Analysis

Category Package Started Completed Duration Log
PCAP 2020-10-01 13:21:18 2020-10-01 13:21:19 1 seconds Show Log

    


Signatures

No signatures

Hosts

Direct IP Country Name
Y 84.53.167.113 [VT] Europe
Y 216.58.207.38 [VT] United States
Y 216.58.207.174 [VT] United States
Y 205.185.216.42 [VT] United States
Y 93.184.220.29 [VT] Europe
N 92.122.145.220 [VT] Europe
N 80.239.152.136 [VT] Europe
Y 8.8.8.8 [VT] United States
Y 67.27.233.254 [VT] United States
N 54.36.123.232 [VT] France
Y 52.158.208.111 [VT] United States
N 51.104.139.180 [VT] United Kingdom
Y 204.79.197.200 [VT] United States
Y 2.18.69.200 [VT] Europe
Y 104.108.60.202 [VT] Netherlands
Y 172.217.23.66 [VT] United States
Y 172.217.23.174 [VT] United States
Y 172.217.22.99 [VT] United States
Y 172.217.22.14 [VT] United States
Y 172.217.16.161 [VT] United States
Y 151.101.2.114 [VT] United States
Y 151.101.112.157 [VT] Germany

DNS

Name Response Post-Analysis Lookup
id5-sync.com [VT] A 5.39.67.10 [VT]
A 54.36.109.47 [VT]
A 51.75.146.200 [VT]
A 54.36.109.22 [VT]
A 46.105.105.90 [VT]
A 5.39.66.15 [VT]
A 193.70.45.171 [VT]
A 54.36.109.48 [VT]
A 54.36.109.49 [VT]
A 151.80.29.101 [VT]
A 54.36.123.232 [VT]
A 54.36.109.156 [VT]
A 54.36.109.183 [VT]
A 46.105.114.118 [VT]
A 5.39.66.192 [VT]
A 5.39.67.46 [VT]
A 54.36.109.46 [VT]
A 5.39.66.201 [VT]
A 51.195.5.232 [VT]
A 54.36.123.231 [VT]
A 54.36.109.155 [VT]
A 51.75.146.199 [VT]
A 51.195.5.40 [VT]
A 54.36.109.166 [VT]
A 54.36.109.186 [VT]
A 51.195.5.38 [VT]
54.36.109.46 [VT]
favicon.ico [VT] NXDOMAIN
arc.msn.com [VT] A 51.104.139.180 [VT]
CNAME arc.msn.com.nsatc.net [VT]
52.184.206.73 [VT]
img-prod-cms-rt-microsoft-com.akamaized.net [VT] CNAME a1449.dscg2.akamai.net [VT]
A 80.239.148.32 [VT]
A 80.239.152.136 [VT]
72.246.56.48 [VT]
store-images.s-microsoft.com [VT] CNAME e12564.dspb.akamaiedge.net [VT]
CNAME store-images.s-microsoft.com-c.edgekey.net [VT]
A 92.122.145.220 [VT]
104.118.223.72 [VT]

Sorry! No behavior.

Hosts

Direct IP Country Name
Y 84.53.167.113 [VT] Europe
Y 216.58.207.38 [VT] United States
Y 216.58.207.174 [VT] United States
Y 205.185.216.42 [VT] United States
Y 93.184.220.29 [VT] Europe
N 92.122.145.220 [VT] Europe
N 80.239.152.136 [VT] Europe
Y 8.8.8.8 [VT] United States
Y 67.27.233.254 [VT] United States
N 54.36.123.232 [VT] France
Y 52.158.208.111 [VT] United States
N 51.104.139.180 [VT] United Kingdom
Y 204.79.197.200 [VT] United States
Y 2.18.69.200 [VT] Europe
Y 104.108.60.202 [VT] Netherlands
Y 172.217.23.66 [VT] United States
Y 172.217.23.174 [VT] United States
Y 172.217.22.99 [VT] United States
Y 172.217.22.14 [VT] United States
Y 172.217.16.161 [VT] United States
Y 151.101.2.114 [VT] United States
Y 151.101.112.157 [VT] Germany

TCP

Source Source Port Destination Destination Port
151.101.112.157 80 192.168.2.3 49749
151.101.2.114 80 192.168.2.3 49812
172.217.16.161 443 192.168.2.3 49755
172.217.16.161 443 192.168.2.3 49756
172.217.22.14 443 192.168.2.3 49760
172.217.22.14 443 192.168.2.3 49762
172.217.22.99 443 192.168.2.3 49719
172.217.23.174 443 192.168.2.3 49724
172.217.23.66 443 192.168.2.3 49751
172.217.23.66 443 192.168.2.3 49752
192.168.2.3 49691 104.108.60.202 443
192.168.2.3 49696 2.18.69.200 443
192.168.2.3 49693 204.79.197.200 443
192.168.2.3 49694 204.79.197.200 443
192.168.2.3 49726 51.104.139.180 arc.msn.com 443
192.168.2.3 49727 51.104.139.180 arc.msn.com 443
192.168.2.3 49728 51.104.139.180 arc.msn.com 443
192.168.2.3 49729 51.104.139.180 arc.msn.com 443
192.168.2.3 49719 51.143.111.7 443
192.168.2.3 49718 52.158.208.111 443
192.168.2.3 49725 52.158.208.111 443
192.168.2.3 49724 52.184.221.185 443
192.168.2.3 49721 54.36.123.232 id5-sync.com 80
192.168.2.3 49722 54.36.123.232 id5-sync.com 80
192.168.2.3 49723 54.36.123.232 id5-sync.com 443
192.168.2.3 49681 67.27.233.254 80
192.168.2.3 49730 80.239.152.136 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.2.3 49731 80.239.152.136 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.2.3 49733 80.239.152.136 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.2.3 49732 92.122.145.220 store-images.s-microsoft.com 443
192.168.2.3 49697 93.184.220.29 80
205.185.216.42 80 192.168.2.3 49680
205.185.216.42 80 192.168.2.3 49682
216.58.207.174 443 192.168.2.3 49749
216.58.207.174 443 192.168.2.3 49750
216.58.207.38 443 192.168.2.3 49753
216.58.207.38 443 192.168.2.3 49754
84.53.167.113 80 192.168.2.3 49692
93.184.220.29 80 192.168.2.3 49686

UDP

Source Source Port Destination Destination Port
192.168.2.3 49563 8.8.8.8 53
192.168.2.3 50141 8.8.8.8 53
192.168.2.3 50540 8.8.8.8 53
192.168.2.3 50713 8.8.8.8 53
192.168.2.3 51352 8.8.8.8 53
192.168.2.3 53023 8.8.8.8 53
192.168.2.3 53034 8.8.8.8 53
192.168.2.3 53195 8.8.8.8 53
192.168.2.3 54366 8.8.8.8 53
192.168.2.3 55435 8.8.8.8 53
192.168.2.3 56132 8.8.8.8 53
192.168.2.3 57084 8.8.8.8 53
192.168.2.3 57568 8.8.8.8 53
192.168.2.3 57762 8.8.8.8 53
192.168.2.3 58823 8.8.8.8 53
192.168.2.3 59349 8.8.8.8 53
192.168.2.3 60100 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
id5-sync.com [VT] A 5.39.67.10 [VT]
A 54.36.109.47 [VT]
A 51.75.146.200 [VT]
A 54.36.109.22 [VT]
A 46.105.105.90 [VT]
A 5.39.66.15 [VT]
A 193.70.45.171 [VT]
A 54.36.109.48 [VT]
A 54.36.109.49 [VT]
A 151.80.29.101 [VT]
A 54.36.123.232 [VT]
A 54.36.109.156 [VT]
A 54.36.109.183 [VT]
A 46.105.114.118 [VT]
A 5.39.66.192 [VT]
A 5.39.67.46 [VT]
A 54.36.109.46 [VT]
A 5.39.66.201 [VT]
A 51.195.5.232 [VT]
A 54.36.123.231 [VT]
A 54.36.109.155 [VT]
A 51.75.146.199 [VT]
A 51.195.5.40 [VT]
A 54.36.109.166 [VT]
A 54.36.109.186 [VT]
A 51.195.5.38 [VT]
54.36.109.46 [VT]
favicon.ico [VT] NXDOMAIN
arc.msn.com [VT] A 51.104.139.180 [VT]
CNAME arc.msn.com.nsatc.net [VT]
52.184.206.73 [VT]
img-prod-cms-rt-microsoft-com.akamaized.net [VT] CNAME a1449.dscg2.akamai.net [VT]
A 80.239.148.32 [VT]
A 80.239.152.136 [VT]
72.246.56.48 [VT]
store-images.s-microsoft.com [VT] CNAME e12564.dspb.akamaiedge.net [VT]
CNAME store-images.s-microsoft.com-c.edgekey.net [VT]
A 92.122.145.220 [VT]
104.118.223.72 [VT]

HTTP Requests

URI Data
http://id5-sync.com/
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: id5-sync.com
Connection: Keep-Alive

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

Timestamp Source IP Source Port Destination IP Destination Port Subject Issuer Fingerprint Version
2020-10-01 13:09:36.052 192.168.2.3 [VT] 49715 51.143.111.7 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=*.big.telemetry.microsoft.com a9:55:40:c1:0f:5f:5f:e0:5e:42:63:b5:7d:fd:4e:99:7c:ad:59:cd TLS 1.2
2020-10-01 13:09:36.923 192.168.2.3 [VT] 49716 52.184.221.185 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=*.big.telemetry.microsoft.com a9:55:40:c1:0f:5f:5f:e0:5e:42:63:b5:7d:fd:4e:99:7c:ad:59:cd TLS 1.2
2020-10-01 13:09:37.638 192.168.2.3 [VT] 49717 52.158.208.111 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=*.big.telemetry.microsoft.com a9:55:40:c1:0f:5f:5f:e0:5e:42:63:b5:7d:fd:4e:99:7c:ad:59:cd TLS 1.2
2020-10-01 13:09:38.734 192.168.2.3 [VT] 49718 52.158.208.111 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=*.big.telemetry.microsoft.com a9:55:40:c1:0f:5f:5f:e0:5e:42:63:b5:7d:fd:4e:99:7c:ad:59:cd TLS 1.2
2020-10-01 13:09:39.867 192.168.2.3 [VT] 49719 51.143.111.7 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=*.big.telemetry.microsoft.com a9:55:40:c1:0f:5f:5f:e0:5e:42:63:b5:7d:fd:4e:99:7c:ad:59:cd TLS 1.2
2020-10-01 13:09:41.226 192.168.2.3 [VT] 49720 52.158.208.111 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=*.big.telemetry.microsoft.com a9:55:40:c1:0f:5f:5f:e0:5e:42:63:b5:7d:fd:4e:99:7c:ad:59:cd TLS 1.2
2020-10-01 13:09:41.271 192.168.2.3 [VT] 49723 54.36.123.232 [VT] 443 CN=*.id5-sync.com ab:90:98:19:95:4c:2a:dd:74:57:8f:4c:ab:ab:5c:17:1b:4e:96:2d TLS 1.2
2020-10-01 13:09:41.956 192.168.2.3 [VT] 49724 52.184.221.185 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=*.big.telemetry.microsoft.com a9:55:40:c1:0f:5f:5f:e0:5e:42:63:b5:7d:fd:4e:99:7c:ad:59:cd TLS 1.2
2020-10-01 13:09:42.933 192.168.2.3 [VT] 49725 52.158.208.111 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=*.big.telemetry.microsoft.com a9:55:40:c1:0f:5f:5f:e0:5e:42:63:b5:7d:fd:4e:99:7c:ad:59:cd TLS 1.2
2020-10-01 13:09:58.508 192.168.2.3 [VT] 49726 51.104.139.180 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=arc.msn.com 9a:1e:7b:38:37:01:5f:81:45:98:58:9d:0a:ef:e8:b1:2d:6b:23:b4 TLS 1.2
2020-10-01 13:09:58.508 192.168.2.3 [VT] 49729 51.104.139.180 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=arc.msn.com 9a:1e:7b:38:37:01:5f:81:45:98:58:9d:0a:ef:e8:b1:2d:6b:23:b4 TLS 1.2
2020-10-01 13:09:58.508 192.168.2.3 [VT] 49727 51.104.139.180 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=arc.msn.com 9a:1e:7b:38:37:01:5f:81:45:98:58:9d:0a:ef:e8:b1:2d:6b:23:b4 TLS 1.2
2020-10-01 13:09:58.509 192.168.2.3 [VT] 49728 51.104.139.180 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=arc.msn.com 9a:1e:7b:38:37:01:5f:81:45:98:58:9d:0a:ef:e8:b1:2d:6b:23:b4 TLS 1.2
2020-10-01 13:10:06.997 192.168.2.3 [VT] 49732 92.122.145.220 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=store-images.microsoft.com 95:e6:7e:4a:66:75:ba:9e:3c:c3:5e:8a:b3:79:49:e7:46:85:9f:12 TLS 1.2
2020-10-01 13:10:06.999 192.168.2.3 [VT] 49731 80.239.152.136 [VT] 443 C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net af:32:d5:a4:a0:9a:25:21:bc:3b:49:18:6e:29:7d:df:29:43:47:5e TLS 1.2
2020-10-01 13:10:07.003 192.168.2.3 [VT] 49730 80.239.152.136 [VT] 443 C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net af:32:d5:a4:a0:9a:25:21:bc:3b:49:18:6e:29:7d:df:29:43:47:5e TLS 1.2
2020-10-01 13:10:07.264 192.168.2.3 [VT] 49733 80.239.152.136 [VT] 443 C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net af:32:d5:a4:a0:9a:25:21:bc:3b:49:18:6e:29:7d:df:29:43:47:5e TLS 1.2
2020-10-01 13:10:11.750 192.168.2.3 [VT] 49736 2.18.68.82 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=officecdn.microsoft.com 36:69:57:2c:68:5a:34:58:a6:59:91:59:ba:f4:82:4f:dd:88:1e:7c TLS 1.2

Suricata HTTP

Timestamp Source IP Source Port Destination IP Destination Port Method Status Hostname URI Content Type User Agent Referrer Length
2020-10-01 13:09:41.188 192.168.2.3 [VT] 49721 54.36.123.232 [VT] 80 301 id5-sync.com [VT] / None Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko None 0
Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.2.3 49736 2.18.68.82 443 bd0bf25947d4a37404f0424edf4db9ad unknown
192.168.2.3 49726 51.104.139.180 arc.msn.com 443 9e10692f1b7f78228b2d4e424db3a98c unknown
192.168.2.3 49727 51.104.139.180 arc.msn.com 443 9e10692f1b7f78228b2d4e424db3a98c unknown
192.168.2.3 49728 51.104.139.180 arc.msn.com 443 9e10692f1b7f78228b2d4e424db3a98c unknown
192.168.2.3 49729 51.104.139.180 arc.msn.com 443 9e10692f1b7f78228b2d4e424db3a98c unknown
192.168.2.3 49715 51.143.111.7 443 bd0bf25947d4a37404f0424edf4db9ad unknown
192.168.2.3 49719 51.143.111.7 443 bd0bf25947d4a37404f0424edf4db9ad unknown
192.168.2.3 49717 52.158.208.111 443 bd0bf25947d4a37404f0424edf4db9ad unknown
192.168.2.3 49718 52.158.208.111 443 bd0bf25947d4a37404f0424edf4db9ad unknown
192.168.2.3 49720 52.158.208.111 443 bd0bf25947d4a37404f0424edf4db9ad unknown
192.168.2.3 49725 52.158.208.111 443 bd0bf25947d4a37404f0424edf4db9ad unknown
192.168.2.3 49716 52.184.221.185 443 bd0bf25947d4a37404f0424edf4db9ad unknown
192.168.2.3 49724 52.184.221.185 443 bd0bf25947d4a37404f0424edf4db9ad unknown
192.168.2.3 49723 54.36.123.232 id5-sync.com 443 9e10692f1b7f78228b2d4e424db3a98c unknown
192.168.2.3 49730 80.239.152.136 img-prod-cms-rt-microsoft-com.akamaized.net 443 9e10692f1b7f78228b2d4e424db3a98c unknown
192.168.2.3 49731 80.239.152.136 img-prod-cms-rt-microsoft-com.akamaized.net 443 9e10692f1b7f78228b2d4e424db3a98c unknown
192.168.2.3 49733 80.239.152.136 img-prod-cms-rt-microsoft-com.akamaized.net 443 9e10692f1b7f78228b2d4e424db3a98c unknown
192.168.2.3 49732 92.122.145.220 store-images.s-microsoft.com 443 9e10692f1b7f78228b2d4e424db3a98c unknown
192.168.2.3 49714 52.184.221.185 443 bd0bf25947d4a37404f0424edf4db9ad unknown
Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Processing ( 13.526 seconds )

  • 5.271 Suricata
  • 5.084 NetworkAnalysis
  • 3.077 CAPE
  • 0.088 AnalysisInfo
  • 0.005 Debug
  • 0.001 BehaviorAnalysis

Signatures ( 0.06400000000000002 seconds )

  • 0.011 ransomware_files
  • 0.008 ransomware_extensions
  • 0.006 antiav_detectreg
  • 0.004 antiav_detectfile
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_ftp
  • 0.003 network_torgateway
  • 0.003 territorial_disputes_sigs
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.002 network_dns_opennic
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 geodo_banking_trojan
  • 0.001 browser_security
  • 0.001 disables_backups
  • 0.001 disables_browser_warn
  • 0.001 azorult_mutexes
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name
  • 0.001 network_dns_doh_tls
  • 0.001 revil_mutexes
  • 0.001 recon_checkip

Reporting ( 0.972 seconds )

  • 0.972 PCAP2CERT