90813ad8...c008 | Network
Logo
Try VMRay Analyzer
VTI SCORE: 98/100
Dynamic Analysis Report
Classification: -

90813ad836effce0e21843c7db025d56bf1d204af25746578800f09a049ac008 (SHA256)

name.doc

Word Document

Created at 2019-02-08 09:18:00

...

Notifications (2/2)

The overall sleep time of all monitored processes was truncated from "5 minutes" to "20 seconds" to reveal dormant functionality.

The operating system was rebooted during the analysis.

Network Overview

Connections

TCP Sessions (4)
»
Information Value
Total Data Sent 1.43 KB
Total Data Received 0.87 KB
Contacted Host Count 2
Contacted Hosts 192.241.217.57, 192.241.217.57:80
TCP Session #1
»
Information Value
Handle 0x70
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 192.241.217.57
Remote Port 80
Local Address 0.0.0.0
Local Port 49183
Data Sent 0.20 KB
Data Received 0.05 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.241.217.57, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4096, size_out = 16 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 48, size_out = 48 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4096, size_out = 16 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 128, size_out = 128 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4096, size_out = 16 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
»
Information Value
Handle 0x70
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 192.241.217.57
Remote Port 80
Local Address 0.0.0.0
Local Port 49183
Data Sent 0.08 KB
Data Received 0.03 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 192.241.217.57, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4096, size_out = 16 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 48, size_out = 48 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4096, size_out = 16 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #3
»
Information Value
Source PCAP
Stream ID 26
Remote Address 192.241.217.57
Remote Port 80
Local Address 192.168.0.91
Local Port 49183
Data Sent 0.69 KB
Data Received 0.43 KB
Time Highest Layer Additional Information Success
158.092575 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
158.263647 s TCP Data Sent: 0.05 KB, Data Received: 0.07 KB True
158.264269 s TCP Data Sent: 0.08 KB, Data Received: 0.05 KB True
158.683221 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
160.114119 s DATA Data Sent: 0.10 KB, Data Received: 0.07 KB True
160.492908 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
161.120287 s TCP Data Sent: 0.18 KB, Data Received: 0.07 KB True
161.394413 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
162.131582 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #4
»
Information Value
Source PCAP
Stream ID 27
Remote Address 192.241.217.57
Remote Port 80
Local Address 192.168.0.91
Local Port 49184
Data Sent 0.46 KB
Data Received 0.36 KB
Time Highest Layer Additional Information Success
172.865362 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
173.212512 s TCP Data Sent: 0.05 KB, Data Received: 0.07 KB True
173.212965 s TCP Data Sent: 0.08 KB, Data Received: 0.05 KB True
173.596822 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
174.223256 s DATA Data Sent: 0.10 KB, Data Received: 0.07 KB True
174.401773 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
175.235081 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image