3692f99b...4ab2 | Network
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Exploit, Dropper, Downloader

3692f99b76663e864b3fae22828ab01021dcc50c33f5ec041aa3b055478a4ab2 (SHA256)

receipt_FedEX_4028873.doc

Word Document

Created at 2018-12-06 22:25:00

Notifications (1/1)

The overall sleep time of all monitored processes was truncated from "45 seconds" to "30 seconds" to reveal dormant functionality.

Network Overview

Hosts (4)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
icanhazip.com 147.75.40.2 United States HTTP, TCP, UDP
Has Whitelisted URL
Not Queried
46.173.218.240 46.173.218.240 Russian Federation HTTP, TCP
Unknown
Not Queried
- 193.187.172.11 - TCP
Not Queried
Not Queried
- 2.16.100.179 - TCP
Not Queried
Not Queried
DNS Queries (1)
»
Hostname Categories Names Source Reputation Status
icanhazip.com - - PCAP
Whitelisted
URLs (3)
»
URL Categories Names Source HTTP Status Code Reputation Status
HTTP://icanhazip.com/ - - Function Log -
Whitelisted
http://46.173.218.240/uncle_sam.php - - Function Log REDIRECT (302)
Unknown
http://46.173.218.240/lisa.abc - - Function Log -
Unknown

Connections

DNS (1)
»
Operation Additional Information Success Count Logfile
Resolve Name host = icanhazip.com, address_out = 147.75.40.2 True 1 -
TCP Sessions (4)
»
Information Value
Total Data Sent 6.19 KB
Total Data Received 638.47 KB
Contacted Host Count 4
Contacted Hosts 46.173.218.240, 147.75.40.2, 182.253.20.66, 46.173.218.240:80
TCP Session #1
»
Information Value
Handle 0x4e0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 46.173.218.240
Remote Port 80
Local Address 0.0.0.0
Local Port 49166
Data Sent 0.12 KB
Data Received 511.02 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 46.173.218.240, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 77, size_out = 77 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4096, size_out = 284 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 48, size_out = 48 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4096, size_out = 4096 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 34600 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 65536 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 14620 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 63572 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 8292 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 23494 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 60808 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 2764 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 24876 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 38696 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 20730 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 3472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 65536 True 2
Fn
Data
Receive flags = NO_FLAG_SET, size = 26371, size_out = 26371 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
»
Information Value
Source PCAP
Stream ID 9
Remote Address 46.173.218.240
Remote Port 80
Local Address 192.168.0.181
Local Port 49166
Data Sent 5.14 KB
Data Received 125.26 KB
Time Highest Layer Additional Information Success
65.062709 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
65.115720 s TCP Data Sent: 0.05 KB, Data Received: 0.33 KB True
65.138082 s HTTP Data Sent: 0.13 KB, Data Received: 0.05 KB True
65.211429 s HTTP Data Sent: 0.10 KB, Data Received: 1.40 KB True
65.263517 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.263703 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.315616 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.315836 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.316072 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.316316 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.316540 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.316728 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.329100 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.368076 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.368332 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.368551 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.372927 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.373213 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.373395 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.373828 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.380691 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.380923 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.381190 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.381362 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.421249 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.422700 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.425337 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.425531 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.430116 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.430368 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.430670 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.430855 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.435526 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.435884 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.436129 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.475637 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.475986 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.476144 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.476334 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.480669 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.480965 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.486591 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.487018 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.487275 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.487509 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.487689 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.487875 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.488086 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.488695 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.499963 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.500217 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.500442 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.500724 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.500869 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.500933 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.528150 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.528534 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.528797 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.541419 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.541673 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.541952 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.542189 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.542412 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.542633 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.542842 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.543695 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.546005 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.546639 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.546906 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.547131 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.547387 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.547470 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.547617 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.547704 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.547842 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.548014 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.548103 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.548243 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.548356 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.548528 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.548599 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.548736 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.551199 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.551362 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.552219 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.552460 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.552696 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.552951 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.553153 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.553347 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.553550 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.553856 s TCP Data Sent: 0.05 KB, Data Received: 1.40 KB True
65.554121 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
65.554445 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
66.744175 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #3
»
Information Value
Source PCAP
Stream ID 35
Remote Address 147.75.40.2
Remote Port 80
Local Address 192.168.0.181
Local Port 49192
Data Sent 0.43 KB
Data Received 0.63 KB
Time Highest Layer Additional Information Success
223.797744 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
223.893749 s TCP Data Sent: 0.05 KB, Data Received: 0.46 KB True
223.894849 s HTTP Data Sent: 0.20 KB, Data Received: 0.05 KB True
223.992155 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
223.992541 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #4
»
Information Value
Source PCAP
Stream ID 36
Remote Address 182.253.20.66
Remote Port 449
Local Address 192.168.0.181
Local Port 49193
Data Sent 0.50 KB
Data Received 1.57 KB
Time Highest Layer Additional Information Success
225.413548 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
225.807358 s TCP Data Sent: 0.05 KB, Data Received: 1.34 KB True
225.810924 s SSL Data Sent: 0.15 KB, Data Received: 0.05 KB True
226.217690 s SSL Data Sent: 0.18 KB, Data Received: 0.11 KB True
226.813597 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
UDP Sessions (1)
»
Total Data Sent 0.07 KB
Total Data Received 0.09 KB
Contacted Host Count 1
Contacted Hosts 192.168.0.1
UDP Session #1
»
Information Value
Source PCAP
Stream ID 299
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.181
Local Port 54038
Data Sent 0.07 KB
Data Received 0.09 KB
Time Highest Layer Additional Information Success
223.775083 s DNS Data Sent: 0.07 KB, Data Received: 0.09 KB True
HTTP Sessions (4)
»
Information Value
Total Data Sent 0.36 KB
Total Data Received 511.04 KB
Contacted Host Count 3
Contacted Hosts icanhazip.com, 182.253.20.66, 46.173.218.240
HTTP Session #1
»
Information Value
Source Function Log
User Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Server Name icanhazip.com
Server Port 80
Data Sent 0.23 KB
Data Received 0.02 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0, access_type = WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, flags = WINHTTP_FLAG_SYNC True 1
Fn
Open Connection protocol = HTTP, server_name = icanhazip.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, accept_types = 0 True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = icanhazip.com/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Read Response size = 14, size_out = 14 True 1
Fn
Data
Close Session - True 1
Fn
HTTP Session #2
»
Information Value
Source Function Log
User Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Server Name 182.253.20.66
Server Port 449
Data Sent 0.00 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0, access_type = WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, flags = WINHTTP_FLAG_SYNC True 1
Fn
Open Connection protocol = HTTP, server_name = 182.253.20.66, server_port = 449 True 1
Fn
HTTP Session #3
»
Information Value
Source Function Log
Server Name 46.173.218.240
Server Port 80
Data Sent 0.08 KB
Data Received 0.28 KB
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = 46.173.218.240, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /uncle_sam.php True 1
Fn
Send HTTP Request headers = host: 46.173.218.240, connection: Keep-Alive, url = 46.173.218.240/uncle_sam.php True 1
Fn
Data
Read Response size = 4096, size_out = 284 True 1
Fn
Data
HTTP Session #4
»
Information Value
Source Function Log
Server Name 46.173.218.240
Server Port 80
Data Sent 0.05 KB
Data Received 510.74 KB
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = 46.173.218.240, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /lisa.abc True 1
Fn
Send HTTP Request headers = host: 46.173.218.240, url = 46.173.218.240/lisa.abc True 1
Fn
Data
Read Response size = 4096, size_out = 4096 True 1
Fn
Data
Read Response size = 65536, size_out = 34600 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 14620 True 1
Fn
Data
Read Response size = 65536, size_out = 63572 True 1
Fn
Data
Read Response size = 65536, size_out = 8292 True 1
Fn
Data
Read Response size = 65536, size_out = 23494 True 1
Fn
Data
Read Response size = 65536, size_out = 60808 True 1
Fn
Data
Read Response size = 65536, size_out = 2764 True 1
Fn
Data
Read Response size = 65536, size_out = 24876 True 1
Fn
Data
Read Response size = 65536, size_out = 38696 True 1
Fn
Data
Read Response size = 65536, size_out = 20730 True 1
Fn
Data
Read Response size = 65536, size_out = 3472 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 2
Fn
Data
Read Response size = 26371, size_out = 26371 True 1
Fn
Data
Close Session - True 1
Fn
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image