ID: 376562Cookbook: browseurl.jbsTime: 17:55:00Date: 26/03/2021Version: 31.0.0 Emerald
2
33
333333344455666666777777899999
10101010121213131313141414141515151616161616
161617
1717
1717
3
Table of Contents
Table of ContentsAnalysis Report http://data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612
OverviewGeneral InformationDetectionSignaturesClassification
StartupMalware ConfigurationYara OverviewSigma OverviewSignature OverviewMitre Att&ck MatrixBehavior GraphScreenshots
ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic
General InformationSimulations
Behavior and APIsJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
Created / dropped FilesStatic File Info
No static file infoNetwork Behavior
Network Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 1456 Parent PID: 792GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 5860 Parent PID: 1456GeneralFile Activities
Analysis Process: OpenWith.exe PID: 5452 Parent PID: 792General
DisassemblyCode Analysis
Copyright Joe Security LLC 2021 Page 2 of 17
Analysis Report http://data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612…
Overview
General Information
Sample URL: data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9...XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612
Analysis ID: 376562
Infos:
Most interesting Screenshot:
Detection
Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%
Signatures
No high impact signatures.
Classification
Malware Configuration
Yara Overview
Sigma Overview
No Sigma rule has matched
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
System is w10x64
iexplore.exe (PID: 1456 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 5860 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1456 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)OpenWith.exe (PID: 5452 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: D179D03728E95E040A889F760C1FC402)
cleanup
No configs have been found
No yara matches
Startup
Copyright Joe Security LLC 2021 Page 3 of 17
Signature Overview
• Compliance
• Networking
• System Summary
Click to jump to signature section
There are no malicious signatures, There are no malicious signatures, click here to show all signaturesclick here to show all signatures ..
Mitre Att&ck Matrix
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
CommandandControl
NetworkEffects
RemoteServiceEffects Impact
ValidAccounts
WindowsManagementInstrumentation
PathInterception
ProcessInjection 1
Masquerading 1 OSCredentialDumping
File andDirectoryDiscovery 1
RemoteServices
Data fromLocalSystem
ExfiltrationOver OtherNetworkMedium
Non-ApplicationLayerProtocol 2
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
ModifySystemPartition
DefaultAccounts
ScheduledTask/Job
Boot orLogonInitializationScripts
Boot orLogonInitializationScripts
ProcessInjection 1
LSASSMemory
SystemInformationDiscovery 1
RemoteDesktopProtocol
Data fromRemovableMedia
ExfiltrationOverBluetooth
ApplicationLayerProtocol 2
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
DeviceLockout
DomainAccounts
At (Linux) Logon Script(Windows)
LogonScript(Windows)
Obfuscated Filesor Information
SecurityAccountManager
QueryRegistry
SMB/WindowsAdmin Shares
Data fromNetworkSharedDrive
AutomatedExfiltration
IngressToolTransfer 1
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
DeleteDeviceData
Behavior Graph
Copyright Joe Security LLC 2021 Page 4 of 17
Behavior Graph
ID: 376562
URL: http://data.pendo.io/data/g...
Startdate: 26/03/2021
Architecture: WINDOWS
Score: 0
iexplore.exe
2 60
started
OpenWith.exe
started
iexplore.exe
26
started
ghs.googlehosted.com
172.217.168.51, 49700, 49701, 80
GOOGLEUS
United States
data.pendo.io
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Screenshots
Copyright Joe Security LLC 2021 Page 5 of 17
Source Detection Scanner Label Link
data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612
0% Avira URL Cloud safe
No Antivirus matches
No Antivirus matches
No Antivirus matches
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
URLs
Copyright Joe Security LLC 2021 Page 6 of 17
Source Detection Scanner Label Link
amerisure.corporate-notifications.com/app/UserHome 0% Avira URL Cloud safe
Name IP Active Malicious Antivirus Detection Reputation
ghs.googlehosted.com 172.217.168.51 true false unknown
data.pendo.io unknown unknown false high
Name Malicious Antivirus Detection Reputation
data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612
false high
0 false low
Name Source Malicious Antivirus Detection Reputation
amerisure.corporate-notifications.com/app/UserHome f8bd2822-002a-478f-66a9-0178efd7ee1f[1].json.2.dr
false Avira URL Cloud: safe unknown
data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5Q
OpenWith.exe, 00000004.00000002.258799935.000001C20589C000.00000004.00000020.sdmp
false high
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
Domains and IPs
Contacted Domains
Contacted URLs
URLs from Memory and Binaries
Contacted IPs
Public
Copyright Joe Security LLC 2021 Page 7 of 17
General Information
Joe Sandbox Version: 31.0.0 Emerald
Analysis ID: 376562
Start date: 26.03.2021
Start time: 17:55:00
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 4m 27s
Hypervisor based Inspection enabled: false
Report type: light
Cookbook file name: browseurl.jbs
Sample URL: data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612
Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed: 21
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledAMSI enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: CLEAN
Classification: clean0.win@4/9@1/1
EGA Information: Failed
HCA Information: Successful, ratio: 100%Number of executed functions: 0Number of non-executed functions: 0
Cookbook Comments: Adjust boot timeEnable AMSI
IP Domain Country Flag ASN ASN Name Malicious
172.217.168.51 ghs.googlehosted.com United States 15169 GOOGLEUS false
Copyright Joe Security LLC 2021 Page 8 of 17
Warnings:Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exeExcluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 104.43.193.48, 104.42.151.234, 104.83.120.32, 52.147.198.201, 95.100.54.203, 20.82.210.154, 152.199.19.161, 23.0.174.184, 23.0.174.200, 23.10.249.26, 23.10.249.43, 20.54.26.129Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.netVT rate limit hit for: http://data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612
Time Type Description
17:56:04 API Interceptor 1x Sleep call for process: OpenWith.exe modified
No context
Show All
Simulations
Behavior and APIs
Joe Sandbox View / Context
IPs
Domains
Copyright Joe Security LLC 2021 Page 9 of 17
No context
No context
No context
No context
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{280937FF-8E97-11EB-90E5-ECF4BB570DC9}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 32344
Entropy (8bit): 1.7917940952679492
Encrypted: false
SSDEEP: 96:rhZJZ/2cWmtLsabfLsMsurMKM5sMsIEqKsMsuqQpjjTIs3sMsvAM2:rhZJZ/2cWmtDfjNMt07e2
MD5: 738868B1CAA23F8505342775CBFC55F6
SHA1: A8FC3EFB3A77744693993143CDCE11F74E7B0C69
SHA-256: 67B484FB4C5328500F93AFB18ABCB0E8BEABD5F44D7AAA7C2613F63749DEB8B7
SHA-512: 667B29E29D67ED9F5D6A8A0E90578F8A641A89F636CD74A7FFFEC9BD16DFC993E8208FC7EF75716DEFE09A6F38EE14E17643776BA144B7BB2A3BC657ACAA99CA
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{28093801-8E97-11EB-90E5-ECF4BB570DC9}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 19032
Entropy (8bit): 1.5989375381789275
Encrypted: false
SSDEEP: 48:IwgGcprlGwpapG4pQFGrapbSPGQpByGHHpcHTGUpQQXGcpm:rEZvQr61BSZjJ2R6kg
MD5: 965C80F12D4A6B3ABD28529AC77AF8CF
SHA1: 3A2E79FC6B4E5616145106376595D9B2DCA67F20
SHA-256: 0DB38AE4F4A3BAFE4CF716B5189C18ED6CD8F62E6ADC5C63615CB2F8FFC53A29
SHA-512: AAB4209F8DC5FE341A6559931E233C6F8BB805E33C3376722148F68F02436898201FFB65211C519CE9093443C5E6D7121E467C2112C44F424974A3D9C13C7E0E
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\f8bd2822-002a-478f-66a9-0178efd7ee1f[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 3941
Entropy (8bit): 5.829504221818381
Encrypted: false
SSDEEP: 48:YCCMI6+GbcMpFTu2Sf9Ud1GCuaFuWXFl6ZcTzSf+ywpYM3Bm54AX/E85Y8LGfUGg:Gv0i2SVS1GTWVljSf+Zp3BM/E2Lqc
MD5: 049C23297C3F9FCCA058935797A36EAB
ASN
JA3 Fingerprints
Dropped Files
Created / dropped Files
Copyright Joe Security LLC 2021 Page 10 of 17
SHA1: 12FEC947722986EE66D10DED3A756659C57084F3
SHA-256: B3F59316E3DA72FAFDFE4F22D7DBDB494B8658C0AD5CFBF29071DA25B89F4698
SHA-512: 757CFE0AC508FEFA57427F537976EBF35FA2B60E65B64E1488FF9935AE927674934022D3D2CE600A77830C649403FF0AB7194E382C94E6CAFE8F969EAC2B96A1
Malicious: false
Reputation: low
Preview:{"guides":[],"normalizedUrl":"http://amerisure.corporate-notifications.com/app/UserHome","lastGuideStepSeen":{"isMultiStep":false,"state":""},"guideWidget":{"enabled":false,"hidePoweredBy":true,"data":{"guideCssUrl":"","onboarding":false}},"guideCssUrl":"","throttling":{"count":1,"enabled":true,"interval":1,"unit":"Hour"},"autoOrdering":["NlTeFTb9NeR1lTx_nqIcu3YyDLc","tX0e3fVGp6PfUmrEY3x_brG2MVo","1GD5vdAlnWRDwENdkuB2PpIO50A","79EdYJJFZR-cW5BgnsB7vhigpuc","zgdcIIY5x9IprKb1-g1oNDQUc-M","VnNTQO8COlHgNm39QRqhiBcL18o","yTKWUaSYaGDhS0_LV4CZzWUWqNY","UvKqQBDJroNnElcTvVBcBM0ljXY","lJCJcGF0MUFxAUU5Uh9-Ew3JZ8g","gxmOtiQaIz84F0VPHMJTvhJmfjI","9SKs_YD_kLYO6s90cDBZpqud2sY","dGe7Mh59esoF8tvUuDfGky-sMTI","O16fZeKZ23hz1mItHRnxzgFX92M","qjww2SRiqcAmioFAsnrwIgu6enU","hRzfGXvUY9LN4zaYO6bAmzjA26o","ZzuZOdqpkBZ9n7-VQx2UtL_aTG0","L1IuAu1TQ3JfQA6AIMyt7SmBJw8","gBTCcgnE_4IMkBAsw692i0WPTK0","NWwqT6-ETM5poIYwb87BaM3L4jc","eE7Y9z6Jm9ITmg3y55OLztehJEk","72nuuTQbcF4Q5dzXA4vecxMILy4","Bx1_-20nc-OO_-VN3-_LSDfiEGE",
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\f8bd2822-002a-478f-66a9-0178efd7ee1f[1].json
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\f8bd2822-002a-478f-66a9-0178efd7ee1f.json.s0gs0lj.partialProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 3941
Entropy (8bit): 5.829504221818381
Encrypted: false
SSDEEP: 48:YCCMI6+GbcMpFTu2Sf9Ud1GCuaFuWXFl6ZcTzSf+ywpYM3Bm54AX/E85Y8LGfUGg:Gv0i2SVS1GTWVljSf+Zp3BM/E2Lqc
MD5: 049C23297C3F9FCCA058935797A36EAB
SHA1: 12FEC947722986EE66D10DED3A756659C57084F3
SHA-256: B3F59316E3DA72FAFDFE4F22D7DBDB494B8658C0AD5CFBF29071DA25B89F4698
SHA-512: 757CFE0AC508FEFA57427F537976EBF35FA2B60E65B64E1488FF9935AE927674934022D3D2CE600A77830C649403FF0AB7194E382C94E6CAFE8F969EAC2B96A1
Malicious: false
Reputation: low
Preview:{"guides":[],"normalizedUrl":"http://amerisure.corporate-notifications.com/app/UserHome","lastGuideStepSeen":{"isMultiStep":false,"state":""},"guideWidget":{"enabled":false,"hidePoweredBy":true,"data":{"guideCssUrl":"","onboarding":false}},"guideCssUrl":"","throttling":{"count":1,"enabled":true,"interval":1,"unit":"Hour"},"autoOrdering":["NlTeFTb9NeR1lTx_nqIcu3YyDLc","tX0e3fVGp6PfUmrEY3x_brG2MVo","1GD5vdAlnWRDwENdkuB2PpIO50A","79EdYJJFZR-cW5BgnsB7vhigpuc","zgdcIIY5x9IprKb1-g1oNDQUc-M","VnNTQO8COlHgNm39QRqhiBcL18o","yTKWUaSYaGDhS0_LV4CZzWUWqNY","UvKqQBDJroNnElcTvVBcBM0ljXY","lJCJcGF0MUFxAUU5Uh9-Ew3JZ8g","gxmOtiQaIz84F0VPHMJTvhJmfjI","9SKs_YD_kLYO6s90cDBZpqud2sY","dGe7Mh59esoF8tvUuDfGky-sMTI","O16fZeKZ23hz1mItHRnxzgFX92M","qjww2SRiqcAmioFAsnrwIgu6enU","hRzfGXvUY9LN4zaYO6bAmzjA26o","ZzuZOdqpkBZ9n7-VQx2UtL_aTG0","L1IuAu1TQ3JfQA6AIMyt7SmBJw8","gBTCcgnE_4IMkBAsw692i0WPTK0","NWwqT6-ETM5poIYwb87BaM3L4jc","eE7Y9z6Jm9ITmg3y55OLztehJEk","72nuuTQbcF4Q5dzXA4vecxMILy4","Bx1_-20nc-OO_-VN3-_LSDfiEGE",
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\f8bd2822-002a-478f-66a9-0178efd7ee1f.json.s0gs0lj.partial:Zone.IdentifierProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: ASCII text, with CRLF line terminators
Category: dropped
Size (bytes): 26
Entropy (8bit): 3.95006375643621
Encrypted: false
SSDEEP: 3:gAWY3n:qY3n
MD5: FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA1: D59FC84CDD5217C6CF74785703655F78DA6B582B
SHA-256: EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
SHA-512: AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
Malicious: false
Reputation: low
Preview:[ZoneTransfer]..ZoneId=3..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\f8bd2822-002a-478f-66a9-0178efd7ee1f.json:Zone.IdentifierProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: very short file (no magic)
Category: modified
Size (bytes): 1
Entropy (8bit): 0.0
Encrypted: false
SSDEEP: 3:W:W
MD5: ECCBC87E4B5CE2FE28308FD9F2A7BAF3
SHA1: 77DE68DAECD823BABBB58EDB1C8E14D7106E83BB
SHA-256: 4E07408562BEDB8B60CE05C1DECFE3AD16B72230967DE01F640B7E4729B49FCE
SHA-512: 3BAFBF08882A2D10133093A1B8433F50563B93C14ACD05B79028EB1D12799027241450980651994501423A66C276AE26C43B739BC65C4E16B10C3AF6C202AEBB
Malicious: false
Reputation: low
Copyright Joe Security LLC 2021 Page 11 of 17
Static File Info
No static file info
Preview:3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\f8bd2822-002a-478f-66a9-0178efd7ee1f.json:Zone.Identifier
C:\Users\user\AppData\Local\Temp\JavaDeployReg.logProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with CRLF line terminators
Category: modified
Size (bytes): 89
Entropy (8bit): 4.502442319249752
Encrypted: false
SSDEEP: 3:oVXUGRtkV4FqH8JOGXnEGRtkV4Fp+n:o9Uck2iqEck2g
MD5: 6605D09FFCF88D1BBAE94FF360EA2C34
SHA1: F19E332380A35DA16D32F4643A0AE8FB20474C06
SHA-256: 8A1687D2757D08AABD667A5BA0C821AF1548512974CAC056AF085705A076ECA5
SHA-512: E023CA4B3958AF1BAC61EEFD40160C985070A5EE2F17EEBFAE51EC44B1B444F4ADBFB08BCA99A5BAA61B09C59AF069B048121044598500C76BC3741E2B1DA700
Malicious: false
Reputation: low
Preview:[2021/03/26 17:55:44.720] Latest deploy version: ..[2021/03/26 17:55:44.720] 11.211.2 ..
C:\Users\user\AppData\Local\Temp\~DF5A84473704DB633C.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 29989
Entropy (8bit): 0.3309272852524988
Encrypted: false
SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwO9lwe9l2o/9l2A9la7:kBqoxKAuvScS+hfo+BQy
MD5: 182136805D94FE6E26345C9309363CF0
SHA1: 933032D39A0752C5C9C947622F09E6B82703CC56
SHA-256: 2AB9420C09B1FE9428189AA9AADF52BA284A64278609FCD2FB5B12A7F197822A
SHA-512: D534854FDAE82FE111D7B28BDD7C8BDA755D7856180D14CA665A364E471E08C48B419FAE4792307927C55CBD37045184D025972AE6E534B07C59F9DE82A3398C
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DFB67654E64A59403C.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 12981
Entropy (8bit): 0.4373694319945348
Encrypted: false
SSDEEP: 12:c9lCg5/9lCgeK9l26an9l26an9l8fRS9l8fRC9lTqTls/GXcXTc:c9lLh9lLh9lIn9lIn9loS9loC9lWhK6
MD5: 597C1DC618DA3E876FC75FAFA477DBBA
SHA1: D1CACA55E2B30325EA2C321D50EA5BE255BD63B1
SHA-256: E2030329DA09E0B0F5D89C47CD47B36B80770956A99931767E2F8BAA5AC0034E
SHA-512: 4C569E918533A3557E498084569B0489EBA2C8A291CF2C04EEE58F239C3D894B52225E867B0EFF6900A27F518935BB8ABE73828F248AA359B9AA49CD511C1583
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Copyright Joe Security LLC 2021 Page 12 of 17
Network Port Distribution
Total Packets: 35
• 53 (DNS)
• 80 (HTTP)
Network Behavior
Timestamp Source Port Dest Port Source IP Dest IP
Mar 26, 2021 17:55:46.058150053 CET 49700 80 192.168.2.5 172.217.168.51
Mar 26, 2021 17:55:46.059001923 CET 49701 80 192.168.2.5 172.217.168.51
Mar 26, 2021 17:55:46.070769072 CET 80 49700 172.217.168.51 192.168.2.5
Mar 26, 2021 17:55:46.070807934 CET 80 49701 172.217.168.51 192.168.2.5
Mar 26, 2021 17:55:46.070947886 CET 49701 80 192.168.2.5 172.217.168.51
Mar 26, 2021 17:55:46.070950031 CET 49700 80 192.168.2.5 172.217.168.51
Mar 26, 2021 17:55:46.071373940 CET 49701 80 192.168.2.5 172.217.168.51
Mar 26, 2021 17:55:46.083214045 CET 80 49701 172.217.168.51 192.168.2.5
Mar 26, 2021 17:55:46.364347935 CET 80 49701 172.217.168.51 192.168.2.5
Mar 26, 2021 17:55:46.364402056 CET 80 49701 172.217.168.51 192.168.2.5
Mar 26, 2021 17:55:46.364430904 CET 80 49701 172.217.168.51 192.168.2.5
Mar 26, 2021 17:55:46.364504099 CET 49701 80 192.168.2.5 172.217.168.51
Mar 26, 2021 17:55:46.364559889 CET 49701 80 192.168.2.5 172.217.168.51
Mar 26, 2021 17:56:04.637079954 CET 49700 80 192.168.2.5 172.217.168.51
Mar 26, 2021 17:56:04.637629032 CET 49701 80 192.168.2.5 172.217.168.51
Timestamp Source Port Dest Port Source IP Dest IP
Mar 26, 2021 17:55:37.525881052 CET 53784 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:37.538378000 CET 53 53784 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:38.932173014 CET 65307 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:38.944984913 CET 53 65307 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:39.701036930 CET 64344 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:39.714905024 CET 53 64344 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:40.500896931 CET 62060 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:40.514560938 CET 53 62060 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:41.632647038 CET 61805 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:41.645179033 CET 53 61805 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:42.607033014 CET 54795 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:42.621372938 CET 53 54795 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:43.613796949 CET 49557 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:43.626708031 CET 53 49557 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:44.538830996 CET 61733 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:44.551476002 CET 53 61733 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:44.884429932 CET 65447 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:44.904645920 CET 53 65447 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:45.636243105 CET 52441 53 192.168.2.5 8.8.8.8
TCP Packets
UDP Packets
Copyright Joe Security LLC 2021 Page 13 of 17
Mar 26, 2021 17:55:45.649326086 CET 53 52441 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:46.013955116 CET 62176 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:46.040565968 CET 53 62176 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:46.659379005 CET 59596 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:46.672270060 CET 53 59596 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:47.902291059 CET 65296 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:47.914514065 CET 53 65296 8.8.8.8 192.168.2.5
Mar 26, 2021 17:55:48.686161995 CET 63183 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:55:48.699125051 CET 53 63183 8.8.8.8 192.168.2.5
Mar 26, 2021 17:56:08.152252913 CET 60151 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:56:08.206156015 CET 53 60151 8.8.8.8 192.168.2.5
Mar 26, 2021 17:56:11.846831083 CET 56969 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:56:11.880951881 CET 53 56969 8.8.8.8 192.168.2.5
Mar 26, 2021 17:56:14.890780926 CET 55161 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:56:14.904334068 CET 53 55161 8.8.8.8 192.168.2.5
Mar 26, 2021 17:56:15.910295010 CET 55161 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:56:15.923836946 CET 53 55161 8.8.8.8 192.168.2.5
Mar 26, 2021 17:56:16.925976992 CET 55161 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:56:16.939119101 CET 53 55161 8.8.8.8 192.168.2.5
Mar 26, 2021 17:56:18.935242891 CET 55161 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:56:18.948187113 CET 53 55161 8.8.8.8 192.168.2.5
Mar 26, 2021 17:56:22.935873985 CET 55161 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:56:22.948529005 CET 53 55161 8.8.8.8 192.168.2.5
Mar 26, 2021 17:56:31.620795012 CET 54757 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:56:31.639468908 CET 53 54757 8.8.8.8 192.168.2.5
Mar 26, 2021 17:56:47.189100981 CET 49992 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:56:47.201809883 CET 53 49992 8.8.8.8 192.168.2.5
Mar 26, 2021 17:56:51.106435061 CET 60075 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:56:51.124408960 CET 53 60075 8.8.8.8 192.168.2.5
Mar 26, 2021 17:57:23.189039946 CET 55016 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:57:23.205697060 CET 53 55016 8.8.8.8 192.168.2.5
Mar 26, 2021 17:57:24.413165092 CET 64345 53 192.168.2.5 8.8.8.8
Mar 26, 2021 17:57:24.439363956 CET 53 64345 8.8.8.8 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Mar 26, 2021 17:55:46.013955116 CET 192.168.2.5 8.8.8.8 0xe263 Standard query (0)
data.pendo.io A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Mar 26, 2021 17:55:46.040565968 CET
8.8.8.8 192.168.2.5 0xe263 No error (0) data.pendo.io ghs.googlehosted.com CNAME (Canonical name)
IN (0x0001)
Mar 26, 2021 17:55:46.040565968 CET
8.8.8.8 192.168.2.5 0xe263 No error (0) ghs.googlehosted.com
172.217.168.51 A (IP address) IN (0x0001)
data.pendo.io
Session ID Source IP Source Port Destination IP Destination Port Process
0 192.168.2.5 49701 172.217.168.51 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
DNS Queries
DNS Answers
HTTP Request Dependency Graph
HTTP Packets
Copyright Joe Security LLC 2021 Page 14 of 17
Code Manipulations
Statistics
Behavior
• iexplore.exe
• iexplore.exe
• OpenWith.exe
Mar 26, 2021 17:55:46.071373940 CET
297 OUT GET /data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: data.pendo.ioConnection: Keep-Alive
Mar 26, 2021 17:55:46.364347935 CET
306 IN HTTP/1.1 200 OKDate: Fri, 26 Mar 2021 16:55:46 GMTContent-Type: application/jsonTransfer-Encoding: chunkedVary: Accept-EncodingAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Origin,Accept,Content-Type,AuthorizationAccess-Control-Allow-Methods: GET,POSTAccess-Control-Allow-Origin: *Access-Control-Max-Age: 600X-Content-Type-Options: nosniffContent-Encoding: gzipVia: 1.1 googleData Raw: 39 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bd 57 d9 ae a3 48 12 fd 17 3f 17 dd 80 cd 56 d2 3c 80 59 0c 36 ab 01 1b ba 5a 08 b3 63 36 b3 18 43 a9 fe 7d 32 ef bd dd 5d aa a9 91 a6 35 a3 79 c3 79 22 63 39 27 23 33 fc 75 93 4d 45 9c 0c 9b cf bf fd fe 69 d3 b4 7d 1d 56 c5 9a c4 4e 5f 6d 3e 6f f2 71 ec 3e ff fa 6b 58 27 7d 31 4c 7d f2 4b d4 f6 5d db 87 63 82 34 ed 58 a4 45 14 8e 45 db 0c 60 bd fe 35 ec ba 5f 9d 21 e9 0f 6d 9d 6c 3e 6d aa 70 18 25 e8 fb 3c 26 dd 39 49 9a cd e7 af 9b 62 50 a7 6a 2c e0 d2 e6 73 1a 56 43 f2 69 33 8c c0 1f 08 b6 f9 f6 e9 3d 99 4b 11 67 c9 08 cd 93 26 bc 55 49 fc a7 69 0e dc 19 ed 9c f4 49 cc 2d 9b cf 63 3f 81 fd 71 38 86 d0 f8 ad 90 fd 30 bc a7 0e 32 68 9b 5b 1b f6 71 d1 64 1f 0e be fd 11 e1 7b ab 31 ef db 71 ac de ac be 6e a2 76 6a 40 68 ec d3 5f b1 df a3 14 cd 98 f4 cf 10 b0 02 b0 a9 29 80 d1 e6 d0 4e 3d cc 3a 9c c6 56 ef 63 40 12 0c f5 db 46 ab ec 44 b4 6f 8c 96 58 58 65 bf 82 e6 21 47 d3 d6 5b f8 53 04 d2 1a af 68 b2 4d 5d a9 23 8d d4 a9 7b c1 db be 82 5b 2f e1 aa db 02 14 93 78 e2 19 b3 55 73 b1 f8 59 d0 e2 fb c4 e1 46 27 eb 04 ca 02 94 62 84 d8 53 14 d1 b7 90 e8 42 70 59 33 70 d4 33 2f b2 6e 82 9e d7 2c 8e 64 d9 23 5e 8c dc f5 c7 1b 86 64 58 ab f1 a6 13 21 2a 40 dd 46 b3 4d 9d de eb d5 21 d3 ea 2d 63 5a 8f bc e0 a2 13 46 c3 b8 8b 7d bc 38 e1 d9 0b 25 3e 3f a3 c1 c9 dd ed fd f5 e2 5c 1e 9a 07 50 e7 79 7c 98 1c af f4 ad d6 08 55 64 3f 5d 2e e2 54 b4 2a af 10 ad 94 bd 12 49 22 aa 3a e2 8b 75 1c c2 c9 19 44 98 b7 8a 4f 67 00 cd 5e b5 3e 16 66 28 af f4 4e 44 5d e3 a0 2a f6 33 57 ea b4 94 01 ca 9c 8f 43 e0 f1 c1 fd e4 e9 e4 c0 a0 11 cf f9 dd 63 8a f1 01 7a 8e a5 84 52 73 82 49 86 56 a4 c7 a7 33 f1 a9 74 5f 90 41 b5 e1 5e 1d 23 53 3f 39 fa f8 36 5f b1 5a 1e 0f 56 f3 5a 33 f1 ca e0 b0 de 47 39 cf f8 d9 2a 1e 11 5b 17 ad c8 0e 4d 3f cb d9 44 26 8d 03 d0 dc 5a 53 e9 fa 74 3c e6 a4 ed d6 10 04 bf b1 f5 5a b2 38 09 d9 f0 d7 c9 d7 e3 47 77 e7 7c a6 a1 10 d7 7c e1 ce 78 0a 42 5b 4201 7a c2 e4 89 9d 30 db dc 2a a9 c9 92 ac ac 2e 23 75 ae 39 65 a6 01 9a 71 f6 3e ca 1a 21 d8 c9 ea 9d 63 87 99 64 f0 02 bd 18 f6 11 ee d5 2e f3 c3 26 11 c1 56 89 ae 95 bd f9 46 53 5c a8 6e 4f bb 12 2a 98 08 94 c7 ac a4 52 33 b2 5d 67 db 85 20 f4 d3 3a 26 b9 22 dc 01 4a e1 cd 34 d9 e6 2d 12 77 26 11 af 57 76 f7 4c a2 97 2a 9f 96 1d 40 b9 17 16 20 38 da 44 88 ae 07 88 ab 6d 91 e0 74 e6 d3 42 90 04 80 9e e6 fd 11 7b 4d db 9e a2 5a 85 f5 0e d3 da 69 84 72 31 3a 03 66 c5 f2 a2 e2 1c 67 d9 31 2b 47 2d b5 b3 9d de 6f a2 45 7b 31 0b 51 cc d0 66 a4 f5 96 9a 18 66 47 bd 46 e9 ad 74 6c 24 a5 d2 11 72 45 0b 8d 2f c6 a4 df 51 72 92 35 e4 a3 63 aa 38 d1 71 25 a6 a1 82 3c de 72 dc 4e f6 85 f3 52 4a 62 66 4f bc bc ba 72 ee de 3d 13 a0 42 c1 de 14 f9 a9 f9 16 69 85 b6 7a b8 0a 0f 4d f4 cc 21 d3 e1 c9 11 a7 Data Ascii: 97aWH?V<Y6Zc6C}2]5yy"c9'#3uMEi}VN_m>oq>kX'}1L}K]c4XEE`5_!ml>mp%<&9IbPj,sVCi3=Kg&UIiI-c?q802h[qd{1qnvj@h_)N=:Vc@FDoXXe!G[ShM]#{[/xUsYF'bSBpY3p3/n,d#^dX!*@FM!-cZF}8%>?\Py|Ud?].T*I":uDOg^>f(ND]*3WCczRsIV3t_A^#S?96_ZVZ3G9*[M?D&ZSt<Z8Gw||xB[Bz0*.#u9eq>!cd.&VFS\nO*R3]g :&"J4-w&WvL*@ 8DmtB{MZir1:fg1+G-oE{1QffGFtl$rE/Qr5c8q%<rNRJbfOr=BizM!
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2021 Page 15 of 17
Click to jump to process
System Behavior
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 17:55:43
Start date: 26/03/2021
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff673370000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Start time: 17:55:44
Analysis Process: iexplore.exe PID: 1456 Parent PID: 792Analysis Process: iexplore.exe PID: 1456 Parent PID: 792
General
Analysis Process: iexplore.exe PID: 5860 Parent PID: 1456Analysis Process: iexplore.exe PID: 5860 Parent PID: 1456
General
Copyright Joe Security LLC 2021 Page 16 of 17
Disassembly
Code Analysis
File ActivitiesFile Activities
Start date: 26/03/2021
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1456 CREDAT:17410 /prefetch:2
Imagebase: 0xd90000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Start time: 17:56:04
Start date: 26/03/2021
Path: C:\Windows\System32\OpenWith.exe
Wow64 process (32bit): false
Commandline: C:\Windows\system32\OpenWith.exe -Embedding
Imagebase: 0x7ff68a520000
File size: 111120 bytes
MD5 hash: D179D03728E95E040A889F760C1FC402
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
Analysis Process: OpenWith.exe PID: 5452 Parent PID: 792Analysis Process: OpenWith.exe PID: 5452 Parent PID: 792
General
Copyright Joe Security LLC 2021 Page 17 of 17
Top Related