Windows
Analysis Report
https://winscp.net/download/WinSCP-5.19.6-Setup.exe
Overview
General Information
Detection
Score: | 21 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
cmd.exe (PID: 3360 cmdline:
C:\Windows \system32\ cmd.exe /c wget -t 2 -v -T 60 -P "C:\Use rs\user\De sktop\down load" --no -check-cer tificate - -content-d isposition --user-ag ent="Mozil la/5.0 (Wi ndows NT 6 .1; WOW64; Trident/7 .0; AS; rv :11.0) lik e Gecko" " https://wi nscp.net/d ownload/Wi nSCP-5.19. 6-Setup.ex e" > cmdli ne.out 2>& 1 MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 5880 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) wget.exe (PID: 744 cmdline:
wget -t 2 -v -T 60 - P "C:\User s\user\Des ktop\downl oad" --no- check-cert ificate -- content-di sposition --user-age nt="Mozill a/5.0 (Win dows NT 6. 1; WOW64; Trident/7. 0; AS; rv: 11.0) like Gecko" "h ttps://win scp.net/do wnload/Win SCP-5.19.6 -Setup.exe " MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
iexplore.exe (PID: 5576 cmdline:
"C:\Progra m Files\In ternet Exp lorer\iexp lore.exe" C:\Users\u ser\Deskto p\download \WinSCP-5. 19.6-Setup .exe.svg MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 2972 cmdline:
"C:\Progra m Files (x 86)\Intern et Explore r\IEXPLORE .EXE" SCOD EF:5576 CR EDAT:17410 /prefetch :2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
- cleanup
There are no malicious signatures, click here to show all signatures.
Source: | Author: James Pemberton / @4A616D6573: |
Source: | Author: frack113: |
Source: | Author: frack113: |
- • Compliance
- • Networking
- • System Summary
- • Language, Device and Operating System Detection
Click to jump to signature section
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | File created: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 12 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | 1 Remote System Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 3 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
winscp.net | 88.198.21.111 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
88.198.21.111 | winscp.net | Germany | 24940 | HETZNER-ASDE | false |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 607461 |
Start date and time: 12/04/202202:31:21 | 2022-04-12 02:31:21 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | urldownload.jbs |
Sample URL: | https://winscp.net/download/WinSCP-5.19.6-Setup.exe |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 27 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | SUS |
Classification: | sus21.win@7/11@1/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransf erHost.exe, UpdateNotification Mgr.exe, backgroundTaskHost.ex e, SgrmBroker.exe, conhost.exe , svchost.exe, wuapihost.exe - Excluded IPs from analysis (wh
itelisted): 23.205.181.161, 15 2.199.19.161 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, ie9comview.vo.msecnd.net, ctldl.windowsupdate.com, setti ngs-win.data.microsoft.com, ar c.msn.com, ris.api.iris.micros oft.com, e11290.dspg.akamaiedg e.net, iecvlist.microsoft.com, go.microsoft.com, login.live. com, go.microsoft.com.edgekey. net, sls.update.microsoft.com, displaycatalog.mp.microsoft.c om, img-prod-cms-rt-microsoft- com.akamaized.net, cs9.wpc.v0c dn.net - Execution Graph export aborted
for target wget.exe, PID 744 because there are no executed function - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtQueryValueKey calls found.
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 355 |
Entropy (8bit): | 5.12833922142142 |
Encrypted: | false |
SSDEEP: | 6:TMVBdc9EMdLD5Ltqc41EqAyT6OcTD90/QL3WIZK0QhPPWXpsVDHkEtMjwu:TMHdNMNxOERyWOcnWimI00ObVbkEtMb |
MD5: | F31B4D1EA15A209AFCC1D641C709CEEC |
SHA1: | 914D73F52967C4CC0350A86590BBD9C2F501B137 |
SHA-256: | 9EFAA3F9BF4A710E582D3D130E4DCBACCFF1AA86F2632C5FAF1CF710F6B40441 |
SHA-512: | 406E3F7AA39628B91BCC3644B020D623A6F0BAD36BF286EC63D52EFE26A706C57F43EF47D6A42E0C45B629E84C678C1F2B084D355938904401301758622207DC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 353 |
Entropy (8bit): | 5.1590290865241935 |
Encrypted: | false |
SSDEEP: | 6:TMVBdc9EMdLD5Ltqc4fLGTkUI3c+cTD90/QL3WIZK0QhPPWXpskI5kU5EtMjwu:TMHdNMNxe2kUAc+cnWimI00Obkak6Ety |
MD5: | CB5871AE59FEA995DE6EB85EA053AA9C |
SHA1: | CD1F931BBE2ECBC77C301FEBFA428585BCA20639 |
SHA-256: | 7F0C17F044486608DD9F980C701690699F73FB5FDB88FE104D9B8C3A6C3050A4 |
SHA-512: | 9C93207F0DAF85D4AF994BBD1DB64CF4FF700C2FDF5313138BEFBE0B90FCF0E271B1BF22C9E699CA07832F11FA0BB76014A8195328D3C4400DB5F59E861B5ACC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 359 |
Entropy (8bit): | 5.1293681890004645 |
Encrypted: | false |
SSDEEP: | 6:TMVBdc9EMdLD5Ltqc4GLLHVODSwlecTD90/QL3WIZK0QhPPWXpsyhBcEEtMjwu:TMHdNMNxvL7sOwlecnWimI00ObmZEtMb |
MD5: | 3B5380E51C901452B1C26BFFABE9ED14 |
SHA1: | D2B609B9EA70FD143F97072E41A6969C5A1868FD |
SHA-256: | AC7301BF9DBCD9E630F1948BA2B25FFC3836AECD5E1E9B45D0DAEAAD16A2145D |
SHA-512: | F98412287DD26D95918C5D65D5BCEE6BC34DF2F2849C8791788000CC7FAF9C3342059407AC8F18EC9BCF447F864310390DCF4DF9D10A31EE2BD067E9F455A245 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 349 |
Entropy (8bit): | 5.162906597899968 |
Encrypted: | false |
SSDEEP: | 6:TMVBdc9EMdLD5Ltqc4JqURI5sRcTD90/QL3WIZK0QhPPWXpsgE5EtMjwu:TMHdNMNxivRImRcnWimI00Obd5EtMb |
MD5: | D55628EF463E927FD4297C29E543334F |
SHA1: | 58DA81141C1D5B05BE3B14BDCEAC2C65A8D2DDF7 |
SHA-256: | 70AEBB3526171FC47A14A24E0BDE7E365D82211A67974B65ED78002F35AA216C |
SHA-512: | 873AF93DBB3C23E659F2AD493868BEC8290BDAF8527959155AF0FDE3E879F89CCC2EB4D1DC7AFCE2315CBD4B97298B0B5A693EB629A7B5285B6210203288141E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 355 |
Entropy (8bit): | 5.1626560893215245 |
Encrypted: | false |
SSDEEP: | 6:TMVBdc9EMdLD5Ltqc4UxGwmU7MPcTD90/QL3WIZK0QhPPWXps8K0QU5EtMjwu:TMHdNMNxhGwvWcnWimI00Ob8K075EtMb |
MD5: | 71C3F12FE4CA2E052CAB8F6999FFD3A9 |
SHA1: | 782B35D296B4097100CA056FAB7D4D797136166A |
SHA-256: | 0E8CD466B8FF7B9E54DBB300250E6AE8C10276BED5813B72ACEC90F99B30410A |
SHA-512: | 37E801D40AAEE1D966B6F4F7A0A095A0D6CBC52EEEB1EBBEB9C11C38D89B72ABA1F327D5E8D51F17D3A12F60824C299538F2B050EE562E6505B1AC4AA01DE76B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 353 |
Entropy (8bit): | 5.110540787378884 |
Encrypted: | false |
SSDEEP: | 6:TMVBdc9EMdLD5Ltqc4Qunqus5wdO7cTD90/QL3WIZK0QhPPWXpsAkEtMjwu:TMHdNMNx0naudO7cnWimI00ObxEtMb |
MD5: | B06B66DE2B29F48F74A6AF4934915521 |
SHA1: | 8A78C3BE35132CA672BAC28B463AA251CB49B228 |
SHA-256: | B5CFB2D9675C2C939860A18F9FC3BB35DCF00BFCFEA116E706C2506DE3659F1F |
SHA-512: | 72A56F84EB8A9E8E96C2B89518087EDE6C019766EDC7011D70D66F47883225891F1A53DA045517738C092558E823BDF39BCF49387493BCB39767ED186D76F823 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 355 |
Entropy (8bit): | 5.200497452051882 |
Encrypted: | false |
SSDEEP: | 6:TMVBdc9EMdLD5Ltqc4oTqCDQR5SArVU7cTD90/QL3WIZK0QhPPWXps6Kq5EtMjwu:TMHdNMNxxiRfBecnWimI00Ob6Kq5EtMb |
MD5: | 1E34F050762F2CFA193EDFEF28D0DF37 |
SHA1: | 71D28316925136F0DFE0DAB596CD62DF88C498B9 |
SHA-256: | 3421851FB273FCB406DFB213BB79127CE124710FEA8A46EF36FBAEAFE616B39E |
SHA-512: | D4DE62C55147E430D8E4E1302DB1BB38554C6B483F242DBEBD8C8AB30F52E68F6776FF9D217E98D31CBDA268AC2B6E4545F5E40310D249FE5EE93E248F602021 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 357 |
Entropy (8bit): | 5.14066293991928 |
Encrypted: | false |
SSDEEP: | 6:TMVBdc9EMdLD5Ltqc4YX2nqwacTD90/QL3WIZK0QhPPWXps02CqEtMjwu:TMHdNMNxcjacnWimI00ObVEtMb |
MD5: | 3F715D68853E517B155C327AFB03052F |
SHA1: | E197762B01A17D8AE8A5E02C94DB9C33D87E6FB1 |
SHA-256: | 49FB0A540E96C4E0E05D219367A8C3FFFE702776BC5A690DEEBD644068AA926D |
SHA-512: | 9FA73FED5528E2562539669034D7F2EC8506454B34FF402E473545FDDE84ACBEA3E8356B640399B533820586C6DA47FC719761C3C8F34B9C09D9A3811FDC1C09 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 353 |
Entropy (8bit): | 5.096646403268484 |
Encrypted: | false |
SSDEEP: | 6:TMVBdc9EMdLD5Ltqc4InIC77rOcTD90/QL3WIZK0QhPPWXpsiwE5EtMjwu:TMHdNMNxfnF7WcnWimI00Obe5EtMb |
MD5: | 61D1B3C13688AF8D91D4FDB4A628AFAF |
SHA1: | 592E9461D9E76C9AFC8B0A021960F0C07EB9CEB2 |
SHA-256: | 2A98CA47B836DB03CCDADFA7F74BC091EC3883F5ECA3CA2AC650817741857426 |
SHA-512: | CA7D0DF08D184A3CDF4BA519747DD3FC0E91C377F6871DA35B73BDDB183EF949EE39C81DA94C316986617A66FA8D98039B83EC4BF2B054621E8CA9EFF6CB72D3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 541 |
Entropy (8bit): | 5.097941091950316 |
Encrypted: | false |
SSDEEP: | 12:HE98x4vUVy6GdcvHbK2cvgT1De5RhKkk1DbBKvUVyhmVp9eiBKvUVyp:k9uPJ2s7vsqxePgJ1pxPn9eEx0 |
MD5: | E90CCE23727E4DD14D95647247A7FDBE |
SHA1: | BA36D39667AF62FA3047358C86548A6BA32EAAFC |
SHA-256: | 61BCA9B7004A2041E08B7138A128A5329618E457AC0E328E0DC00133EA9D62F0 |
SHA-512: | C118570C497E937452730E895D282391E0C784BF3ED839622ED7D0B6AB48B38E8ABE890524E48275F6C98440BFF8F3B4B67ABF0CE9901FAB21D6A45C1D80E561 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\wget.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 18357 |
Entropy (8bit): | 4.868815126047053 |
Encrypted: | false |
SSDEEP: | 384:MtLhg5tzGnL0EcZRD42D4iFxLBZD4E/cjGj:Mt9g5t80EGDrDB//D0jGj |
MD5: | A8CA13EC8F2EADB0772A1B77615EC3BE |
SHA1: | 2FF19DC6C3A4BF743DCA7D8796DB1B6ED3DA3D6D |
SHA-256: | C1AB1A23738B6A79115B3D1BEC0F635ED482A3FFFCE005355ADC59F162A9AD04 |
SHA-512: | 3D5434577088446F9C64AFF60FFFE6883008D7EBE11AAFA248D3310BA15658540D7929B0BC217B79A024A8D4BC16A8B140C665D4E408FF7997A74976468095C7 |
Malicious: | false |
Reputation: | low |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 11
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 12, 2022 02:32:21.543804884 CEST | 49717 | 443 | 192.168.2.3 | 88.198.21.111 |
Apr 12, 2022 02:32:21.543869019 CEST | 443 | 49717 | 88.198.21.111 | 192.168.2.3 |
Apr 12, 2022 02:32:21.543987036 CEST | 49717 | 443 | 192.168.2.3 | 88.198.21.111 |
Apr 12, 2022 02:32:21.546216011 CEST | 49717 | 443 | 192.168.2.3 | 88.198.21.111 |
Apr 12, 2022 02:32:21.546243906 CEST | 443 | 49717 | 88.198.21.111 | 192.168.2.3 |
Apr 12, 2022 02:32:21.614610910 CEST | 443 | 49717 | 88.198.21.111 | 192.168.2.3 |
Apr 12, 2022 02:32:21.614744902 CEST | 49717 | 443 | 192.168.2.3 | 88.198.21.111 |
Apr 12, 2022 02:32:21.617898941 CEST | 49717 | 443 | 192.168.2.3 | 88.198.21.111 |
Apr 12, 2022 02:32:21.617924929 CEST | 443 | 49717 | 88.198.21.111 | 192.168.2.3 |
Apr 12, 2022 02:32:21.618129015 CEST | 443 | 49717 | 88.198.21.111 | 192.168.2.3 |
Apr 12, 2022 02:32:21.619488001 CEST | 49717 | 443 | 192.168.2.3 | 88.198.21.111 |
Apr 12, 2022 02:32:21.662195921 CEST | 443 | 49717 | 88.198.21.111 | 192.168.2.3 |
Apr 12, 2022 02:32:21.676146984 CEST | 443 | 49717 | 88.198.21.111 | 192.168.2.3 |
Apr 12, 2022 02:32:21.676192045 CEST | 443 | 49717 | 88.198.21.111 | 192.168.2.3 |
Apr 12, 2022 02:32:21.676306963 CEST | 443 | 49717 | 88.198.21.111 | 192.168.2.3 |
Apr 12, 2022 02:32:21.676481962 CEST | 49717 | 443 | 192.168.2.3 | 88.198.21.111 |
Apr 12, 2022 02:32:21.676523924 CEST | 443 | 49717 | 88.198.21.111 | 192.168.2.3 |
Apr 12, 2022 02:32:21.676548958 CEST | 49717 | 443 | 192.168.2.3 | 88.198.21.111 |
Apr 12, 2022 02:32:21.676637888 CEST | 49717 | 443 | 192.168.2.3 | 88.198.21.111 |
Apr 12, 2022 02:32:21.720392942 CEST | 49717 | 443 | 192.168.2.3 | 88.198.21.111 |
Apr 12, 2022 02:32:21.720433950 CEST | 443 | 49717 | 88.198.21.111 | 192.168.2.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 12, 2022 02:32:21.514389992 CEST | 58116 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2022 02:32:21.537676096 CEST | 53 | 58116 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 12, 2022 02:32:21.514389992 CEST | 192.168.2.3 | 8.8.8.8 | 0x8ffb | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 12, 2022 02:32:21.537676096 CEST | 8.8.8.8 | 192.168.2.3 | 0x8ffb | No error (0) | 88.198.21.111 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49717 | 88.198.21.111 | 443 | C:\Windows\SysWOW64\wget.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-04-12 00:32:21 UTC | 0 | OUT | |
2022-04-12 00:32:21 UTC | 0 | IN | |
2022-04-12 00:32:21 UTC | 0 | IN | |
2022-04-12 00:32:21 UTC | 16 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 02:32:19 |
Start date: | 12/04/2022 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc20000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 1 |
Start time: | 02:32:20 |
Start date: | 12/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c9170000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 2 |
Start time: | 02:32:20 |
Start date: | 12/04/2022 |
Path: | C:\Windows\SysWOW64\wget.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3895184 bytes |
MD5 hash: | 3DADB6E2ECE9C4B3E1E322E617658B60 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 3 |
Start time: | 02:32:23 |
Start date: | 12/04/2022 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff638ba0000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 4 |
Start time: | 02:32:24 |
Start date: | 12/04/2022 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |