Version: 31.0.0 Emerald - Joe Sandbox

ID: 376562Cookbook: browseurl.jbsTime: 17:55:00Date: 26/03/2021Version: 31.0.0 Emerald

2

33

333333344455666666777777899999

10101010121213131313141414141515151616161616

161617

1717

1717

3

Table of Contents

Table of ContentsAnalysis Report http://data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612

OverviewGeneral InformationDetectionSignaturesClassification

StartupMalware ConfigurationYara OverviewSigma OverviewSignature OverviewMitre Att&ck MatrixBehavior GraphScreenshots

ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic

General InformationSimulations

Behavior and APIsJoe Sandbox View / Context

IPsDomainsASNJA3 FingerprintsDropped Files

Created / dropped FilesStatic File Info

No static file infoNetwork Behavior

Network Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP Packets

Code ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: iexplore.exe PID: 1456 Parent PID: 792GeneralFile ActivitiesRegistry Activities

Analysis Process: iexplore.exe PID: 5860 Parent PID: 1456GeneralFile Activities

Analysis Process: OpenWith.exe PID: 5452 Parent PID: 792General

DisassemblyCode Analysis

Copyright Joe Security LLC 2021 Page 2 of 17

Analysis Report http://data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612…

Overview

General Information

Sample URL: data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9...XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612

Analysis ID: 376562

Infos:

Most interesting Screenshot:

Detection

Score: 0

Range: 0 - 100

Whitelisted: false

Confidence: 100%

Signatures

No high impact signatures.

Classification

Malware Configuration

Yara Overview

Sigma Overview

No Sigma rule has matched

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious

System is w10x64

iexplore.exe (PID: 1456 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5860 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1456 CREDAT:17410 /prefetch:2 MD5:

071277CC2E3DF41EEEA8013E2AB58D5A)OpenWith.exe (PID: 5452 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: D179D03728E95E040A889F760C1FC402)

cleanup

No configs have been found

No yara matches

Startup


Signature Overview

• Compliance

• Networking

• System Summary

Click to jump to signature section

There are no malicious signatures, There are no malicious signatures, click here to show all signaturesclick here to show all signatures ..

Mitre Att&ck Matrix

InitialAccess Execution Persistence

PrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

CommandandControl

NetworkEffects

RemoteServiceEffects Impact

ValidAccounts

WindowsManagementInstrumentation

PathInterception

ProcessInjection 1

Masquerading 1 OSCredentialDumping

File andDirectoryDiscovery 1

RemoteServices

Data fromLocalSystem

ExfiltrationOver OtherNetworkMedium

Non-ApplicationLayerProtocol 2

Eavesdrop onInsecureNetworkCommunication

RemotelyTrack DeviceWithoutAuthorization

ModifySystemPartition

DefaultAccounts

ScheduledTask/Job

Boot orLogonInitializationScripts

Boot orLogonInitializationScripts

ProcessInjection 1

LSASSMemory

SystemInformationDiscovery 1

RemoteDesktopProtocol

Data fromRemovableMedia

ExfiltrationOverBluetooth

ApplicationLayerProtocol 2

Exploit SS7 toRedirect PhoneCalls/SMS

RemotelyWipe DataWithoutAuthorization

DeviceLockout

DomainAccounts

At (Linux) Logon Script(Windows)

LogonScript(Windows)

Obfuscated Filesor Information

SecurityAccountManager

QueryRegistry

SMB/WindowsAdmin Shares

Data fromNetworkSharedDrive

AutomatedExfiltration

IngressToolTransfer 1

Exploit SS7 toTrack DeviceLocation

ObtainDeviceCloudBackups

DeleteDeviceData

Behavior Graph


Behavior Graph

ID: 376562

URL: http://data.pendo.io/data/g...

Startdate: 26/03/2021

Architecture: WINDOWS

Score: 0

iexplore.exe

2 60

started

OpenWith.exe

started

iexplore.exe

26

started

ghs.googlehosted.com

172.217.168.51, 49700, 49701, 80

GOOGLEUS

United States

data.pendo.io

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Screenshots


Source Detection Scanner Label Link

data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612

0% Avira URL Cloud safe

No Antivirus matches



Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs


Source Detection Scanner Label Link

amerisure.corporate-notifications.com/app/UserHome 0% Avira URL Cloud safe

Name IP Active Malicious Antivirus Detection Reputation

ghs.googlehosted.com 172.217.168.51 true false unknown

data.pendo.io unknown unknown false high

Name Malicious Antivirus Detection Reputation

data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612

false high

0 false low

Name Source Malicious Antivirus Detection Reputation

amerisure.corporate-notifications.com/app/UserHome f8bd2822-002a-478f-66a9-0178efd7ee1f[1].json.2.dr

false Avira URL Cloud: safe unknown

data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5Q

OpenWith.exe, 00000004.00000002.258799935.000001C20589C000.00000004.00000020.sdmp

false high

No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public


General Information

Joe Sandbox Version: 31.0.0 Emerald

Analysis ID: 376562

Start date: 26.03.2021

Start time: 17:55:00

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 4m 27s

Hypervisor based Inspection enabled: false

Report type: light

Cookbook file name: browseurl.jbs

Sample URL: data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612

Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

Number of analysed new started processes analysed: 21

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: HCA enabledEGA enabledAMSI enabled

Analysis Mode: default

Analysis stop reason: Timeout

Detection: CLEAN

Classification: clean0.win@4/9@1/1

EGA Information: Failed

HCA Information: Successful, ratio: 100%Number of executed functions: 0Number of non-executed functions: 0

Cookbook Comments: Adjust boot timeEnable AMSI

IP Domain Country Flag ASN ASN Name Malicious

172.217.168.51 ghs.googlehosted.com United States 15169 GOOGLEUS false


Warnings:Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exeExcluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 104.43.193.48, 104.42.151.234, 104.83.120.32, 52.147.198.201, 95.100.54.203, 20.82.210.154, 152.199.19.161, 23.0.174.184, 23.0.174.200, 23.10.249.26, 23.10.249.43, 20.54.26.129Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.netVT rate limit hit for: http://data.pendo.io/data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612

Time Type Description

17:56:04 API Interceptor 1x Sleep call for process: OpenWith.exe modified

No context

Show All

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains


No context

No context

No context

No context

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{280937FF-8E97-11EB-90E5-ECF4BB570DC9}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Category: dropped

Size (bytes): 32344

Entropy (8bit): 1.7917940952679492

Encrypted: false

SSDEEP: 96:rhZJZ/2cWmtLsabfLsMsurMKM5sMsIEqKsMsuqQpjjTIs3sMsvAM2:rhZJZ/2cWmtDfjNMt07e2

MD5: 738868B1CAA23F8505342775CBFC55F6

SHA1: A8FC3EFB3A77744693993143CDCE11F74E7B0C69

SHA-256: 67B484FB4C5328500F93AFB18ABCB0E8BEABD5F44D7AAA7C2613F63749DEB8B7

SHA-512: 667B29E29D67ED9F5D6A8A0E90578F8A641A89F636CD74A7FFFEC9BD16DFC993E8208FC7EF75716DEFE09A6F38EE14E17643776BA144B7BB2A3BC657ACAA99CA

Malicious: false

Reputation: low

Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{28093801-8E97-11EB-90E5-ECF4BB570DC9}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Category: dropped

Size (bytes): 19032

Entropy (8bit): 1.5989375381789275

Encrypted: false

SSDEEP: 48:IwgGcprlGwpapG4pQFGrapbSPGQpByGHHpcHTGUpQQXGcpm:rEZvQr61BSZjJ2R6kg

MD5: 965C80F12D4A6B3ABD28529AC77AF8CF

SHA1: 3A2E79FC6B4E5616145106376595D9B2DCA67F20

SHA-256: 0DB38AE4F4A3BAFE4CF716B5189C18ED6CD8F62E6ADC5C63615CB2F8FFC53A29

SHA-512: AAB4209F8DC5FE341A6559931E233C6F8BB805E33C3376722148F68F02436898201FFB65211C519CE9093443C5E6D7121E467C2112C44F424974A3D9C13C7E0E

Malicious: false

Reputation: low

Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\f8bd2822-002a-478f-66a9-0178efd7ee1f[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Category: dropped

Size (bytes): 3941

Entropy (8bit): 5.829504221818381

Encrypted: false

SSDEEP: 48:YCCMI6+GbcMpFTu2Sf9Ud1GCuaFuWXFl6ZcTzSf+ywpYM3Bm54AX/E85Y8LGfUGg:Gv0i2SVS1GTWVljSf+Zp3BM/E2Lqc

MD5: 049C23297C3F9FCCA058935797A36EAB

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files


SHA1: 12FEC947722986EE66D10DED3A756659C57084F3

SHA-256: B3F59316E3DA72FAFDFE4F22D7DBDB494B8658C0AD5CFBF29071DA25B89F4698

SHA-512: 757CFE0AC508FEFA57427F537976EBF35FA2B60E65B64E1488FF9935AE927674934022D3D2CE600A77830C649403FF0AB7194E382C94E6CAFE8F969EAC2B96A1

Malicious: false

Reputation: low

Preview:{"guides":[],"normalizedUrl":"http://amerisure.corporate-notifications.com/app/UserHome","lastGuideStepSeen":{"isMultiStep":false,"state":""},"guideWidget":{"enabled":false,"hidePoweredBy":true,"data":{"guideCssUrl":"","onboarding":false}},"guideCssUrl":"","throttling":{"count":1,"enabled":true,"interval":1,"unit":"Hour"},"autoOrdering":["NlTeFTb9NeR1lTx_nqIcu3YyDLc","tX0e3fVGp6PfUmrEY3x_brG2MVo","1GD5vdAlnWRDwENdkuB2PpIO50A","79EdYJJFZR-cW5BgnsB7vhigpuc","zgdcIIY5x9IprKb1-g1oNDQUc-M","VnNTQO8COlHgNm39QRqhiBcL18o","yTKWUaSYaGDhS0_LV4CZzWUWqNY","UvKqQBDJroNnElcTvVBcBM0ljXY","lJCJcGF0MUFxAUU5Uh9-Ew3JZ8g","gxmOtiQaIz84F0VPHMJTvhJmfjI","9SKs_YD_kLYO6s90cDBZpqud2sY","dGe7Mh59esoF8tvUuDfGky-sMTI","O16fZeKZ23hz1mItHRnxzgFX92M","qjww2SRiqcAmioFAsnrwIgu6enU","hRzfGXvUY9LN4zaYO6bAmzjA26o","ZzuZOdqpkBZ9n7-VQx2UtL_aTG0","L1IuAu1TQ3JfQA6AIMyt7SmBJw8","gBTCcgnE_4IMkBAsw692i0WPTK0","NWwqT6-ETM5poIYwb87BaM3L4jc","eE7Y9z6Jm9ITmg3y55OLztehJEk","72nuuTQbcF4Q5dzXA4vecxMILy4","Bx1_-20nc-OO_-VN3-_LSDfiEGE",

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\f8bd2822-002a-478f-66a9-0178efd7ee1f[1].json

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\f8bd2822-002a-478f-66a9-0178efd7ee1f.json.s0gs0lj.partialProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Category: dropped

Size (bytes): 3941

Entropy (8bit): 5.829504221818381

Encrypted: false

SSDEEP: 48:YCCMI6+GbcMpFTu2Sf9Ud1GCuaFuWXFl6ZcTzSf+ywpYM3Bm54AX/E85Y8LGfUGg:Gv0i2SVS1GTWVljSf+Zp3BM/E2Lqc

MD5: 049C23297C3F9FCCA058935797A36EAB

SHA1: 12FEC947722986EE66D10DED3A756659C57084F3

SHA-256: B3F59316E3DA72FAFDFE4F22D7DBDB494B8658C0AD5CFBF29071DA25B89F4698

SHA-512: 757CFE0AC508FEFA57427F537976EBF35FA2B60E65B64E1488FF9935AE927674934022D3D2CE600A77830C649403FF0AB7194E382C94E6CAFE8F969EAC2B96A1

Malicious: false

Reputation: low

Preview:{"guides":[],"normalizedUrl":"http://amerisure.corporate-notifications.com/app/UserHome","lastGuideStepSeen":{"isMultiStep":false,"state":""},"guideWidget":{"enabled":false,"hidePoweredBy":true,"data":{"guideCssUrl":"","onboarding":false}},"guideCssUrl":"","throttling":{"count":1,"enabled":true,"interval":1,"unit":"Hour"},"autoOrdering":["NlTeFTb9NeR1lTx_nqIcu3YyDLc","tX0e3fVGp6PfUmrEY3x_brG2MVo","1GD5vdAlnWRDwENdkuB2PpIO50A","79EdYJJFZR-cW5BgnsB7vhigpuc","zgdcIIY5x9IprKb1-g1oNDQUc-M","VnNTQO8COlHgNm39QRqhiBcL18o","yTKWUaSYaGDhS0_LV4CZzWUWqNY","UvKqQBDJroNnElcTvVBcBM0ljXY","lJCJcGF0MUFxAUU5Uh9-Ew3JZ8g","gxmOtiQaIz84F0VPHMJTvhJmfjI","9SKs_YD_kLYO6s90cDBZpqud2sY","dGe7Mh59esoF8tvUuDfGky-sMTI","O16fZeKZ23hz1mItHRnxzgFX92M","qjww2SRiqcAmioFAsnrwIgu6enU","hRzfGXvUY9LN4zaYO6bAmzjA26o","ZzuZOdqpkBZ9n7-VQx2UtL_aTG0","L1IuAu1TQ3JfQA6AIMyt7SmBJw8","gBTCcgnE_4IMkBAsw692i0WPTK0","NWwqT6-ETM5poIYwb87BaM3L4jc","eE7Y9z6Jm9ITmg3y55OLztehJEk","72nuuTQbcF4Q5dzXA4vecxMILy4","Bx1_-20nc-OO_-VN3-_LSDfiEGE",

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\f8bd2822-002a-478f-66a9-0178efd7ee1f.json.s0gs0lj.partial:Zone.IdentifierProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: ASCII text, with CRLF line terminators

Category: dropped

Size (bytes): 26

Entropy (8bit): 3.95006375643621

Encrypted: false

SSDEEP: 3:gAWY3n:qY3n

MD5: FBCCF14D504B7B2DBCB5A5BDA75BD93B

SHA1: D59FC84CDD5217C6CF74785703655F78DA6B582B

SHA-256: EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913

SHA-512: AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98

Malicious: false

Reputation: low

Preview:[ZoneTransfer]..ZoneId=3..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\f8bd2822-002a-478f-66a9-0178efd7ee1f.json:Zone.IdentifierProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: very short file (no magic)

Category: modified

Size (bytes): 1

Entropy (8bit): 0.0

Encrypted: false

SSDEEP: 3:W:W

MD5: ECCBC87E4B5CE2FE28308FD9F2A7BAF3

SHA1: 77DE68DAECD823BABBB58EDB1C8E14D7106E83BB

SHA-256: 4E07408562BEDB8B60CE05C1DECFE3AD16B72230967DE01F640B7E4729B49FCE

SHA-512: 3BAFBF08882A2D10133093A1B8433F50563B93C14ACD05B79028EB1D12799027241450980651994501423A66C276AE26C43B739BC65C4E16B10C3AF6C202AEBB

Malicious: false

Reputation: low


Static File Info

No static file info

Preview:3

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\f8bd2822-002a-478f-66a9-0178efd7ee1f.json:Zone.Identifier

C:\Users\user\AppData\Local\Temp\JavaDeployReg.logProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with CRLF line terminators

Category: modified

Size (bytes): 89

Entropy (8bit): 4.502442319249752

Encrypted: false

SSDEEP: 3:oVXUGRtkV4FqH8JOGXnEGRtkV4Fp+n:o9Uck2iqEck2g

MD5: 6605D09FFCF88D1BBAE94FF360EA2C34

SHA1: F19E332380A35DA16D32F4643A0AE8FB20474C06

SHA-256: 8A1687D2757D08AABD667A5BA0C821AF1548512974CAC056AF085705A076ECA5

SHA-512: E023CA4B3958AF1BAC61EEFD40160C985070A5EE2F17EEBFAE51EC44B1B444F4ADBFB08BCA99A5BAA61B09C59AF069B048121044598500C76BC3741E2B1DA700

Malicious: false

Reputation: low

Preview:[2021/03/26 17:55:44.720] Latest deploy version: ..[2021/03/26 17:55:44.720] 11.211.2 ..

C:\Users\user\AppData\Local\Temp\~DF5A84473704DB633C.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Category: dropped

Size (bytes): 29989

Entropy (8bit): 0.3309272852524988

Encrypted: false

SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwO9lwe9l2o/9l2A9la7:kBqoxKAuvScS+hfo+BQy

MD5: 182136805D94FE6E26345C9309363CF0

SHA1: 933032D39A0752C5C9C947622F09E6B82703CC56

SHA-256: 2AB9420C09B1FE9428189AA9AADF52BA284A64278609FCD2FB5B12A7F197822A

SHA-512: D534854FDAE82FE111D7B28BDD7C8BDA755D7856180D14CA665A364E471E08C48B419FAE4792307927C55CBD37045184D025972AE6E534B07C59F9DE82A3398C

Malicious: false

Reputation: low

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFB67654E64A59403C.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Category: dropped

Size (bytes): 12981

Entropy (8bit): 0.4373694319945348

Encrypted: false

SSDEEP: 12:c9lCg5/9lCgeK9l26an9l26an9l8fRS9l8fRC9lTqTls/GXcXTc:c9lLh9lLh9lIn9lIn9loS9loC9lWhK6

MD5: 597C1DC618DA3E876FC75FAFA477DBBA

SHA1: D1CACA55E2B30325EA2C321D50EA5BE255BD63B1

SHA-256: E2030329DA09E0B0F5D89C47CD47B36B80770956A99931767E2F8BAA5AC0034E

SHA-512: 4C569E918533A3557E498084569B0489EBA2C8A291CF2C04EEE58F239C3D894B52225E867B0EFF6900A27F518935BB8ABE73828F248AA359B9AA49CD511C1583

Malicious: false

Reputation: low

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................


Network Port Distribution

Total Packets: 35

• 53 (DNS)

• 80 (HTTP)

Network Behavior

Timestamp Source Port Dest Port Source IP Dest IP

Mar 26, 2021 17:55:46.058150053 CET 49700 80 192.168.2.5 172.217.168.51

Mar 26, 2021 17:55:46.059001923 CET 49701 80 192.168.2.5 172.217.168.51

Mar 26, 2021 17:55:46.070769072 CET 80 49700 172.217.168.51 192.168.2.5

Mar 26, 2021 17:55:46.070807934 CET 80 49701 172.217.168.51 192.168.2.5

Mar 26, 2021 17:55:46.070947886 CET 49701 80 192.168.2.5 172.217.168.51

Mar 26, 2021 17:55:46.070950031 CET 49700 80 192.168.2.5 172.217.168.51

Mar 26, 2021 17:55:46.071373940 CET 49701 80 192.168.2.5 172.217.168.51

Mar 26, 2021 17:55:46.083214045 CET 80 49701 172.217.168.51 192.168.2.5

Mar 26, 2021 17:55:46.364347935 CET 80 49701 172.217.168.51 192.168.2.5

Mar 26, 2021 17:55:46.364402056 CET 80 49701 172.217.168.51 192.168.2.5

Mar 26, 2021 17:55:46.364430904 CET 80 49701 172.217.168.51 192.168.2.5

Mar 26, 2021 17:55:46.364504099 CET 49701 80 192.168.2.5 172.217.168.51

Mar 26, 2021 17:55:46.364559889 CET 49701 80 192.168.2.5 172.217.168.51

Mar 26, 2021 17:56:04.637079954 CET 49700 80 192.168.2.5 172.217.168.51

Mar 26, 2021 17:56:04.637629032 CET 49701 80 192.168.2.5 172.217.168.51


Mar 26, 2021 17:55:37.525881052 CET 53784 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:37.538378000 CET 53 53784 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:38.932173014 CET 65307 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:38.944984913 CET 53 65307 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:39.701036930 CET 64344 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:39.714905024 CET 53 64344 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:40.500896931 CET 62060 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:40.514560938 CET 53 62060 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:41.632647038 CET 61805 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:41.645179033 CET 53 61805 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:42.607033014 CET 54795 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:42.621372938 CET 53 54795 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:43.613796949 CET 49557 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:43.626708031 CET 53 49557 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:44.538830996 CET 61733 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:44.551476002 CET 53 61733 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:44.884429932 CET 65447 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:44.904645920 CET 53 65447 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:45.636243105 CET 52441 53 192.168.2.5 8.8.8.8

TCP Packets

UDP Packets


Mar 26, 2021 17:55:45.649326086 CET 53 52441 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:46.013955116 CET 62176 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:46.040565968 CET 53 62176 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:46.659379005 CET 59596 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:46.672270060 CET 53 59596 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:47.902291059 CET 65296 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:47.914514065 CET 53 65296 8.8.8.8 192.168.2.5

Mar 26, 2021 17:55:48.686161995 CET 63183 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:55:48.699125051 CET 53 63183 8.8.8.8 192.168.2.5

Mar 26, 2021 17:56:08.152252913 CET 60151 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:56:08.206156015 CET 53 60151 8.8.8.8 192.168.2.5

Mar 26, 2021 17:56:11.846831083 CET 56969 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:56:11.880951881 CET 53 56969 8.8.8.8 192.168.2.5

Mar 26, 2021 17:56:14.890780926 CET 55161 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:56:14.904334068 CET 53 55161 8.8.8.8 192.168.2.5

Mar 26, 2021 17:56:15.910295010 CET 55161 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:56:15.923836946 CET 53 55161 8.8.8.8 192.168.2.5

Mar 26, 2021 17:56:16.925976992 CET 55161 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:56:16.939119101 CET 53 55161 8.8.8.8 192.168.2.5

Mar 26, 2021 17:56:18.935242891 CET 55161 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:56:18.948187113 CET 53 55161 8.8.8.8 192.168.2.5

Mar 26, 2021 17:56:22.935873985 CET 55161 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:56:22.948529005 CET 53 55161 8.8.8.8 192.168.2.5

Mar 26, 2021 17:56:31.620795012 CET 54757 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:56:31.639468908 CET 53 54757 8.8.8.8 192.168.2.5

Mar 26, 2021 17:56:47.189100981 CET 49992 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:56:47.201809883 CET 53 49992 8.8.8.8 192.168.2.5

Mar 26, 2021 17:56:51.106435061 CET 60075 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:56:51.124408960 CET 53 60075 8.8.8.8 192.168.2.5

Mar 26, 2021 17:57:23.189039946 CET 55016 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:57:23.205697060 CET 53 55016 8.8.8.8 192.168.2.5

Mar 26, 2021 17:57:24.413165092 CET 64345 53 192.168.2.5 8.8.8.8

Mar 26, 2021 17:57:24.439363956 CET 53 64345 8.8.8.8 192.168.2.5


Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Mar 26, 2021 17:55:46.013955116 CET 192.168.2.5 8.8.8.8 0xe263 Standard query (0)

data.pendo.io A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Mar 26, 2021 17:55:46.040565968 CET

8.8.8.8 192.168.2.5 0xe263 No error (0) data.pendo.io ghs.googlehosted.com CNAME (Canonical name)

IN (0x0001)

Mar 26, 2021 17:55:46.040565968 CET

8.8.8.8 192.168.2.5 0xe263 No error (0) ghs.googlehosted.com

172.217.168.51 A (IP address) IN (0x0001)

data.pendo.io

Session ID Source IP Source Port Destination IP Destination Port Process

0 192.168.2.5 49701 172.217.168.51 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe

TimestampkBytestransferred Direction Data

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets


Code Manipulations

Statistics

Behavior

• iexplore.exe

• iexplore.exe

• OpenWith.exe

Mar 26, 2021 17:55:46.071373940 CET

297 OUT GET /data/guide.json/f8bd2822-002a-478f-66a9-0178efd7ee1f?jzb=eJx9UV1vFDEM_C95Lrcf5QratwUdXJFgBW2h8FJ5E982JZsExzm1Qvff65TSUnTqPmU94_F4_FttbbIc6NioTtV1vtqCJmoPry7nnj7X16_UgQKtQ_Z8TwnTzbhsvq8_fDtd__h0_ub9uVAyOQEvmWPqqgpmJJsy4UIHioGA8YUPbDdWA9vgk9TnCmKszhLSOswoEjMyGGBQ3YOp8rTPGHNBg0PB0csfepNF7itSkhmqa4QAfsow_aFcnJ2o3cM2_2jv3QiNLVbL0s3rA2XTEHnIvPKmeH6HaEbQP1XHlLHAAtxNb1ceRofStgGXnkLS-VjX6EpmzyTUteLj-HTwYwAy1k8njDG9DXN0yLLTsoj3Zrb-Cya-cfj_6LQxun9yvKav776Pq-tfR4-nHWjaR9gbjUQYgdDzvbIEKSW5XEm5fVnVh1Vbt42Ib_9eQrWL5dGiuYgUjNrtbgFpWtCp&v=2.56.1_prod&ct=1616606875612 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: data.pendo.ioConnection: Keep-Alive

Mar 26, 2021 17:55:46.364347935 CET

306 IN HTTP/1.1 200 OKDate: Fri, 26 Mar 2021 16:55:46 GMTContent-Type: application/jsonTransfer-Encoding: chunkedVary: Accept-EncodingAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Origin,Accept,Content-Type,AuthorizationAccess-Control-Allow-Methods: GET,POSTAccess-Control-Allow-Origin: *Access-Control-Max-Age: 600X-Content-Type-Options: nosniffContent-Encoding: gzipVia: 1.1 googleData Raw: 39 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bd 57 d9 ae a3 48 12 fd 17 3f 17 dd 80 cd 56 d2 3c 80 59 0c 36 ab 01 1b ba 5a 08 b3 63 36 b3 18 43 a9 fe 7d 32 ef bd dd 5d aa a9 91 a6 35 a3 79 c3 79 22 63 39 27 23 33 fc 75 93 4d 45 9c 0c 9b cf bf fd fe 69 d3 b4 7d 1d 56 c5 9a c4 4e 5f 6d 3e 6f f2 71 ec 3e ff fa 6b 58 27 7d 31 4c 7d f2 4b d4 f6 5d db 87 63 82 34 ed 58 a4 45 14 8e 45 db 0c 60 bd fe 35 ec ba 5f 9d 21 e9 0f 6d 9d 6c 3e 6d aa 70 18 25 e8 fb 3c 26 dd 39 49 9a cd e7 af 9b 62 50 a7 6a 2c e0 d2 e6 73 1a 56 43 f2 69 33 8c c0 1f 08 b6 f9 f6 e9 3d 99 4b 11 67 c9 08 cd 93 26 bc 55 49 fc a7 69 0e dc 19 ed 9c f4 49 cc 2d 9b cf 63 3f 81 fd 71 38 86 d0 f8 ad 90 fd 30 bc a7 0e 32 68 9b 5b 1b f6 71 d1 64 1f 0e be fd 11 e1 7b ab 31 ef db 71 ac de ac be 6e a2 76 6a 40 68 ec d3 5f b1 df a3 14 cd 98 f4 cf 10 b0 02 b0 a9 29 80 d1 e6 d0 4e 3d cc 3a 9c c6 56 ef 63 40 12 0c f5 db 46 ab ec 44 b4 6f 8c 96 58 58 65 bf 82 e6 21 47 d3 d6 5b f8 53 04 d2 1a af 68 b2 4d 5d a9 23 8d d4 a9 7b c1 db be 82 5b 2f e1 aa db 02 14 93 78 e2 19 b3 55 73 b1 f8 59 d0 e2 fb c4 e1 46 27 eb 04 ca 02 94 62 84 d8 53 14 d1 b7 90 e8 42 70 59 33 70 d4 33 2f b2 6e 82 9e d7 2c 8e 64 d9 23 5e 8c dc f5 c7 1b 86 64 58 ab f1 a6 13 21 2a 40 dd 46 b3 4d 9d de eb d5 21 d3 ea 2d 63 5a 8f bc e0 a2 13 46 c3 b8 8b 7d bc 38 e1 d9 0b 25 3e 3f a3 c1 c9 dd ed fd f5 e2 5c 1e 9a 07 50 e7 79 7c 98 1c af f4 ad d6 08 55 64 3f 5d 2e e2 54 b4 2a af 10 ad 94 bd 12 49 22 aa 3a e2 8b 75 1c c2 c9 19 44 98 b7 8a 4f 67 00 cd 5e b5 3e 16 66 28 af f4 4e 44 5d e3 a0 2a f6 33 57 ea b4 94 01 ca 9c 8f 43 e0 f1 c1 fd e4 e9 e4 c0 a0 11 cf f9 dd 63 8a f1 01 7a 8e a5 84 52 73 82 49 86 56 a4 c7 a7 33 f1 a9 74 5f 90 41 b5 e1 5e 1d 23 53 3f 39 fa f8 36 5f b1 5a 1e 0f 56 f3 5a 33 f1 ca e0 b0 de 47 39 cf f8 d9 2a 1e 11 5b 17 ad c8 0e 4d 3f cb d9 44 26 8d 03 d0 dc 5a 53 e9 fa 74 3c e6 a4 ed d6 10 04 bf b1 f5 5a b2 38 09 d9 f0 d7 c9 d7 e3 47 77 e7 7c a6 a1 10 d7 7c e1 ce 78 0a 42 5b 4201 7a c2 e4 89 9d 30 db dc 2a a9 c9 92 ac ac 2e 23 75 ae 39 65 a6 01 9a 71 f6 3e ca 1a 21 d8 c9 ea 9d 63 87 99 64 f0 02 bd 18 f6 11 ee d5 2e f3 c3 26 11 c1 56 89 ae 95 bd f9 46 53 5c a8 6e 4f bb 12 2a 98 08 94 c7 ac a4 52 33 b2 5d 67 db 85 20 f4 d3 3a 26 b9 22 dc 01 4a e1 cd 34 d9 e6 2d 12 77 26 11 af 57 76 f7 4c a2 97 2a 9f 96 1d 40 b9 17 16 20 38 da 44 88 ae 07 88 ab 6d 91 e0 74 e6 d3 42 90 04 80 9e e6 fd 11 7b 4d db 9e a2 5a 85 f5 0e d3 da 69 84 72 31 3a 03 66 c5 f2 a2 e2 1c 67 d9 31 2b 47 2d b5 b3 9d de 6f a2 45 7b 31 0b 51 cc d0 66 a4 f5 96 9a 18 66 47 bd 46 e9 ad 74 6c 24 a5 d2 11 72 45 0b 8d 2f c6 a4 df 51 72 92 35 e4 a3 63 aa 38 d1 71 25 a6 a1 82 3c de 72 dc 4e f6 85 f3 52 4a 62 66 4f bc bc ba 72 ee de 3d 13 a0 42 c1 de 14 f9 a9 f9 16 69 85 b6 7a b8 0a 0f 4d f4 cc 21 d3 e1 c9 11 a7 Data Ascii: 97aWH?V<Y6Zc6C}2]5yy"c9'#3uMEi}VN_m>oq>kX'}1L}K]c4XEE`5_!ml>mp%<&9IbPj,sVCi3=Kg&UIiI-c?q802h[qd{1qnvj@h_)N=:Vc@FDoXXe!G[ShM]#{[/xUsYF'bSBpY3p3/n,d#^dX!*@FM!-cZF}8%>?\Py|Ud?].T*I":uDOg^>f(ND]*3WCczRsIV3t_A^#S?96_ZVZ3G9*[M?D&ZSt<Z8Gw||xB[Bz0*.#u9eq>!cd.&VFS\nO*R3]g :&"J4-w&WvL*@ 8DmtB{MZir1:fg1+G-oE{1QffGFtl$rE/Qr5c8q%<rNRJbfOr=BizM!

TimestampkBytestransferred Direction Data


Click to jump to process

System Behavior

File ActivitiesFile Activities

Registry ActivitiesRegistry Activities


Start date: 26/03/2021

Path: C:\Program Files\internet explorer\iexplore.exe

Wow64 process (32bit): false

Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Imagebase: 0x7ff673370000

File size: 823560 bytes

MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596

Has elevated privileges: true

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Name Type Data Completion CountSourceAddress Symbol

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol


Analysis Process: iexplore.exe PID: 1456 Parent PID: 792Analysis Process: iexplore.exe PID: 1456 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 5860 Parent PID: 1456Analysis Process: iexplore.exe PID: 5860 Parent PID: 1456

General


Disassembly

Code Analysis

File ActivitiesFile Activities


Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Wow64 process (32bit): true

Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1456 CREDAT:17410 /prefetch:2

Imagebase: 0xd90000


MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A




Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol



Path: C:\Windows\System32\OpenWith.exe

Wow64 process (32bit): false

Commandline: C:\Windows\system32\OpenWith.exe -Embedding

Imagebase: 0x7ff68a520000


MD5 hash: D179D03728E95E040A889F760C1FC402




Reputation: low

Analysis Process: OpenWith.exe PID: 5452 Parent PID: 792Analysis Process: OpenWith.exe PID: 5452 Parent PID: 792

General


Documents

Version: 31.0.0 Emerald - Joe Sandbox