a14e514d...0b34 | Network
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Dropper, Downloader

a14e514ddfc3a921c5a9e2fc9b931bc734b4927fa9d4b011ab77f9e46da50b34 (SHA256)

Order_Payroll_81154032.doc

Word Document

Created at 2019-02-06 16:40:00

Notifications (1/1)

The overall sleep time of all monitored processes was truncated from "20 seconds" to "10 seconds" to reveal dormant functionality.

Network Overview

Hosts (1)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
- 185.222.202.79 Ukraine HTTPS, TCP
Unknown
Not Queried
URLs (1)
»
URL Categories Names Source HTTP Status Code Reputation Status
HTTPS://185.222.202.79/sat36/YKYD69Q_W617601.2E664EE04488A02C628E0E6CA864C24A/5/spk/ - - Function Log -
Unknown

Connections

TCP Sessions (2)
»
Information Value
Total Data Sent 5.87 KB
Total Data Received 494.98 KB
Contacted Host Count 2
Contacted Hosts 64.44.51.87, 64.44.51.87:443
TCP Session #1
»
Information Value
Handle 0x4d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 64.44.51.87
Remote Port 443
Local Address 0.0.0.0
Local Port 49163
Data Sent 0.51 KB
Data Received 374.99 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 64.44.51.87, remote_port = 443 True 1
Fn
Send flags = NO_FLAG_SET, size = 95, size_out = 95 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 81, size_out = 81 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 875, size_out = 875 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4, size_out = 4 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 326, size_out = 326 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 48, size_out = 48 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 101, size_out = 101 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 288, size_out = 288 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 14302 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 2114, size_out = 2114 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 13219 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 3197, size_out = 3197 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 7018 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 9398, size_out = 9398 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 2277 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 14139, size_out = 14139 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 1916 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 14500, size_out = 8760 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5740, size_out = 1460 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4280, size_out = 4280 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 4114 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 12302, size_out = 12302 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 9593 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 6823, size_out = 3472 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 3351, size_out = 3351 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 4491 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 11925, size_out = 8760 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 3165, size_out = 3165 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 14350 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 2066, size_out = 2066 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 7788 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 8628, size_out = 5840 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 2788, size_out = 1460 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1328, size_out = 1328 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 2686 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 13730, size_out = 4380 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 9350, size_out = 9350 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 11085 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5331, size_out = 5331 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 11823 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4593, size_out = 4593 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 8181 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 8235, size_out = 8235 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 1980 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 14436, size_out = 14436 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4976, size_out = 4539 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 437, size_out = 437 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
»
Information Value
Source PCAP
Stream ID 7
Remote Address 64.44.51.87
Remote Port 443
Local Address 192.168.0.225
Local Port 49163
Data Sent 5.36 KB
Data Received 119.99 KB
Time Highest Layer Additional Information Success
34.908315 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
35.060670 s TCP Data Sent: 0.05 KB, Data Received: 1.00 KB True
35.196460 s SSL Data Sent: 0.15 KB, Data Received: 0.05 KB True
35.347944 s SSL Data Sent: 0.37 KB, Data Received: 0.11 KB True
35.761857 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
42.959793 s SSL Data Sent: 0.15 KB, Data Received: 1.48 KB True
43.124560 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.125022 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.125528 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.126050 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.126377 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.150020 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.280747 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.280788 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.280813 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.280837 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.280863 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.280890 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.280916 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.280941 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.280966 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.280993 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.281020 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.281047 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.281073 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.281100 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.281126 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.281153 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.281179 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.281203 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.281230 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.447949 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.447995 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
43.448903 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.448964 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.450204 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.456969 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.604690 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.609319 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.754752 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.757748 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.758221 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.759586 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.764848 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
43.910107 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.465905 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.468460 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.621376 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.622009 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.622543 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.631889 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.768421 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.768719 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.768993 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.769204 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.769747 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.770413 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.920181 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.920436 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
44.921193 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
45.068225 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
The remaining entries of this session are omitted for performance reasons and can be found in analysis.pcap .
HTTP Sessions (1)
»
Information Value
Total Data Sent 0.66 KB
Total Data Received 0.00 KB
Contacted Host Count 1
Contacted Hosts 185.222.202.79
HTTP Session #1
»
Information Value
Source Function Log
User Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.2228.0 Safari/537.36
Server Name 185.222.202.79
Server Port 443
Data Sent 0.66 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.2228.0 Safari/537.36, access_type = WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, flags = WINHTTP_FLAG_SYNC True 1
Fn
Open Connection protocol = HTTPS, server_name = 185.222.202.79, server_port = 443 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /sat36/YKYD69Q_W617601.2E664EE04488A02C628E0E6CA864C24A/5/spk/, accept_types = 0, flags = INTERNET_FLAG_SECURE True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 185.222.202.79/sat36/YKYD69Q_W617601.2E664EE04488A02C628E0E6CA864C24A/5/spk/ False 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /sat36/YKYD69Q_W617601.2E664EE04488A02C628E0E6CA864C24A/5/spk/, accept_types = 0, flags = INTERNET_FLAG_SECURE True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 185.222.202.79/sat36/YKYD69Q_W617601.2E664EE04488A02C628E0E6CA864C24A/5/spk/ False 1
Fn
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image