Malicious Javascript from MYOB Email Attack | Network
Try VMRay Analyzer
Connection Overview
Remarks
Critical The sample contacted only unknown URLs.

Remote Hosts (3)
-
Host Country City Protocols Reputation Status
moranaccountants-my.sharepoint.com (13.107.6.151) United States Redmond HTTP, TCP
Unknown
192.99.181.10 Belize - TCP
Unknown
httpbin.org (54.225.177.165) United States Ashburn HTTP, TCP
Unknown
URL (2)
-
URL Connection Successful Reputation Status
https://moranaccountants-my.sharepoint.com/personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx?docid=03559bd7bd473450fab4c679cae4be913&authkey=AXWiRPNRVvwj9BsVKKyrAsc&e=259ca72ab9534857b5c3964310916b09 True
Unknown
httpbin.org/ip True
Unknown
Connections
TCP Sessions (1)
+
Information Value
Total Data Sent 0.00 KB (0 bytes)
Total Data Received 0.00 KB (0 bytes)
Contacted Host Count 1
Contacted Hosts 192.99.181.10:443
TCP Session #1
+
Information Value
Handle 0x214
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 192.99.181.10
Remote Port 443
Local Address 0.0.0.0
Local Port 1984
Data Sent 0.00 KB (0 bytes)
Data Received 0.00 KB (0 bytes)
Operations
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Bind local_address = 0x0, local_port = 0 True 1
Fn
Connect remote_address = 192.99.181.10, remote_port = 443 True 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 3
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 4
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 2
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
HTTP Sessions (2)
+
Information Value
Total Data Sent 0.68 KB (696 bytes)
Total Data Received 505.54 KB (517668 bytes)
Contacted Host Count 2
Contacted Hosts httpbin.org, moranaccountants-my.sharepoint.com
HTTP Session #1
+
Information Value
User Agent Wget/1.11.
Server Name httpbin.org
Server Port 80
Data Sent 0.16 KB (163 bytes)
Data Received 0.03 KB (33 bytes)
Operations
Operation Additional Information Success Count Logfile
Open Session user_agent = Wget/1.11., access_type = WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, flags = WINHTTP_FLAG_SYNC True 1
Fn
Open Connection protocol = HTTP, server_name = httpbin.org, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /ip, accept_types = 0, flags = INTERNET_FLAG_FORMS_SUBMIT, INTERNET_FLAG_PRAGMA_NOCACHE True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = httpbin.org/ip True 1
Fn
Read Response size = 33, size_out = 33 True 1
Fn
Data
Close Session - True 1
Fn
HTTP Session #2
+
Information Value
Used COM interface MSXML2.XMLHTTP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Server Name moranaccountants-my.sharepoint.com
Server Port 443
Data Sent 0.52 KB (533 bytes)
Data Received 505.50 KB (517635 bytes)
Operations
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = https, server_name = moranaccountants-my.sharepoint.com, server_port = 443 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx True 1
Fn
Send HTTP Request url = https://moranaccountants-my.sharepoint.com/personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx?docid=03559bd7bd473450fab4c679cae4be913&authkey=AXWiRPNRVvwj9BsVKKyrAsc&e=259ca72ab9534857b5c3964310916b09 True 1
Fn
Read Response size_out = 3, data = MZ True 1
Fn
Read Response size_out = 517632 True 1
Fn
Data
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image