1c2bdfa5...b0b4 | Network

1c2bdfa5...b0b4 | Network

Try VMRay Analyzer

VTI SCORE: 100/100

Dynamic Analysis Report

Classification: Riskware, Trojan, Ransomware

1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4 (SHA256)

1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe

Windows Exe (x86-32)

Created at 2018-08-28 15:01:00

Notifications (2/4)

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

The overall sleep time of all monitored processes was truncated from "10 minutes" to "10 seconds" to reveal dormant functionality.

The operating system was rebooted during the analysis.

Hosts (3)

»

Hostname	IP Address	Location	Protocols	Reputation Status	WHOIS Data
client-office365-tas.msedge.net, afdo-tas-offload.trafficmanager.net, vip5.afdorigin-prod-am02.afdogw.com	52.232.69.150	-	TCP, UDP	Unknown	Show WHOIS
config.edge.skype.com, s-0001.s-msedge.net	13.107.3.128	-	TCP, UDP	Not Queried	Show WHOIS
-	157.56.120.208	-	UDP	Not Queried	Not Queried

DNS Queries (2)

»

Hostname	Categories	Names	Source	Reputation Status
client-office365-tas.msedge.net	-	-	PCAP	Unknown
config.edge.skype.com	-	-	PCAP	Not Queried

Connections

DNS (3)

»

Operation	Additional Information	Success	Count	Logfile
Resolve Name	host = client-office365-tas.msedge.net, address_out = 52.232.69.150		2	-
Resolve Name	host = config.edge.skype.com, address_out = 13.107.3.128		1	-

TCP Sessions (2)

»

Information	Value
Total Data Sent	3.21 KB
Total Data Received	19.87 KB
Contacted Host Count	2
Contacted Hosts	52.232.69.150, 13.107.3.128

TCP Session #1

»

Information	Value
Source	PCAP
Stream ID	1
Remote Address	52.232.69.150
Remote Port	443
Local Address	192.168.0.236
Local Port	49414
Data Sent	1.78 KB
Data Received	16.48 KB

Time	Highest Layer	Additional Information	Success
73.767123 s	TCP	Data Sent: 0.06 KB, Data Received: 0.06 KB
73.801006 s	TCP	Data Sent: 0.05 KB, Data Received: 1.48 KB
73.839875 s	SSL	Data Sent: 0.25 KB, Data Received: 1.48 KB
73.931661 s	TCP	Data Sent: 0.05 KB, Data Received: 1.48 KB
73.934210 s	TCP	Data Sent: 0.05 KB, Data Received: 1.48 KB
73.951393 s	SSL	Data Sent: 0.18 KB, Data Received: 0.10 KB
74.022798 s	SSL	Data Sent: 0.66 KB, Data Received: 1.48 KB
74.062947 s	TCP	Data Sent: 0.05 KB, Data Received: 1.48 KB
74.063308 s	TCP	Data Sent: 0.05 KB, Data Received: 1.48 KB
74.063659 s	TCP	Data Sent: 0.05 KB, Data Received: 1.48 KB
74.087404 s	TCP	Data Sent: 0.05 KB, Data Received: 1.48 KB
74.087609 s	TCP	Data Sent: 0.05 KB, Data Received: 1.48 KB
74.087765 s	TCP	Data Sent: 0.05 KB, Data Received: 1.48 KB
74.087926 s	TCP	Data Sent: 0.05 KB, Data Received: 0.00 KB
74.088460 s	TCP	Data Sent: 0.05 KB, Data Received: 0.05 KB
74.118353 s	TCP	Data Sent: 0.05 KB, Data Received: 0.00 KB

TCP Session #2

»

Information	Value
Source	PCAP
Stream ID	2
Remote Address	13.107.3.128
Remote Port	443
Local Address	192.168.0.236
Local Port	49415
Data Sent	1.43 KB
Data Received	3.39 KB

Time	Highest Layer	Additional Information	Success
73.769395 s	TCP	Data Sent: 0.06 KB, Data Received: 0.06 KB
73.928993 s	TCP	Data Sent: 0.05 KB, Data Received: 1.48 KB
73.930937 s	SSL	Data Sent: 0.24 KB, Data Received: 0.05 KB
73.966343 s	TCP	Data Sent: 0.05 KB, Data Received: 0.10 KB
73.975273 s	SSL	Data Sent: 0.18 KB, Data Received: 0.05 KB
74.022008 s	SSL	Data Sent: 0.58 KB, Data Received: 0.05 KB
74.062815 s	TCP	Data Sent: 0.05 KB, Data Received: 1.48 KB
74.063355 s	TCP	Data Sent: 0.05 KB, Data Received: 0.00 KB
74.063617 s	TCP	Data Sent: 0.05 KB, Data Received: 0.05 KB
74.066069 s	TCP	Data Sent: 0.05 KB, Data Received: 0.05 KB
74.094962 s	TCP	Data Sent: 0.05 KB, Data Received: 0.00 KB

UDP Sessions (3)

»

Total Data Sent	0.37 KB
Total Data Received	0.62 KB
Contacted Host Count	2
Contacted Hosts	157.56.120.208, 192.168.0.1

UDP Session #1

»

Information	Value
Source	PCAP
Stream ID	262
Remote Address	157.56.120.208
Remote Port	3544
Local Address	192.168.0.236
Local Port	51775
Data Sent	0.20 KB
Data Received	0.29 KB

Time	Highest Layer	Additional Information	Success
192.631453 s	ICMPV6	Data Sent: 0.10 KB, Data Received: 0.15 KB
226.283610 s	ICMPV6	Data Sent: 0.10 KB, Data Received: 0.15 KB

UDP Session #2

»

Information	Value
Source	PCAP
Stream ID	107
Remote Address	192.168.0.1
Remote Port	53
Local Address	192.168.0.236
Local Port	56814
Data Sent	0.09 KB
Data Received	0.20 KB

Time	Highest Layer	Additional Information	Success
73.450303 s	DNS	Data Sent: 0.09 KB, Data Received: 0.20 KB

UDP Session #3

»

Information	Value
Source	PCAP
Stream ID	108
Remote Address	192.168.0.1
Remote Port	53
Local Address	192.168.0.236
Local Port	54033
Data Sent	0.08 KB
Data Received	0.13 KB

Time	Highest Layer	Additional Information	Success
73.451261 s	DNS	Data Sent: 0.08 KB, Data Received: 0.13 KB

HTTP Sessions (4)

»

Information	Value
Total Data Sent	0.88 KB
Total Data Received	0.94 KB
Contacted Host Count	2
Contacted Hosts	www.msftncsi.com, cdn.content.prod.cms.msn.com

HTTP Session #1

»

Information	Value
Source	PCAP
User Agent	Microsoft NCSI
Stream ID	0
Server Name	www.msftncsi.com
Server Port	80
Data Sent	0.15 KB
Data Received	0.23 KB

Time	Operation	Additional Information	Success
70.741234 s	Open Connection	protocol = http, server_name = www.msftncsi.com, server_port = 80
70.741234 s	Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /ncsi.txt
70.741234 s	Send HTTP Request	headers = host: www.msftncsi.com, user_agent: Microsoft NCSI, url = http://www.msftncsi.com/ncsi.txt
70.770102 s	Read Response	HTTP Status Code = 200

HTTP Session #2

»

Information	Value
Source	PCAP
User Agent	Microsoft-WNS/10.0
Stream ID	3
Server Name	cdn.content.prod.cms.msn.com
Server Port	80
Data Sent	0.73 KB
Data Received	0.71 KB

Time	Operation	Additional Information	Success
114.100530 s	Open Connection	protocol = http, server_name = cdn.content.prod.cms.msn.com, server_port = 80
114.100530 s	Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance
114.100530 s	Send HTTP Request	headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance
114.135072 s	Read Response	HTTP Status Code = 200
114.413733 s	Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports
114.413733 s	Send HTTP Request	headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports
114.437679 s	Read Response	HTTP Status Code = 200
114.507944 s	Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news
114.507944 s	Send HTTP Request	headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news
114.531682 s	Read Response	HTTP Status Code = 200

HTTP Session #3

»

Information	Value
Source	PCAP
User Agent	Microsoft-WNS/10.0
Stream ID	3
Server Name	cdn.content.prod.cms.msn.com
Server Port	80
Data Sent	0.73 KB
Data Received	0.71 KB

Time	Operation	Additional Information	Success
114.100530 s	Open Connection	protocol = http, server_name = cdn.content.prod.cms.msn.com, server_port = 80
114.100530 s	Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance
114.100530 s	Send HTTP Request	headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance
114.135072 s	Read Response	HTTP Status Code = 200
114.413733 s	Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports
114.413733 s	Send HTTP Request	headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports
114.437679 s	Read Response	HTTP Status Code = 200
114.507944 s	Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news
114.507944 s	Send HTTP Request	headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news
114.531682 s	Read Response	HTTP Status Code = 200

HTTP Session #4

»

Information	Value
Source	PCAP
User Agent	Microsoft-WNS/10.0
Stream ID	3
Server Name	cdn.content.prod.cms.msn.com
Server Port	80
Data Sent	0.73 KB
Data Received	0.71 KB

Time	Operation	Additional Information	Success
114.100530 s	Open Connection	protocol = http, server_name = cdn.content.prod.cms.msn.com, server_port = 80
114.100530 s	Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance
114.100530 s	Send HTTP Request	headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=finance
114.135072 s	Read Response	HTTP Status Code = 200
114.413733 s	Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports
114.413733 s	Send HTTP Request	headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=sports
114.437679 s	Read Response	HTTP Status Code = 200
114.507944 s	Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news
114.507944 s	Send HTTP Request	headers = host: cdn.content.prod.cms.msn.com, user_agent: Microsoft-WNS/10.0, url = http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today?market=en-US&tenant=amp&vertical=news
114.531682 s	Read Response	HTTP Status Code = 200

WHOIS Domain Information

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Screenshot