3.2
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.74
MFGraph
0.00
反病毒引擎
未检测
暂无反病毒引擎检测结果
动态指标
一个进程试图延迟分析任务。
(1 个事件)
| description | 0de5c83d56cc3003bdf935546f1955dbdf3ecf15654be7db5494043eb8228857.exe 试图睡眠 257.715 秒,实际延迟分析时间 257.715 秒 | |||
将可执行文件投放到用户的 AppData 文件夹
(3 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\tmp2D24.tmp |
| file | C:\Users\Administrator\AppData\Local\Temp\tmp3BA5.tmp |
| file | C:\Users\Administrator\AppData\Local\Temp\tmpDD1C.tmp |
检查适配器地址以检测虚拟网络接口
(7 个事件)
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'UPX1', 'virtual_address': '0x00007000', 'virtual_size': '0x00005000', 'size_of_data': '0x00004600', 'entropy': 7.897902341253568} | entropy | 7.897902341253568 | description | 发现高熵的节 | |||||||||
| entropy | 0.8974358974358975 | description | 此PE文件的整体熵值较高 | |||||||||||
可执行文件使用UPX压缩
(2 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(6 个事件)
| host | 166.77.247.144 | |||
| host | 114.114.114.114 | |||
| host | 162.40.225.206 | |||
| host | 16.115.202.50 | |||
| host | 8.8.8.8 | |||
| host | 15.255.131.30 | |||
在 Windows 启动时自我安装以实现自动运行
(1 个事件)
| reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar | reg_value | C:\Windows\lsass.exe | ||||||
从本地电子邮件客户端收集凭据
(1 个事件)
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts |
生成一些 ICMP 流量
连接到不再响应请求的 IP 地址(合法服务通常会保持运行)
(5 个事件)
| dead_host | 166.77.247.144:1042 |
| dead_host | 162.40.225.206:1042 |
| dead_host | 10.130.29.165:1042 |
| dead_host | 16.115.202.50:1042 |
| dead_host | 15.255.131.30:1042 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1970-01-01 08:00:00
PE Imphash
5d02f6de12eb07fb22fe87e05e50d6a0
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x00006000 | 0x00000000 | 0.0 |
| UPX1 | 0x00007000 | 0x00005000 | 0x00004600 | 7.897902341253568 |
| .rsrc | 0x0000c000 | 0x00001000 | 0x00000800 | 2.6495694551935207 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0000c3c4 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0000c3c4 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0000c4f0 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library ADVAPI32.dll:
• 0x80c59c RegCloseKey
Library MSVCRT.dll:
• 0x80c5a4 time
Library USER32.dll:
• 0x80c5ac wsprintfA
Library WS2_32.dll:
• 0x80c5b4 gethostname
L!This program cannot be run in DOS mode.
iiiiM,
hPD4e4(
M4M4M4|tld\4MTLD803M(
`XPD;@
IEFrame
ATH_Note
rctrl_renwn
c:\sDec
nSep3ug
/%s, %u
.2u:um
nkmrnetG
{Staiex
Kazaa Lk
ry P6I
W0RAR.v.3Z.od.key#
p 5.0 () C
lcomhdeRe$tvor.
dnsapi%{.dllphlp
w@kPa_9le
{cabu'mass
vGubm{l
crosoftd
the.bgold-Uk;s}ca
"Z+cre
iWKQg^
foG+lc-
zcWxrrsf.)OW
+rr ,ar+
og3gnu
.m{6Ov
;WRdN`do8a0;oa
lekk5bnda
ymav_-!'5b_
8o@d0(
@e*.*KAdtpRN
USERPROFILE
:\yaha0
`v.;D
7 e ig;`
lud A
nvQl\+n
:gb puw2D
k3Srb\2aqFqh
5'%i~Ba.=x|
\c$Yf/j
n*ikyQA9
"p3f,FoeSA
\k,Nv EXZrr
naht%w.^
aF:H$Wh'i|s W-1MTc
Ei+!d/.s
Z@vU<$t>?Pl,e%p>0|Bcts@$F
amsQaeA
(`r[a<b
1w-f6}
!b []=-
G_n!CZ]y
lbAs9Y2
Z Lkn,$T.
F:$f]
,YS5dG
;hjX>\lmpt
[STkMdbMHK66-3
L82:tt
+Djg9!?]:Fm1f
Ve-DAE
"MONWz
$<("P"C"8
N&!Vo<SDj=
tQ"K O4"a
x14c;<#n
ABCDEFGHIJK
6LMNOPQRSTUVWXYZ cfgt
jklmFpq
!_vwxyz23456789+/qsX-P
zExp 6.00.26
3IMEO,4P
uTBy@Mfid;
V9Jw,t6-Ty@m-PDt/xP
9Zr="R"s
q-V51O
48X.5sNPs+a^vI?Gp}appmI/%Gk
[mnOf&4nfn-EdAbMv64"DDi{QHL
\HC=u'%Zu>i7bk\2,
'-$uhjp
>a{QUIT
>'PTZ5
-xYIHEL
LO87`+
nTPS&)\\*
|2~^]H+
:.] KlhJ
of.twa
rer\\MicM/s7n5'O'n dYO+ CkfCu_+5
/eu]G? ;P_6OIX]
8*P7Sh
C_^w7[
_'F$3^D
|lfk=Pj
pxeDSE
c|pLh$;x
%pX+>u
wu&q<GG5Wqoh
Pi6twaire\Miicrosofiit\Winidows\iCurren
itVrsiion\RuH
p$Trl6y
I2\CSW|$
ldcC-o^S
jZY-i`;WR
6-F.;_
$j<_RP3
jh`OJ?b4q
fdg4u|`
YCppcM;u
u?IH+Sn
#<Kf#F
B0 ;xv+PV;tQ
3 @F;|/
wiiniGniet.dll[-
5PEKef9ut_
3$tv3Wj(-
B;POi8/x
6~W"B;}
8@le(7loC
WbPV$v5
\;C}0
>F@JuD.F'
V)$Y;t0Y|
b1?mp ,
K?GOGSU~m3f
ne,<};u<)Zt
Q0^]8PU
{;_t$@SDIC1\
U~R/('Rf4;
}e%Y-b$I0
nGUqtv
!cs_0?b
A$]~% {
pzw{ok
jd7FF6|=~
tVe;?Vd;t$hFBn
*gu;r_ipWl
JS:S>}tG
QSZxOO+N!
W*Xp0,
\<<@t?(T
+CY<Jo=B@9zO
Kyd+7h%
-0vYC1-NO/&<
'xqf,wOy/UH]
tb0UE,
0"8d5^7-S;1YU2vHf
x 0|8<
2+SJNr
F}.RU8
cbf0d_
x5FG['@
hv$~,\ l\t3D
Qm {+8
.5a>3K
Hy FQ~
J6f2/Xp
?GLa`;
bx3*oo
+KICY`D
h^ddk3T
o';Wto*9
vt\kQS
'UY3SQ g
g%vAa+qYDW\&^
]G7F(O
=khY(QR
h~8ZnQ;t
GWSYf;
j2.`h
r2Ojx26hR<P
f+eqkNdw "Z
?I7\d;
@ZA{+[
H_tu(n
}8h+|-;O
;}e;}a;WZ
;~C;~?+b
M-JSQaH
P=/sSu
V|Ehmd
[GdlcO`1vUMp6l:p
jQ4Mhp
> Fzr?0
1EpDMlu[4EP`
djk7&s
04Sof,
,\Micro
,sof\W,
,AB\WAP
,ab bF
,ile NaP,m
#*u=9kY1d
8F,ZF>h=
<U<puY6ql_
buG:uCR<hu
sup>Y<s
btN<db7x
75<w_u
Kfuc['{8
\P#NYsYZ
Pu%8.@+u
#<8P>|f
&P2 jKk
\.ocal 6rSeti\.Qngs-V=TemFp5fr
yJ5fI:F/Wu]
]4Mbk$b
=#Lf$a
LLa7PP1d[
CYRtg-
+0S6-h
.5PfO5
guj,(,
g*<u?m
0<Q'Fzd|s0K
zV5Xme
P9d{Vj.
$Pt7lK
Y`f[ 5g;Pl
^:#CYx
bD^:3rS
@PA`Wz
/h(ht!h`
JbG!=!!++
~$k/&;t
}d4H1A|(}.
3*HWS.
Y]G2~
_`EPF0
|$3FP;
[mx#(|
pe\#kkV^S&Y
hXPkWPQ
,>kA&5
54oE'J
Z(MrSPPY
lJS^8
#[=9"E@
K8!PxC
Q"FhWQ"Yz72G
^$cG|$l
xo?~E< r8<=t4<+t0<,<
t(<v aULv7GR<Y
Od3GX%dy
,l_HHt
"}5vBR
+D5uUtm1Oh\9
VRG-'(
vm-!+_|
D#NQPWNy
KDDBS}g^Y
1@&o4,;[;
@5~)XZP;
7l[fW!c
bFO><:t9.5
$8&4E?ao8:ua
0}9-G^u
abM*^&
/dV!IV'LYs
-SRg@C
'Y1Hh<
=+(~.*%8g
,X3+(J-
;t. .u
|#eXrk }
p&hh.`
9\X]$l
U3B@$`W
JIJHp`m
W{WP'O
RKhc4
ebKtW66
k|v*(\/#Rh
FAS5Cp"Y$
^xW0vvP
Je&"TnQra
+;rMSK%nv
J-TmtQ
$pPrYH;\y
.noj8f
wnYE;r
sm@f=AB
hh6Gfpn|#
|&^bBA+ZS
}^WB_X@
_(5^*'_
tSEFtP7
, aNM~XX
nl9YJ.u+YtV[i
X.Abvl7(d
_xFZ h
WN_KMe
CS;~S[`+{
Qr(`T,oYt>)
lOPuDHL%db
>q70}:
;?| 4l
w__;}a
YP"z'GC
lR tSMpW?xp5
hncaH0
wu)P/xAl
y@*-&@'_Z
!5&#cD
pBmu=i
fgT@EH5
[P71/}
&xE[f;
U`eb{[m&
&T#zW*
P]p=V^^Y[@~
n("F$A
l)>7`03V4i
G]%Djd
bNT!E"
~#6"azp
.l( G;(|
~k;~!,
rjv(k Nhu
9t&ET`
lsc:qRH
PGtop&0=
At-^(Eehz{
GF?x\G
HYWWh>x=I
U,TempFNAU
ve;GMGlobalAl
Cas[M$g+
ZgViewOfUnm
vHtked
von)Vaab{
sCopyx
]ESl$lqAP/h
De;y-amc
%[audeChl4M]UByt"A[s
RnIPoi
;i6`H.
3l0Ao 'Gg
g`VueE
_um{@0s
d#m{[1
,`BuffA
Low3lGwvr#w
#EAYMbp
GPGWHU
wwwwwww
KERNEL32.DLL
ADVAPI32.dll
MSVCRT.dll
USER32.dll
WS2_32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegCloseKey
wsprintfA
dbdbdaid_d_d_d_fd_5{
<odcdcdcdd
ZN+?GdA
'^BEE7Dh4D
D^dQ@p"TM
?" -3EsqMb
MEk_?k[c
E"CWB}M
DEPEBy
dyHMoC_
91ED,!
:@z4o P{1\
mLY4fv
Pp2fA`LC(
Af;zAY=
mZ&A;D
MiA|B*
I1Z&f;
HaADD`e
AG1 Py
qZ7QtD
%?DB!DZ
(79tE!
:B[x O
thC@zZ+E"s=E$?sAg
q&b@6CmbB
*? A}c+
EC-?3 g
dy=QBW"
E9@mC%
@?D]AE
C5OS\D
sWA E kz
1kDdd;
FCSDBDvjd`
(mg5dc}dc
dAQ*Mr
^dbQdb
eydc[db8
dPddbdbLdd
e:Dddddd_Bddf<TeJc
%C#qDSh
r0dbdbdcS
AN!Nl,AP
VdE&A'9
)BjXQB5ASZMP6B
TQ><fQ
MhD `
N>Q#r^
q@i=#.
D ~*vl
HQB AA
DJB TDGB
CMgC]N
C'xV4fMg
b$C*8bQ'
BDiE-? x
TBD6CNM
FQDIwyT
MMAoj@`>?tA
N(\{D@}.
D1HV4"
{Q^!DaQ4AD:
Q%bDH+?
eQqQnD
A-1^ACE
[BC@}A>~
#EiDWdm
sCp@`}
7ZDPM9""|
ND'JTC*
H;>WCr
iRQfCyU
!aM{DMp
~*2BYFi
"XJ#P=-H
'j4(rdh
moMVw'8
"$ld2d
"Y.R[*e.
65O&eH[
88Nv^'gO
uMNB0/EN)'m
K +Qs I
iR]MuB
CHAoVE
TrDRWrB"
f=bD'-
C7BuD{D$
MKEn#h
lMot[?
4?IEhm
9t#p'@p
P >.n P
KW P
@D~Ec;@
$A(z"Z^XD65tA
i?K@h6
BRb_e6Zs
sKiAQ
)DMDrg`
N@Ax/V?
A*SD#+GC
[nA0oM
A&"nDU`@<Tr
BlDlBI'
@!b'MW\
CeDGMZ
+N>$B>
U}D(B#
.E(@B_
QSFHZ E
S3DkBS
AE}9aF
;QwA\)
~zLBO"A
Z%Bgcg
0XCfUA
Qf anZv,?
<C!1AC`
T:?E(/
(AYi1|
eAbECa8Bn
yEAQp1DJ!
9RQDb?
D_RF@s}k
iNAi?+
EH&A\v
MkBzM]:@H
'?L}?sBA)C%<
OA`BD->$
04WA"Ek
D"j7EB
@BjAs7r
XA\7X.)
B2NCjz
v'7BHO
>#)/D}
b)@gBY5
2J`F?s
Pm^h|D
B?s2Ci
aQB\t@fAA
&B<pBS
PD#$:8?o\D
@1S4D2`
f=9MYB#1?s<
*r!V2:':
e*DvC0
?g*hD'Q
F\^?vAPG
$4e8+9
Rt;A!X
~=?8J.;ZH
EpL>BEMA
V@E6L@<
:A@{*A@]
+zl~DA
Y-A5}S>
Afg)$D
&w.BUB
k`Cf8U
cQD% Q
D5tWBQT9=$D
j}4]%}OCQ
C]S,_0F=K=tN_!A
e!dcD~t
;daadddd@
D;dc_5M
)dcda/
dcdcdc
pdb!dbN
D@.[ECR
db.Zdb&
dbddjdbddsM
Fdddd]d]
Y/dd9ddu&~db
db[da%dbdd
d_d_bda(dd6
da-db1dd"db d_dbddX?Dmjg
$N"uBJ
D:M}55
PGpQR?s@s/
'ddc~!
eaDd"K
<$T<6x
x5DFWC+BR
NC~eLP7
Pwe,`(@q
b$dBA$
,FDB&I
1|4d[j
=ZBJ;m
e1>De-E
#n_db?kM
sI_Bpq
xA8?Nb
dbd_dddb
|(AuQEe
SMPjWO)C
<Og/fE"#BH0dbP
JpD^Cud`5db]dbD
R?D87>0
IQQlD@-
Fbdb}dd
7ADEjh
jddWddB
iB%}flR
l*y@fr
?@\+EpZ
d_qDI|
A:M}M{?\C
% >>db9
#0TAQX
kBX?ii
o rB*X
9Ce$}t
pMGAE'
F,/fEv
\ddCdbKddkd_jdd5
;{QM-
:AQ[RtB
PYdbdb
mp6W%*s
'efM`"!
yHdddb5d[.
/ddd\
5l[ db
c_ =+E(;db
>Sd\ddyd\vEK<Z9d_/rMddRddgddd[ddTdbvd\dddd
d_8dd dZy
dZdbkd[ddB
db*dddbd_ db
dd\dd4
5"kd\nd_d_d[qd_LdZd[c?^dbwdZdQd_3dddZ
dapd[zd[
d\d] dZ
ddGqd_{d_
dd^dbMd_
dcxdZdd
dd2ddar{
dZdd#dZdbdb+d\\d[gdddZd\
d[md_dag
K?dadbd_s
SVd_|\c
Eddd^C
?s-dd}
dbdahs
Ysd_d_I?W
sjd[n}
pM?#pB
3d[xd_
$L[D'\
d_`d_kd_ ?D&M
uJB~4d
#P6o>I<
PdW\DWd
[d`ddSE
!+/A[ND
#Ndd'8
PE&tqFB+:
ddPZ<C`D
CxfVaT
ed_MInDYYddKdb
dWd_d_d_%mud]]d_-dad_GdPdazdWFd]>db{dcd]
dad]"ddzdddbBd[dd<dafd_dWq?]daWARr
Ppd_d]d[d]d_.d]addxdddaQ
d[}1dada
]dddd d]
dd*da~d]dadaddhd]d_Md]^
Y4*d[dd
ddddd_
dddcdPidddd)ddNdad[d_dad]d_\daTdaS
bv~d_dad_
d]d]@${
Hd]dcdaP
0'C8-CI<
Md[dad_
d_ddddd]
HdbJdc
PQAAf?N
'CP`AQC
@f!D+ I
e:FvBj
dOB);T
I$'ERc
v(vBwC
e!!CdD
[DyxBZ
e9wD iM4
p)'$x?s
D$0C`~
)Az"BJCH
ARzCC>
f!*EhZ
E?$?sv
jD>GM#
=P!7TCD^aDmC@hD2C}8
Cdddddd
}5eMhM
,?ddd\dcd]#dc
dZda{d_Gkd]ydd_R
ydbmydbdP
;kda4daddndd
]dd%db
Process Tree
- 0de5c83d56cc3003bdf935546f1955dbdf3ecf15654be7db5494043eb8228857.exe (2948) "C:\Users\Administrator\AppData\Local\Temp\0de5c83d56cc3003bdf935546f1955dbdf3ecf15654be7db5494043eb8228857.exe"
Hosts
| IP |
|---|
| 166.77.247.144 |
| 114.114.114.114 |
| 162.40.225.206 |
| 16.115.202.50 |
| 8.8.8.8 |
| 15.255.131.30 |
| 50.223.129.194 |
| 108.62.122.56 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| mozilla.org.xpi | ||
| mx.mozilla.org.xpi | ||
| mail.mozilla.org.xpi | ||
| smtp.mozilla.org.xpi | ||
| bounce2.pobox.com |
MX pb-bounce4.pobox.com MX pb-bounce5.pobox.com MX pb-bounce4.pobox.com MX pb-bounce5.pobox.com |
64.147.108.75 |
| ietf.org | MX mail.ietf.org | 104.16.45.99 |
| shore.net |
MX mailfilter02.leaseweb.us MX mailfilter01.leaseweb.us |
85.17.96.111 |
| dom.ain | ||
| cmu.edu |
MX alt3.aspmx.l.google.com MX alt4.aspmx.l.google.com MX alt2.aspmx.l.google.com MX alt1.aspmx.l.google.com MX aspmx.l.google.com |
128.2.42.10 |
| freebsd.org |
MX mx66.freebsd.org MX mx1.freebsd.org MX mx66.freebsd.org MX mx1.freebsd.org |
96.47.72.84 |
| dd.org | MX mxg.dd.org | 69.54.28.11 |
| python-pillow.org |
MX alt1.aspmx.l.google.com MX aspmx2.googlemail.com MX aspmx4.googlemail.com MX aspmx5.googlemail.com MX alt2.aspmx.l.google.com MX aspmx3.googlemail.com |
185.199.111.153 |
| acm.org | MX mail.mailroute.net | 104.17.79.30 |
| mail.ietf.org | A 50.223.129.194 | 50.223.129.194 |
| mailfilter02.leaseweb.us | A 108.62.122.56 | 108.62.122.56 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57665 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51758 | 114.114.114.114 | 53 |
| 192.168.56.101 | 52215 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62361 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62362 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62363 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62364 | 8.8.8.8 | 53 |
| 192.168.56.101 | 62365 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62366 | 8.8.8.8 | 53 |
| 192.168.56.101 | 62367 | 8.8.8.8 | 53 |
| 192.168.56.101 | 62368 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62369 | 8.8.8.8 | 53 |
| 192.168.56.101 | 62370 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62371 | 8.8.8.8 | 53 |
| 192.168.56.101 | 58985 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58985 | 8.8.8.8 | 53 |
| 192.168.56.101 | 50075 | 8.8.8.8 | 53 |
| 192.168.56.101 | 50075 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58624 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58624 | 8.8.8.8 | 53 |
| 192.168.56.101 | 62044 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62515 | 114.114.114.114 | 53 |
| 192.168.56.101 | 60330 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61322 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62306 | 114.114.114.114 | 53 |
| 192.168.56.101 | 55142 | 114.114.114.114 | 53 |
| 192.168.56.101 | 55143 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56111 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56112 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56113 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56114 | 8.8.8.8 | 53 |
| 192.168.56.101 | 58005 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62044 | 8.8.8.8 | 53 |
| 192.168.56.101 | 58005 | 8.8.8.8 | 53 |
| 192.168.56.101 | 64558 | 8.8.8.8 | 53 |
| 192.168.56.101 | 64559 | 8.8.8.8 | 53 |
| 192.168.56.101 | 64560 | 8.8.8.8 | 53 |
| 192.168.56.101 | 49986 | 8.8.8.8 | 53 |
| 192.168.56.101 | 65527 | 8.8.8.8 | 53 |
| 192.168.56.101 | 62324 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.101 | 114.114.114.114 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | e3b0c44298fc1c14_lsass.exe |
|---|---|
| Size | 0.0B |
| Type | empty |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| CRC32 | 00000000 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b4af72159e212424_gpban1l3.txt |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\gpban1l3.txt |
| Size | 38.9KB |
| Processes | 2948 (0de5c83d56cc3003bdf935546f1955dbdf3ecf15654be7db5494043eb8228857.exe) |
| Type | data |
| MD5 | f544c9b9569fcfbaece2274b59419113 |
| SHA1 | e7f71d7c4fc65ce2dd3163f996d93bad34900b31 |
| SHA256 | b4af72159e2124243720c2948af8065cb2ba28f43dbe2f42d22d0bd6ca4d4cde |
| CRC32 | 052F3D70 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7e3d15207e96edce_tmp5048.tmp |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp5048.tmp |
| Size | 59.7KB |
| Processes | 2948 (0de5c83d56cc3003bdf935546f1955dbdf3ecf15654be7db5494043eb8228857.exe) |
| Type | Zip archive data, at least v1.0 to extract, compression method=store |
| MD5 | d6cb7de967dbba92df17d1847eff46aa |
| SHA1 | 38c3ba12d59604d17c0395d600e60e74da675caa |
| SHA256 | 7e3d15207e96edce7af6836843ba3d24e7d929daab34b0118ffb9d2260360da9 |
| CRC32 | 2CF7BE01 |
| ssdeep | None |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | f198230b55708a68_tmp2DB2.tmp |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp2DB2.tmp |
| Size | 59.8KB |
| Processes | 2948 (0de5c83d56cc3003bdf935546f1955dbdf3ecf15654be7db5494043eb8228857.exe) |
| Type | Zip archive data, at least v1.0 to extract, compression method=store |
| MD5 | c88c6ebb8764fd90a05fe6953a5a26f2 |
| SHA1 | b0dc1b4df1429fc7b93952e26e9e2d430092cc22 |
| SHA256 | f198230b55708a680c6dc669007c4f15036c2d1f66ca931121b5a83e8b2cc858 |
| CRC32 | F81B285C |
| ssdeep | None |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 8ac9139ec5f7bc2d_tmp2D24.tmp |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp2D24.tmp |
| Size | 59.4KB |
| Processes | 2948 (0de5c83d56cc3003bdf935546f1955dbdf3ecf15654be7db5494043eb8228857.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 3972abaa6da1407320d51d07754ae0bf |
| SHA1 | ea77c1a6c7a595cbe5be952a908b5c650bcf75b3 |
| SHA256 | 8ac9139ec5f7bc2d260fce87e8be68c653ccde5dd43c52db83e4606d4f3323be |
| CRC32 | 6CA96960 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1b6be2c35bf4ba51_tmp3ba5.tmp |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\tmp3BA5.tmp |
| Size | 59.4KB |
| Processes | 2948 (0de5c83d56cc3003bdf935546f1955dbdf3ecf15654be7db5494043eb8228857.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | de402092a72ecd1bc23147dcb38d556b |
| SHA1 | e7bdb4ecf77e6309af499e420024325b5ca6b39c |
| SHA256 | 1b6be2c35bf4ba51800535b03d16999fc812b0f810f85df6c817fe62dd3143ff |
| CRC32 | D30CADDB |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | bd30b62ae8682c6a_tmpDD1C.tmp |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\tmpDD1C.tmp |
| Size | 59.4KB |
| Processes | 2948 (0de5c83d56cc3003bdf935546f1955dbdf3ecf15654be7db5494043eb8228857.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 4ff545628650659046e59eddfeb0aca8 |
| SHA1 | 5d3ed25226276b9711a359d8f4e683b23ac05ef2 |
| SHA256 | bd30b62ae8682c6a5738c137ff4914bf0a68ea8743867eb9ed520fd25e5d0ec2 |
| CRC32 | 9A8EC237 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.