a2cdac36...103a | Network
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Trojan, Dropper, Downloader

a2cdac363d6497bba4790ac8b56664c9f8f07903583ac63b5f75419095cb103a (SHA256)

KargoBilgisi.doc

Word Document

Created at 2018-10-09 05:29:00

...

Notifications (2/2)

The overall sleep time of all monitored processes was truncated from "30 seconds" to "10 seconds" to reveal dormant functionality.

The operating system was rebooted during the analysis.

Network Overview

Hosts (1)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
araskargo-online.host 31.220.2.200 Belize HTTP, TCP, UDP
Unknown
Show WHOIS
DNS Queries (1)
»
Hostname Categories Names Source Reputation Status
araskargo-online.host - - Function Log
Unknown
URLs (1)
»
URL Categories Names Source HTTP Status Code Reputation Status
http://araskargo-online.host/familypictures/aras.exe - - Function Log -
Unknown

Connections

DNS (1)
»
Operation Additional Information Success Count Logfile
Resolve Name host = araskargo-online.host, address_out = 31.220.2.200 True 1
Fn
TCP Sessions (1)
»
Information Value
Total Data Sent 13.46 KB
Total Data Received 367.11 KB
Contacted Host Count 1
Contacted Hosts 31.220.2.200
TCP Session #1
»
Information Value
Source PCAP
Stream ID 0
Remote Address 31.220.2.200
Remote Port 80
Local Address 192.168.0.86
Local Port 49158
Data Sent 13.46 KB
Data Received 367.11 KB
Time Highest Layer Additional Information Success
80.124749 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
80.339573 s TCP Data Sent: 0.05 KB, Data Received: 0.32 KB True
80.355616 s HTTP Data Sent: 0.14 KB, Data Received: 0.05 KB True
80.412546 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.436962 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.437351 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.437538 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.437704 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.437880 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.460797 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.464670 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.464941 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.466915 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.468566 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.468694 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.491061 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.491602 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.491800 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.491936 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.496194 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.514954 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.515226 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.520616 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.532538 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.532840 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.539389 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.539718 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.543552 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.544060 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.548592 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.548934 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.549131 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.556936 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.557134 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.563277 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.568619 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.568817 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.569160 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.569343 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.574271 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.574597 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.575025 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.575338 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.582188 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.591841 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.592310 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.596767 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.597059 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.597297 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.597524 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.601517 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.601884 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.602180 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.603101 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.606890 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.607175 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.607368 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.607464 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.620180 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.620539 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.620916 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.625758 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.626096 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.626376 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.626635 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.626758 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.630418 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.630648 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.635245 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.635445 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.635664 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.635935 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.636042 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.636173 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.644810 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.645163 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.653886 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.654388 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.654670 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.654900 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.655154 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.655374 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.655694 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.658781 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.659277 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.659444 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.659664 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.660518 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.660635 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.664447 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.668759 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.669047 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.673403 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.673681 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.674029 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.678923 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.683018 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.683405 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.683590 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.683751 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.683964 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.684919 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.744801 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.744980 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.745166 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.745358 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.750678 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.750750 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.752403 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.770036 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.770238 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.770412 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.770613 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.778921 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.779298 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.779563 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.779826 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.780071 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.780255 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.780401 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.780541 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.780827 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.781100 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.781314 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.781541 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.784129 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.799099 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.799371 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.799754 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.803303 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.803568 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.807803 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.808007 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.808234 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.808502 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.808730 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.808881 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.809044 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.809239 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.809381 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.809552 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.809823 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.823701 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.823982 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.824203 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.824569 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.829073 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.829295 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.833499 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.833699 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
The remaining entries of this session are omitted for performance reasons and can be found in analysis.pcap .
UDP Sessions (1)
»
Total Data Sent 0.08 KB
Total Data Received 0.14 KB
Contacted Host Count 1
Contacted Hosts 192.168.0.1
UDP Session #1
»
Information Value
Source PCAP
Stream ID 129
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.86
Local Port 62222
Data Sent 0.08 KB
Data Received 0.14 KB
Time Highest Layer Additional Information Success
79.755334 s DNS Data Sent: 0.08 KB, Data Received: 0.14 KB True
HTTP Sessions (2)
»
Information Value
Total Data Sent 0.24 KB
Total Data Received 1.30 MB
Contacted Host Count 2
Contacted Hosts www.msftncsi.com, araskargo-online.host
HTTP Session #1
»
Information Value
Source Function Log
Server Name araskargo-online.host
Server Port 80
Data Sent 0.09 KB
Data Received 1.30 MB
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = araskargo-online.host, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /familypictures/aras.exe True 1
Fn
Send HTTP Request headers = host: araskargo-online.host, connection: Keep-Alive, url = araskargo-online.host/familypictures/aras.exe True 1
Fn
Data
Read Response size = 4096, size_out = 277 True 1
Fn
Data
Read Response size = 65536, size_out = 30660 True 1
Fn
Data
Read Response size = 65536, size_out = 16060 True 1
Fn
Data
Read Response size = 65536, size_out = 2920 True 1
Fn
Data
Read Response size = 65536, size_out = 14600 True 1
Fn
Data
Read Response size = 65536, size_out = 5840 True 2
Fn
Data
Read Response size = 65536, size_out = 20440 True 1
Fn
Data
Read Response size = 65536, size_out = 26280 True 1
Fn
Data
Read Response size = 65536, size_out = 35040 True 1
Fn
Data
Read Response size = 65536, size_out = 5840 True 1
Fn
Data
Read Response size = 65536, size_out = 37960 True 1
Fn
Data
Read Response size = 65536, size_out = 8760 True 1
Fn
Data
Read Response size = 65536, size_out = 3752 True 1
Fn
Data
Read Response size = 65536, size_out = 628 True 1
Fn
Data
Read Response size = 65536, size_out = 13140 True 1
Fn
Data
Read Response size = 65536, size_out = 8760 True 1
Fn
Data
Read Response size = 65536, size_out = 1460 True 1
Fn
Data
Read Response size = 65536, size_out = 4380 True 1
Fn
Data
Read Response size = 65536, size_out = 20440 True 1
Fn
Data
Read Response size = 65536, size_out = 14600 True 1
Fn
Data
Read Response size = 65536, size_out = 13140 True 1
Fn
Data
Read Response size = 65536, size_out = 1460 True 1
Fn
Data
Read Response size = 65536, size_out = 2920 True 1
Fn
Data
Read Response size = 65536, size_out = 5840 True 1
Fn
Data
Read Response size = 65536, size_out = 29200 True 1
Fn
Data
Read Response size = 65536, size_out = 18980 True 1
Fn
Data
Read Response size = 65536, size_out = 3752 True 1
Fn
Data
Read Response size = 65536, size_out = 2088 True 1
Fn
Data
Read Response size = 65536, size_out = 24820 True 1
Fn
Data
Read Response size = 65536, size_out = 43800 True 1
Fn
Data
Read Response size = 65536, size_out = 64024 True 1
Fn
Data
Read Response size = 65536, size_out = 24820 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 24984 True 1
Fn
Data
Read Response size = 65536, size_out = 5840 True 1
Fn
Data
Read Response size = 65536, size_out = 17520 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 3084 True 1
Fn
Data
Read Response size = 65536, size_out = 30660 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 8924 True 1
Fn
Data
Read Response size = 65536, size_out = 3752 True 1
Fn
Data
Read Response size = 65536, size_out = 2088 True 1
Fn
Data
Read Response size = 65536, size_out = 21900 True 1
Fn
Data
Read Response size = 65536, size_out = 5840 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 19144 True 1
Fn
Data
Read Response size = 65536, size_out = 11680 True 1
Fn
Data
Read Response size = 65536, size_out = 14600 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 33744 True 1
Fn
Data
Read Response size = 65536, size_out = 20440 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 1624 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 13304 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 164 True 1
Fn
Data
Read Response size = 65536, size_out = 21900 True 1
Fn
Data
Read Response size = 63684, size_out = 62148 True 1
Fn
Data
Read Response size = 1536, size_out = 1536 True 1
Fn
Data
Close Session - True 1
Fn
HTTP Session #2
»
Information Value
Source PCAP
User Agent Microsoft NCSI
Stream ID 9
Server Name www.msftncsi.com
Server Port 80
Data Sent 0.15 KB
Data Received 0.23 KB
Time Operation Additional Information Success
225.472798 s Open Connection protocol = http, server_name = www.msftncsi.com, server_port = 80 True
225.472798 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /ncsi.txt True
225.472798 s Send HTTP Request headers = host: www.msftncsi.com, user_agent: Microsoft NCSI, url = http://www.msftncsi.com/ncsi.txt True
225.488854 s Read Response HTTP Status Code = 200 True
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image