order ref ftp (HawkEye) | Network
Logo
Try VMRay Analyzer
VTI SCORE: 98/100
Dynamic Analysis Report
Classification: -

ef1613f88744acec36908126b21bcba9ba775f8af25a1e86988e36985dd6f6fb (SHA256)

order ref ftp.exe

Windows Exe (x86-32)

Created at 2018-10-16 10:55:00

...

Network Overview

Hosts (5)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
ftp.r2v2.co.uk 216.37.42.30 Carmel (United States) TCP, UDP
Has Blacklisted URL
Show WHOIS
config.edge.skype.com, s-0001.s-msedge.net 13.107.3.128 - TCP, UDP
Unknown
Show WHOIS
client-office365-tas.msedge.net, afdo-tas-offload.trafficmanager.net, vip5.afdorigin-prod-am02.afdogw.com 52.232.69.150 - TCP, UDP
Unknown
Show WHOIS
- 157.56.120.207 - UDP
Not Queried
Not Queried
- 157.56.120.208 - UDP
Not Queried
Not Queried
DNS Queries (3)
»
Hostname Categories Names Source Reputation Status
ftp.r2v2.co.uk Malware Mal/HTMLGen-A Function Log
Blacklisted
config.edge.skype.com - - PCAP
Unknown
client-office365-tas.msedge.net - - PCAP
Unknown

Connections

DNS (4)
»
Operation Additional Information Success Count Logfile
Resolve Name host = ftp.r2v2.co.uk, address_out = 216.37.42.30 True 1
Fn
Resolve Name host = client-office365-tas.msedge.net, address_out = 52.232.69.150 True 2 -
Resolve Name host = config.edge.skype.com, address_out = 13.107.3.128 True 1 -
TCP Sessions (9)
»
Information Value
Total Data Sent 11.51 KB
Total Data Received 61.44 KB
Contacted Host Count 4
Contacted Hosts 216.37.42.30, 13.107.3.128, 52.232.69.150, 216.37.42.30:55376
TCP Session #1
»
Information Value
Handle 0x608
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 216.37.42.30
Remote Port 55376
Local Address 192.168.0.51
Local Port 49429
Data Sent 0.52 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Bind local_address = 192.168.0.51, local_port = 49429, hint = OS assigned a local port from the dynamic client port range True 1
Fn
Connect remote_address = 216.37.42.30, remote_port = 55376 True 1
Fn
Send flags = NO_FLAG_SET, size = 535, size_out = 535 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
»
Information Value
Source PCAP
Stream ID 2
Remote Address 216.37.42.30
Remote Port 21
Local Address 192.168.0.51
Local Port 49428
Data Sent 1.02 KB
Data Received 1.45 KB
Time Highest Layer Additional Information Success
102.875721 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
103.025697 s TCP Data Sent: 0.05 KB, Data Received: 0.37 KB True
103.356960 s TCP Data Sent: 0.05 KB, Data Received: 0.10 KB True
103.479089 s FTP Data Sent: 0.08 KB, Data Received: 0.05 KB True
103.701435 s FTP Data Sent: 0.07 KB, Data Received: 0.09 KB True
104.178388 s FTP Data Sent: 0.07 KB, Data Received: 0.08 KB True
104.407955 s FTP Data Sent: 0.06 KB, Data Received: 0.09 KB True
104.548779 s FTP Data Sent: 0.06 KB, Data Received: 0.08 KB True
104.686259 s FTP Data Sent: 0.06 KB, Data Received: 0.08 KB True
104.824075 s FTP Data Sent: 0.06 KB, Data Received: 0.10 KB True
105.013252 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
105.556832 s FTP Data Sent: 0.14 KB, Data Received: 0.08 KB True
105.763244 s TCP Data Sent: 0.05 KB, Data Received: 0.14 KB True
105.903854 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
224.674321 s TCP Data Sent: 0.05 KB, Data Received: 0.07 KB True
224.912642 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #3
»
Information Value
Source PCAP
Stream ID 3
Remote Address 216.37.42.30
Remote Port 55376
Local Address 192.168.0.51
Local Port 49429
Data Sent 0.80 KB
Data Received 0.17 KB
Time Highest Layer Additional Information Success
105.420371 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
105.556299 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
105.700478 s FTP-DATA Data Sent: 0.58 KB, Data Received: 0.05 KB True
105.702344 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
105.840578 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #4
»
Information Value
Source PCAP
Stream ID 6
Remote Address 13.107.3.128
Remote Port 443
Local Address 192.168.0.51
Local Port 49430
Data Sent 1.48 KB
Data Received 7.52 KB
Time Highest Layer Additional Information Success
196.515761 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
196.539234 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.545177 s SSL Data Sent: 0.24 KB, Data Received: 0.05 KB True
196.571398 s TCP Data Sent: 0.05 KB, Data Received: 0.10 KB True
196.574867 s SSL Data Sent: 0.18 KB, Data Received: 0.05 KB True
196.654933 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.775634 s SSL Data Sent: 0.58 KB, Data Received: 0.05 KB True
196.819866 s TCP Data Sent: 0.05 KB, Data Received: 1.28 KB True
196.820099 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.820374 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.820667 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
229.286063 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #5
»
Information Value
Source PCAP
Stream ID 7
Remote Address 52.232.69.150
Remote Port 443
Local Address 192.168.0.51
Local Port 49431
Data Sent 1.84 KB
Data Received 19.39 KB
Time Highest Layer Additional Information Success
196.518926 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
196.547147 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.548031 s SSL Data Sent: 0.25 KB, Data Received: 1.48 KB True
196.581498 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.581953 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.584716 s SSL Data Sent: 0.18 KB, Data Received: 0.10 KB True
196.774374 s SSL Data Sent: 0.66 KB, Data Received: 1.48 KB True
196.812207 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.812343 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.812651 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.812824 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.812946 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.813250 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.841208 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.841410 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
196.841606 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
229.288527 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #6
»
Information Value
Source PCAP
Stream ID 12
Remote Address 13.107.3.128
Remote Port 443
Local Address 192.168.0.51
Local Port 49435
Data Sent 1.38 KB
Data Received 5.28 KB
Time Highest Layer Additional Information Success
228.217795 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
228.245220 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.248240 s SSL Data Sent: 0.24 KB, Data Received: 0.05 KB True
228.280506 s TCP Data Sent: 0.05 KB, Data Received: 0.10 KB True
228.285276 s SSL Data Sent: 0.18 KB, Data Received: 0.05 KB True
228.346633 s SSL Data Sent: 0.58 KB, Data Received: 0.05 KB True
228.383444 s TCP Data Sent: 0.05 KB, Data Received: 0.52 KB True
228.383570 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.383770 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.384012 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #7
»
Information Value
Source PCAP
Stream ID 13
Remote Address 52.232.69.150
Remote Port 443
Local Address 192.168.0.51
Local Port 49436
Data Sent 1.78 KB
Data Received 18.21 KB
Time Highest Layer Additional Information Success
228.224897 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
228.251335 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.253482 s SSL Data Sent: 0.25 KB, Data Received: 1.48 KB True
228.285756 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.286257 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.289218 s SSL Data Sent: 0.18 KB, Data Received: 0.10 KB True
228.348353 s SSL Data Sent: 0.66 KB, Data Received: 1.48 KB True
228.389855 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.390107 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.390280 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.390407 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.390664 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.390950 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.419298 s TCP Data Sent: 0.05 KB, Data Received: 0.30 KB True
228.419410 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
228.419612 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #8
»
Information Value
Source PCAP
Stream ID 18
Remote Address 13.107.3.128
Remote Port 443
Local Address 192.168.0.51
Local Port 49441
Data Sent 1.38 KB
Data Received 4.76 KB
Time Highest Layer Additional Information Success
239.082986 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
239.271013 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
239.274404 s SSL Data Sent: 0.24 KB, Data Received: 0.05 KB True
239.301951 s TCP Data Sent: 0.05 KB, Data Received: 0.10 KB True
239.310487 s SSL Data Sent: 0.18 KB, Data Received: 0.05 KB True
239.341058 s SSL Data Sent: 0.63 KB, Data Received: 0.05 KB True
239.382705 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
239.382848 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
239.383161 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #9
»
Information Value
Source PCAP
Stream ID 19
Remote Address 52.232.69.150
Remote Port 443
Local Address 192.168.0.51
Local Port 49442
Data Sent 1.31 KB
Data Received 4.66 KB
Time Highest Layer Additional Information Success
239.084675 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
239.273705 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
239.279077 s SSL Data Sent: 0.25 KB, Data Received: 1.48 KB True
239.310736 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
239.313634 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
239.321025 s SSL Data Sent: 0.18 KB, Data Received: 0.10 KB True
239.355102 s SSL Data Sent: 0.66 KB, Data Received: 0.05 KB True
UDP Sessions (6)
»
Total Data Sent 1.03 KB
Total Data Received 1.64 KB
Contacted Host Count 3
Contacted Hosts 157.56.120.207, 157.56.120.208, 192.168.0.1
UDP Session #1
»
Information Value
Source PCAP
Stream ID 65
Remote Address 157.56.120.207
Remote Port 3544
Local Address 192.168.0.51
Local Port 52759
Data Sent 0.60 KB
Data Received 0.88 KB
Time Highest Layer Additional Information Success
17.517684 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
51.141710 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
90.095926 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
126.532865 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
174.652690 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
204.785072 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
UDP Session #2
»
Information Value
Source PCAP
Stream ID 66
Remote Address 157.56.120.208
Remote Port 3544
Local Address 192.168.0.51
Local Port 52759
Data Sent 0.10 KB
Data Received 0.15 KB
Time Highest Layer Additional Information Success
18.042383 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
UDP Session #3
»
Information Value
Source PCAP
Stream ID 357
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.51
Local Port 53759
Data Sent 0.08 KB
Data Received 0.13 KB
Time Highest Layer Additional Information Success
196.504100 s DNS Data Sent: 0.08 KB, Data Received: 0.13 KB True
UDP Session #4
»
Information Value
Source PCAP
Stream ID 358
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.51
Local Port 57167
Data Sent 0.09 KB
Data Received 0.20 KB
Time Highest Layer Additional Information Success
196.517076 s DNS Data Sent: 0.09 KB, Data Received: 0.20 KB True
UDP Session #5
»
Information Value
Source PCAP
Stream ID 362
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.51
Local Port 55276
Data Sent 0.09 KB
Data Received 0.20 KB
Time Highest Layer Additional Information Success
228.212183 s DNS Data Sent: 0.09 KB, Data Received: 0.20 KB True
UDP Session #6
»
Information Value
Source PCAP
Stream ID 273
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.51
Local Port 57040
Data Sent 0.07 KB
Data Received 0.09 KB
Time Highest Layer Additional Information Success
102.747148 s DNS Data Sent: 0.07 KB, Data Received: 0.09 KB True
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image