8de655e6...32b8 | Network
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Dropper, Downloader

8de655e68ab3408b1101cd0e5f4c3dbe1a361cbb2a5ee10888f5ad30b95332b8 (SHA256)

cm_coupon_6185.doc

Word Document

Created at 2018-11-26 15:52:00

...

Notifications (1/1)

The operating system was rebooted during the analysis.

Network Overview

Hosts (4)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
greatvacationgiveaways.com 199.241.186.126 Cyprus HTTP, TCP, UDP
Unknown
Not Queried
- 79.129.42.122 Athens (Greece) TCP
Unknown
Not Queried
- 50.74.56.147 New York (United States) TCP
Unknown
Not Queried
75.161.71.124:990 75.161.71.124 Albuquerque (United States) TCP
Unknown
Not Queried
DNS Queries (1)
»
Hostname Categories Names Source Reputation Status
greatvacationgiveaways.com - - PCAP
Unknown
URLs (6)
»
URL Categories Names Source HTTP Status Code Reputation Status
http://greatvacationgiveaways.com/i0Qwfwrn - - Function Log MOVED (301)
Unknown
http://greatvacationgiveaways.com/i0Qwfwrn/ - - PCAP OK (200)
Unknown
HTTP://79.129.42.122 - - Function Log -
Unknown
HTTP://50.74.56.147 - - Function Log -
Unknown
HTTP://75.161.71.124 - - Function Log -
Unknown
http://75.161.71.124:990/ - - PCAP OK (200)
Unknown

Connections

DNS (1)
»
Operation Additional Information Success Count Logfile
Resolve Name host = greatvacationgiveaways.com, address_out = 199.241.186.126 True 1 -
TCP Sessions (2)
»
Information Value
Total Data Sent 3.84 KB
Total Data Received 39.14 KB
Contacted Host Count 2
Contacted Hosts 199.241.186.126, 75.161.71.124
TCP Session #1
»
Information Value
Source PCAP
Stream ID 2
Remote Address 199.241.186.126
Remote Port 80
Local Address 192.168.0.252
Local Port 49159
Data Sent 2.47 KB
Data Received 38.68 KB
Time Highest Layer Additional Information Success
57.865188 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
58.000906 s TCP Data Sent: 0.05 KB, Data Received: 0.56 KB True
58.001493 s HTTP Data Sent: 0.39 KB, Data Received: 0.05 KB True
58.153003 s HTTP Data Sent: 0.39 KB, Data Received: 0.05 KB True
59.854556 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.854953 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.855418 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.855873 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.856259 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.884288 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.992226 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.995280 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.995542 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.995771 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.996019 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.996114 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.996299 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
59.996797 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.127648 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.128096 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.128446 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.131963 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.132153 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.132386 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.132596 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.132716 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.132961 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.133136 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.133872 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
60.134019 s TCP Data Sent: 0.05 KB, Data Received: 0.93 KB True
60.135059 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
60.261934 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
64.872648 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
69.890653 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #2
»
Information Value
Source PCAP
Stream ID 31
Remote Address 75.161.71.124
Remote Port 990
Local Address 192.168.0.252
Local Port 49188
Data Sent 1.37 KB
Data Received 0.47 KB
Time Highest Layer Additional Information Success
132.784159 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
135.797900 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
136.139965 s TCP Data Sent: 0.05 KB, Data Received: 0.35 KB True
136.140795 s HTTP Data Sent: 1.08 KB, Data Received: 0.05 KB True
137.560679 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
158.988557 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
UDP Sessions (1)
»
Total Data Sent 0.08 KB
Total Data Received 0.10 KB
Contacted Host Count 1
Contacted Hosts 192.168.0.1
UDP Session #1
»
Information Value
Source PCAP
Stream ID 79
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.252
Local Port 54515
Data Sent 0.08 KB
Data Received 0.10 KB
Time Highest Layer Additional Information Success
57.862569 s DNS Data Sent: 0.08 KB, Data Received: 0.10 KB True
HTTP Sessions (5)
»
Information Value
Total Data Sent 1.67 KB
Total Data Received 132.15 KB
Contacted Host Count 4
Contacted Hosts 79.129.42.122, 50.74.56.147, 75.161.71.124, greatvacationgiveaways.com
HTTP Session #1
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Server Name 79.129.42.122
Server Port 990
Data Sent 0.33 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 79.129.42.122, server_port = 990 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Cookie: 47441=T5PCeJkUsh89vg8dNVchnP+kt/E5fceD37XA+wh/hSeM/EyCuw0StRPBeQc+n4sk+7Sg7rQY/j40mOamqAtjB2gWz9snCFLYSsXd47IuDwizMcI0GlIf6qxan9u5BR546krhR5j8iLWLa6htAW605MC4Xd0SP/tM7ASJxJrUwnswrKZWtH6d0b1c2qfWH10EpP/LywjX/r5tMypENmiiq0c6sC5ftihtdM1aHTxM48DpmjuthQtpzbYxK5XLQ1QqDVY5na9OpN/+iVjbBugGH4eB6TJ/gdMyHXN30VbjTa1VGgTmCcDDQVjc6rM9fSdur4oMaQcRGrUT2yjvlMiaTnlo6ch6LmFaF9Uj5Mn5JA8iFoc1f8R8Lx9UuVtlKe218TRVDEUDsqhWFDn8NQxHHBYPXz8ruYnFnQwsCBDtMjKyVDBPQHvibCkFxhIIbR2I00Lh8x8IdhMyPZkNwC9dif60/OFrPmOh00TJRYxFmJH3Nt7Eq0OB54cyGyGKRf8Vqxtt5Z4P1/bd49EAi/Hst8BZHlsdUdQfvwOiG6w9votk3ZGAgvguPutUMTMbshjoFbea0kbcSmrFb6w8xXCbcRQzzC6kseTnfOiBQRivDpzDjmju1PqikM5IyZkbSzcFRbE1Vqdi2GdGsTCbzMJOikDKvT9Nk1tp3V9SBqg95mMEmzmxBbA/TTolDIHB2WjDxGSEivoWhVC+wh9ex+GSWvySTdbKS5znSAL44AfCD16+PEUC, url = 79.129.42.122 False 1
Fn
Close Session - True 3
Fn
HTTP Session #2
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Server Name 50.74.56.147
Server Port 8080
Data Sent 0.33 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 50.74.56.147, server_port = 8080 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Cookie: 1469=lDfHpeMyBYPbMQDfqMbdPY82GBPnJybCQvwjtyioCRD0xqazG+c5i/xc2mWz3of/+8XGhc/7I2nposRjKVvUmEEzHqsguVRKiKg5J1WvzB6g/SgBxOBe0cA8ftCqQFkgK5YIq7F6AC9pjXzVERoAGUd/aCg7QeGYo8yMESORCL3ggLjxynx50m+BMsgklI/8oAZ3U6bbAY70EdgaXrKCsIHcGXCM5CnzfUCmWw0z9ioApJFEHdJOTrMAs4gHGksFSiMBEMB6/r0v9HT95bgkO+1gEmKbHdhJO6IJ0Ht5VngKBxknO0xnEMinab5pDRXWZa274f2TlJ4/Z6ukgzSl03HNDlwuYQ/HEZMfL0gDO8ro3NjCNT0YijoK8CjyvNg3EqZsqoHOiRyo5uHgDzOtQwlXm2lMcyRL76XcnfiKlEepclzC4HsN0ALV0ztCsKcUFTCMJEZyMJmMwkBORkmfHBCQm1mYov5Qmsnss+6pPhGmqJN9IOtGLBZydM2KvO8cX0/wp5fHZ58J0CeN7TRvxfmrfPoy7pKeRmidh4FOj3bxf1GV8anfgJg14+IbJfvZ7ypCFPTq62lY94UCl+kThunXFV37g1GmEGMLF5AaoYF2tLu/q25kxWn4vx1ebobPtGK0dSPiRg3EuuQIVUqilTKZu718O562D1KEmiKEQqLB1axJLxBumZJhTmzllxqW+nf8KDJJ3sCPQr4o4pIAoal5l6/iuj9UmobaPzM3btLmH7X4iUNVzTUnPMV9s7wiD2lEtg==, url = 50.74.56.147 False 1
Fn
Close Session - True 3
Fn
HTTP Session #3
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Server Name 75.161.71.124
Server Port 990
Data Sent 0.33 KB
Data Received 0.15 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 75.161.71.124, server_port = 990 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Cookie: 22716=lLuvezoi1SCacIyK6nFbNpMCZc9xUG91dmvPWmvvtRJn6NXsHYRTKLHVPx/57NvU6fRgeWnXFESOoJodDPqueCtX2FIDGODmY2vSopfq5207ipeVBLvyPwh8CkETv7wQBx4WOVrWJ7WDcVNgQjM0MelppXX6FsZovOQwXX5/ZLNmxdPHRQ2wQy5t2IfooqXkXTXLlu4XwY0fl/qU8RIA4eW4AvOP0yJspnL/aF58H81+UyjtdgU5GFCs2BASrlQl74lYKPeoP4QdSC0FQ3vaJQjUcvgPg6CW/vMaM/tZ5NH+nxPvat85DDlinzGBDzvMdZWArAqZXYDPr0C5I4RclWil5Jqv7YTTOmRBNPKYmt4810e4P/LTSKqBQQTHHAC6x6VRbqGZ+VVqwnofu7vrTdg/4JxZHWoScRpPJLfqbUPJW/GjVaBBLiZGAUmEa/K1Bqpej69u5vdXxJ2LpyN7qC9hHO5IBs0yJzxECKnlJpRavudA5uaqf9fhUr1vKMJW/4F/7Sht8b6UEJTRwL0PK2X6KQiH03XHnYr8KR6xSu6RtRL568lgrIrmzbRU3jtpXtkO0rY/lqSZCGZjCxPQ+aav+fb+3EWbtLrHSB+Z/oaIjdUbcwLF/Q+8NRzQWKVkbArEUBpaccW/Vm+/W/3mYynOPqFNSzzQoBGLvPhX3vkEh/glpN3MXvRSBjtQGc39k8IqjNhVhQBCSuIKAyTySuWf9VvmDI6hzz0VtpL7UaD5VlEg, url = 75.161.71.124 True 1
Fn
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_CONTENT_LENGTH, size_out = 4 True 1
Fn
Data
Read Response size = 148, size_out = 148 True 1
Fn
Data
Close Session - True 3
Fn
HTTP Session #4
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Server Name 79.129.42.122
Server Port 990
Data Sent 0.33 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 79.129.42.122, server_port = 990 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Cookie: 31293=dp9OEJiH44KQSqKhhEvGQsvYKnEk5KQ9Zei3C7i9ZDJjRicqQCWu+eOWwaq4eLc1Mjhctg34+NyjlZ8pHHLPkmqJgSZf9q3InQ+ZPYy4cHok6F6uONIM8x1R8Co5KnOWIciVtX4Vhw1liEeWjWqMR4T9G9Jl2prT5szDD3DEajdMapaW+MqNOqSwDwEHcOEv+A80zAshK3ksJg0DboZy4l0/aLUIigDffRvAVuS60Eqe3Ue20iKRpkSTBYsIcWyWNAjw3eLLf4RwOeVkFf0oJuO5Ymu0vh+8ysJu9xj87pMo0nlPPnwomwfe9tpuRjHNrMoJ0AKOl+A/nWQ3JxBnVlyygNr0G0alhSwQJk2o4TXBDUstpp7YwWUZzDDeRDhlDpMUOVSgZOi1MzSFppV1sT7G9sA7e4uwwqN0yQETaxn7OI8e, url = 79.129.42.122 False 1
Fn
HTTP Session #5
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Server Name greatvacationgiveaways.com
Server Port 80
Data Sent 0.34 KB
Data Received 132.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = greatvacationgiveaways.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /i0Qwfwrn True 1
Fn
Send HTTP Request url = http://greatvacationgiveaways.com/i0Qwfwrn True 1
Fn
Receive HTTP Status status = 200 True 1
Fn
Read Response size_out = 135168 True 1
Fn
Data
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image