8ad28604...29a2 | Network
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Target: win7_64_sp1-mso2016 | ms_office
Classification: Dropper, Keylogger, Downloader

8ad2860416f81070b57d262e8dcb2894048f18c8989f9c24a870a1582c2129a2 (SHA256)

BZ_Media_Info.doc

Word Document

Created at 2018-03-29 15:42:00

...

Notifications (2/3)

Code overwrite was observed during this analysis. Note that the analysis results may be affected by this modification by the sample.

The overall sleep time of all monitored processes was truncated from "23 seconds" to "10 seconds" to reveal dormant functionality.

The operating system was rebooted during the analysis because the sample installed a startup script or application for persistence.

Connection Overview

Contacted Hosts (1)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
ihbnaoisdnasdasd.com 158.69.153.61 Montréal (Canada) HTTP, DNS, TCP
Has Blacklisted URL
Show WHOIS
Contacted URLs (1)
»
URL Categories Names HTTP Status Code Reputation Status
ihbnaoisdnasdasd.com/NOIT/testv.php?l=krish7.class - - -
Blacklisted

Connections

DNS (1)
»
Operation Additional Information Success Count Logfile
Resolve Name host = ihbnaoisdnasdasd.com, address_out = 158.69.153.61 True 1
Fn
HTTP Sessions (1)
»
Information Value
Total Data Sent 0.10 KB
Total Data Received 2.73 MB
Contacted Host Count 1
Contacted Hosts ihbnaoisdnasdasd.com
HTTP Session #1
»
Information Value
Server Name ihbnaoisdnasdasd.com
Server Port 80
Data Sent 0.10 KB
Data Received 2.73 MB
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ihbnaoisdnasdasd.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /NOIT/testv.php?l=krish7.class True 1
Fn
Send HTTP Request headers = host: ihbnaoisdnasdasd.com, connection: Keep-Alive, url = ihbnaoisdnasdasd.com/NOIT/testv.php?l=krish7.class True 1
Fn
Data
Read Response size = 4096, size_out = 4096 True 1
Fn
Data
Read Response size = 65536, size_out = 8972 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 5808 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 2
Fn
Data
Read Response size = 65536, size_out = 21780 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 23232 True 1
Fn
Data
Read Response size = 65536, size_out = 5808 True 1
Fn
Data
Read Response size = 65536, size_out = 27588 True 1
Fn
Data
Read Response size = 65536, size_out = 49368 True 1
Fn
Data
Read Response size = 65536, size_out = 23232 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 29040 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 24684 True 1
Fn
Data
Read Response size = 65536, size_out = 5808 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 20328 True 1
Fn
Data
Read Response size = 65536, size_out = 8712 True 1
Fn
Data
Read Response size = 65536, size_out = 3472 True 1
Fn
Data
Read Response size = 65536, size_out = 2336 True 1
Fn
Data
Read Response size = 65536, size_out = 13068 True 1
Fn
Data
Read Response size = 65536, size_out = 26136 True 1
Fn
Data
Read Response size = 65536, size_out = 29040 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 24684 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 59532 True 1
Fn
Data
Read Response size = 65536, size_out = 18876 True 1
Fn
Data
Read Response size = 65536, size_out = 5808 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 23232 True 1
Fn
Data
Read Response size = 65536, size_out = 7260 True 1
Fn
Data
Read Response size = 65536, size_out = 20328 True 1
Fn
Data
Read Response size = 65536, size_out = 29040 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 23232 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 26136 True 1
Fn
Data
Read Response size = 65536, size_out = 27588 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 27588 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 21780 True 1
Fn
Data
Read Response size = 65536, size_out = 5808 True 1
Fn
Data
Read Response size = 65536, size_out = 23232 True 1
Fn
Data
Read Response size = 65536, size_out = 29040 True 1
Fn
Data
Read Response size = 65536, size_out = 60984 True 1
Fn
Data
Read Response size = 65536, size_out = 8712 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 8712 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 26136 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 27588 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 24684 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 30492 True 1
Fn
Data
Read Response size = 65536, size_out = 7260 True 1
Fn
Data
Read Response size = 65536, size_out = 11616 True 1
Fn
Data
Read Response size = 65536, size_out = 33396 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 15972 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 31944 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 14520 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 49368 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 8516 True 1
Fn
Data
Read Response size = 65536, size_out = 3472 True 1
Fn
Data
Read Response size = 65536, size_out = 884 True 1
Fn
Data
Read Response size = 65536, size_out = 26136 True 1
Fn
Data
Read Response size = 65536, size_out = 5808 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 5612 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 14324 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 8516 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 8516 True 1
Fn
Data
Read Response size = 65536, size_out = 5808 True 1
Fn
Data
Read Response size = 65536, size_out = 27588 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 7064 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 8516 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 12872 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 7260 True 1
Fn
Data
Read Response size = 65536, size_out = 8712 True 1
Fn
Data
Read Response size = 65536, size_out = 3472 True 1
Fn
Data
Read Response size = 65536, size_out = 884 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 8516 True 1
Fn
Data
Read Response size = 65536, size_out = 7260 True 1
Fn
Data
Read Response size = 65536, size_out = 65340 True 1
Fn
Data
Read Response size = 65536, size_out = 7260 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 8516 True 1
Fn
Data
Read Response size = 65536, size_out = 3472 True 1
Fn
Data
Read Response size = 65536, size_out = 18308 True 1
Fn
Data
Read Response size = 65536, size_out = 5808 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 33200 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 7064 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 8516 True 1
Fn
Data
Read Response size = 65536, size_out = 7260 True 1
Fn
Data
Read Response size = 65536, size_out = 13068 True 1
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 5808 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 7064 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 7064 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 8516 True 1
Fn
Data
Read Response size = 65536, size_out = 4356 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 13068 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 2
Fn
Data
Read Response size = 65536, size_out = 2904 True 1
Fn
Data
Read Response size = 65536, size_out = 1452 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 8516 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 65536, size_out = 4160 True 1
Fn
Data
Read Response size = 65536, size_out = 65536 True 1
Fn
Data
Read Response size = 38519, size_out = 1256 True 1
Fn
Data
Read Response size = 37263, size_out = 33396 True 1
Fn
Data
Read Response size = 3867, size_out = 3867 True 1
Fn
Data
Close Session - True 1
Fn
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image