9BC4D83A01075CB7C7990F834A39A8B1259E22086A1157DD0E9EB6C3DE343C19
SHA-512:	31C33606FBEC7C66CDEDBAE856CE0BAA1301E5BB888E4E54B9E4E616801F2B598FCFE60B14B94FEAD38BD13E53401651613D43E03FFEB711BB0BBEF0F84A6A9D
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

Total Packets: 73
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2021 13:15:50.916203976 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:50.916510105 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:50.958172083 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:50.958205938 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:50.958281994 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:50.958331108 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:50.967372894 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:50.967607021 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.010080099 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.010113955 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.010133982 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.010166883 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.010219097 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.011055946 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.011090040 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.011106968 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.011135101 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.011168957 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.054131985 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.054514885 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.062433004 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.096050978 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.096164942 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.096307993 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.096379995 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.129795074 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.129837990 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.129870892 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.129893064 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.129904032 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.129931927 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.129976988 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.198261023 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.199318886 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.201764107 CEST	49718	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.242739916 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.242777109 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.242793083 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.242810011 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.242827892 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.242839098 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.242856026 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.242877007 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.242889881 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.242889881 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.242897987 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.242930889 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.243458986 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.243488073 CEST	443	49718	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.243632078 CEST	49718	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.244631052 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.244652987 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.244720936 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.245006084 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.245021105 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.245059967 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.245110035 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.245110989 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.245129108 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.245145082 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.245166063 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.245203972 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.245228052 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.245243073 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.245261908 CEST	443	49717	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.245270014 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.245297909 CEST	49717	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.252593994 CEST	49718	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.284564972 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284603119 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284668922 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.284739971 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284761906 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284805059 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.284826994 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284846067 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284873009 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.284879923 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284897089 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284912109 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.284915924 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284918070 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.284923077 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.284936905 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284955978 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284975052 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.284989119 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.284993887 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.285012007 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.285032034 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.285032034 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.285039902 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.285051107 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.285064936 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.285079002 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.285088062 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.285099030 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.285116911 CEST	49716	443	192.168.2.4	3.121.154.182
Apr 15, 2021 13:15:51.285120010 CEST	443	49716	3.121.154.182	192.168.2.4
Apr 15, 2021 13:15:51.285181999 CEST	49716	443	192.168.2.4	3.121.154.182

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2021 13:15:45.421957970 CEST	59042	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:15:45.470737934 CEST	53	59042	8.8.8.8	192.168.2.4
Apr 15, 2021 13:15:46.517716885 CEST	56483	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:15:46.566405058 CEST	53	56483	8.8.8.8	192.168.2.4
Apr 15, 2021 13:15:47.980786085 CEST	51025	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:15:48.029530048 CEST	53	51025	8.8.8.8	192.168.2.4
Apr 15, 2021 13:15:49.233849049 CEST	61516	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:15:49.285449028 CEST	53	61516	8.8.8.8	192.168.2.4
Apr 15, 2021 13:15:49.674021006 CEST	49182	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:15:49.733515024 CEST	53	49182	8.8.8.8	192.168.2.4
Apr 15, 2021 13:15:50.819623947 CEST	59920	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:15:50.900259972 CEST	53	59920	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:07.414642096 CEST	57458	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:07.474770069 CEST	53	57458	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:19.671204090 CEST	50579	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:19.730983973 CEST	53	50579	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:20.355415106 CEST	51703	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:20.415636063 CEST	53	51703	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:20.680936098 CEST	50579	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:20.693511963 CEST	65248	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:20.733647108 CEST	53	50579	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:20.742167950 CEST	53	65248	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:21.366559982 CEST	51703	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:21.431350946 CEST	53	51703	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:21.760504007 CEST	50579	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:21.811949015 CEST	53	50579	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:21.898158073 CEST	53723	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:21.948530912 CEST	53	53723	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:22.425390959 CEST	51703	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:22.485306978 CEST	53	51703	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:23.164208889 CEST	64646	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:23.213016033 CEST	53	64646	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:23.812004089 CEST	50579	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:23.863713026 CEST	53	50579	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:24.179789066 CEST	65298	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:24.228347063 CEST	53	65298	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:24.410979033 CEST	51703	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:24.470757961 CEST	53	51703	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:24.957957983 CEST	59123	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:25.009562969 CEST	53	59123	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:25.741230011 CEST	54531	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:25.790150881 CEST	53	54531	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:26.558312893 CEST	49714	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:26.606956959 CEST	53	49714	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:27.815080881 CEST	58028	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:27.817287922 CEST	50579	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:27.863738060 CEST	53	58028	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:27.877142906 CEST	53	50579	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:28.426740885 CEST	51703	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:28.491347075 CEST	53	51703	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:28.845921993 CEST	53097	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:28.894625902 CEST	53	53097	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:29.759243965 CEST	49257	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:29.808013916 CEST	53	49257	8.8.8.8	192.168.2.4
Apr 15, 2021 13:16:30.682635069 CEST	62389	53	192.168.2.4	8.8.8.8
Apr 15, 2021 13:16:30.731544971 CEST	53	62389	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 15, 2021 13:15:50.819623947 CEST	192.168.2.4	8.8.8.8	0xbd95	Standard query (0)	s.eu.socialsmp.com	A (IP address)	IN (0x0001)
Apr 15, 2021 13:16:07.414642096 CEST	192.168.2.4	8.8.8.8	0x2e1e	Standard query (0)	cofense.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Apr 15, 2021 13:15:50.900259972 CEST	8.8.8.8	192.168.2.4	0xbd95	No error (0)	s.eu.socialsmp.com		3.121.154.182	A (IP address)	IN (0x0001)
Apr 15, 2021 13:16:07.474770069 CEST	8.8.8.8	192.168.2.4	0x2e1e	No error (0)	cofense.com		35.188.168.180	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 15, 2021 13:15:51.010113955 CEST	3.121.154.182	443	192.168.2.4	49717	CN=*.eu.socialsmp.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 11 11:56:52 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed Jun 09 12:56:52 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 13:15:51.010113955 CEST	3.121.154.182	443	192.168.2.4	49717	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 13:15:51.011090040 CEST	3.121.154.182	443	192.168.2.4	49716	CN=*.eu.socialsmp.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 11 11:56:52 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed Jun 09 12:56:52 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 13:15:51.011090040 CEST	3.121.154.182	443	192.168.2.4	49716	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

Behavior

• iexplore.exe
• iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 4808 Parent PID: 800

General

Start time:	13:15:49
Start date:	15/04/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff752b40000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Registry Activities

Analysis Process: iexplore.exe PID: 2108 Parent PID: 4808

General

Start time:	13:15:49
Start date:	15/04/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4808 CREDAT:17410 /prefetch:2
Imagebase:	0xdb0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Registry Activities

Disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://s.eu.socialsmp.com/107519/730836/022c383c-d61a-4261-a221-62bf56c60002/?

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 4808 Parent PID: 800

General

File Activities

File Created

File Written

File Read

Registry Activities

Key Value Created

Key Value Modified

Analysis Process: iexplore.exe PID: 2108 Parent PID: 4808

General

File Activities

File Created

File Written

File Read

Registry Activities

Key Value Created

Disassembly