URL Details

URL
https://google.com

Score

This url appears fairly benign with a score of 0.4 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
URL Feb. 23, 2019, 4:11 a.m. Feb. 23, 2019, 4:16 a.m. 259 seconds

Machine

Name Label Started On Shutdown On
win7x64 win7x64 2019-02-23 04:11:57 2019-02-23 04:16:16

Analyzer Log

2019-02-22 20:11:56,062 [analyzer] DEBUG: Starting analyzer from: C:\wwyvk
2019-02-22 20:11:56,124 [analyzer] DEBUG: Pipe server name: \\.\PIPE\SUmddEKstkokOGoTBIrKQImwPy
2019-02-22 20:11:56,124 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\gRwjcgkfMrceSwmxIiASogRtmEiOpL
2019-02-22 20:11:56,140 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2019-02-22 20:11:56,140 [analyzer] INFO: Automatically selected analysis package "ie"
2019-02-22 20:11:58,059 [analyzer] DEBUG: Started auxiliary module Disguise
2019-02-22 20:11:58,542 [analyzer] DEBUG: Loaded monitor into process with pid 508
2019-02-22 20:11:58,542 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-02-22 20:11:58,542 [analyzer] DEBUG: Started auxiliary module Human
2019-02-22 20:11:58,542 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-02-22 20:11:58,542 [analyzer] DEBUG: Started auxiliary module Reboot
2019-02-22 20:11:58,838 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-02-22 20:11:58,838 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2019-02-22 20:11:58,838 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-02-22 20:11:59,056 [lib.api.process] INFO: Successfully executed process from path 'C:\\Program Files\\Internet Explorer\\iexplore.exe' with arguments ['https://google.com'] and pid 2356
2019-02-22 20:11:59,368 [analyzer] DEBUG: Loaded monitor into process with pid 2356
2019-02-22 20:11:59,525 [analyzer] DEBUG: Ignoring process "C:\Windows\System32\ie4uinit.exe" -ShowQLIcon!
2019-02-22 20:12:03,674 [analyzer] DEBUG: Following legitimate iexplore process: "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2356 CREDAT:79873!
2019-02-22 20:12:03,736 [analyzer] INFO: Injected into process with pid 2496 and name u'iexplore.exe'
2019-02-22 20:12:03,940 [analyzer] DEBUG: Loaded monitor into process with pid 2496
2019-02-22 20:12:04,625 [analyzer] INFO: Added new file to list with pid 2356 and path C:\Users\zamen\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2A80DF58-3721-11E9-B036-0050569395D7}.dat
2019-02-22 20:12:04,720 [analyzer] INFO: Added new file to list with pid 2356 and path C:\Users\zamen\AppData\Local\Temp\~DF9451491418A8E7F6.TMP
2019-02-22 20:12:06,670 [analyzer] INFO: Added new file to list with pid 2356 and path C:\Users\zamen\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2A80DF59-3721-11E9-B036-0050569395D7}.dat
2019-02-22 20:12:06,700 [analyzer] INFO: Added new file to list with pid 2356 and path C:\Users\zamen\AppData\Local\Temp\~DF25C0C249718ACE0B.TMP
2019-02-22 20:16:01,450 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2019-02-22 20:16:04,539 [lib.api.process] INFO: Memory dump of process with pid 2356 completed
2019-02-22 20:16:08,190 [lib.api.process] INFO: Memory dump of process with pid 2496 completed
2019-02-22 20:16:08,190 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-02-22 20:16:08,190 [lib.api.process] INFO: Successfully terminated process with pid 2356.
2019-02-22 20:16:08,190 [lib.api.process] INFO: Successfully terminated process with pid 2496.
2019-02-22 20:16:08,190 [analyzer] INFO: Error dumping file from path "c:\users\zamen\appdata\local\temp\~df9451491418a8e7f6.tmp": [Errno 13] Permission denied: u'c:\\users\\zamen\\appdata\\local\\temp\\~df9451491418a8e7f6.tmp'
2019-02-22 20:16:08,190 [analyzer] INFO: Error dumping file from path "c:\users\zamen\appdata\local\temp\~df25c0c249718ace0b.tmp": [Errno 13] Permission denied: u'c:\\users\\zamen\\appdata\\local\\temp\\~df25c0c249718ace0b.tmp'
2019-02-22 20:16:08,190 [analyzer] INFO: Analysis completed.

Cuckoo Log

2019-02-23 04:11:57,062 [lib.cuckoo.core.scheduler] INFO: Task #1287: acquired machine win7x64 (label=win7x64)
2019-02-23 04:11:57,150 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 27607 (interface=eth2, host=192.168.128.109, pcap=/opt/cuckoo/storage/analyses/1287/dump.pcap)
2019-02-23 04:12:02,676 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7x64, ip=192.168.128.109)
2019-02-23 04:16:11,468 [lib.cuckoo.core.resultserver] WARNING: Uploaded file length larger than upload_max_size, stopping upload.
2019-02-23 04:16:15,044 [lib.cuckoo.core.resultserver] WARNING: Uploaded file length larger than upload_max_size, stopping upload.
2019-02-23 04:16:15,514 [lib.cuckoo.core.guest] INFO: win7x64: analysis completed successfully
2019-02-23 04:16:20,450 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-02-23 04:16:21,899 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c4d1510>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-23 04:16:21,900 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c4d16d0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-23 04:16:21,900 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c4d1450>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-23 04:16:21,901 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c4d12d0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-02-23 04:16:21,902 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937c4d12d0>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937c4d12d0>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

Executes javascript (5 events)
Time & API Arguments Status Return Repeated
Feb. 22, 2019, 11:05 p.m.
COleScript_Compile
type: JScript - window script block
script:
//Split out for localization.
var L_GOBACK_TEXT = "Go back to the previous page.";
var L_REFRESH_TEXT = "Refresh the page.";
var L_MOREINFO_TEXT = "More information";
var L_OFFLINE_USERS_TEXT = "For offline users";
var L_RELOAD_TEXT = "Retype the address.";
var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";
var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";
var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";
var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";

//used by invalidcert.js
var L_CertUnknownCA_TEXT = "The security certificate presented by this website was not issued by a trusted certificate authority.";
var L_CertExpired_TEXT = "The security certificate presented by this website has expired or is not yet valid.";
var L_CertCNMismatch_TEXT = "The security certificate presented by this website was issued for a different website's address.";
var L_CertRevoked_TEXT = "This organization's certificate has been revoked.";

var L_PhishingThreat_TEXT = "Phishing threat: This is a phishing website that impersonates a trusted website to trick you into revealing personal or financial information.";
var L_MalwareThreat_TEXT = "Malicious software threat: This site contains links to viruses or other software programs that can reveal personal information stored or typed on your computer to malicious persons.";

var L_ACR_Title_TEXT = "We were unable to return you to %s.";
var L_ACR_TitleFallback_TEXT = "We were unable to return you to the page you were viewing.";
var L_ACR_ReturnTo_TEXT = "Try to return to %s";
var L_ACR_ReturnToFallback_TEXT = "Try to return to the page you were viewing";
var L_ACR_GoHome_TEXT = "Go to your home page";

success 0 0
Feb. 22, 2019, 11:05 p.m.
COleScript_Compile
type: JScript - window script block
script:
//Need to include errorPageStrings.js when you include this file

function isExternalUrlSafeForNavigation(urlStr)
{
    var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");
    return regEx.exec(urlStr);
}

function clickRefresh()
{
    var location = window.location.href;
    var poundIndex = location.indexOf('#');
    
    if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))
    {
        window.location.replace(location.substring(poundIndex+1));
    }
}

function navCancelInit()
{
    var location = window.location.href;
    var poundIndex = location.indexOf('#');
    
    if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))
    {
        var bElement = document.createElement("A");
        bElement.innerText = L_REFRESH_TEXT;
        bElement.href = 'javascript:clickRefresh()';
        navCancelContainer.appendChild(bElement);
    }
    else
    {
        var textNode = document.createTextNode(L_RELOAD_TEXT);
        navCancelContainer.appendChild(textNode);
    }
}

function expandCollapse(elem, changeImage)
{
    if (document.getElementById)
    {
        ecBlock = document.getElementById(elem);

        if (ecBlock != undefined && ecBlock != null)
        {
            if (changeImage)
            {
                //gets the image associated
                elemImage = document.getElementById(elem + "Image");
            }

            //make sure elemImage is good
            if (!changeImage || (elemImage != undefined && elemImage != null))
            {
                if (ecBlock.currentStyle.display == "none" || ecBlock.currentStyle.display == null || ecBlock.currentStyle.display == "")
                {
                    //shows the info.
                    ecBlock.style.display = "block";
                    if (changeImage)
                    {
                        //Just got in expanded mode. Thus, change image to "collapse"
                        elemImage.src = "up.png";
                    }
                }
                else if (ecBlock.currentStyle.display == "block")
                {
                    //hide info
                    ecBlock.style.display = "none";
                    if (changeImage)
                    {
                        //Just got in collapsed mode. Thus, change image to "expand"
                        elemImage.src = "down.png";
                    }
                }
                else
                {
                    //catch any weird circumstances.
                    ecBlock.style.display = "block";
                    if (changeImage)
                    {
                        elemImage.src = "up.png";
                    }
                }
            }//end check elemImage
        }//end check ecBlock
    }//end getElemById
}//end expandCollapse


function initHomepage()
{
    // in real bits, urls get returned to our script like this:
    // res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm

    //For testing use
    //DocURL = "res://shdocvw.dll/http_404.htm#http://www.microsoft.com/bar.htm"
    DocURL=document.location.href;

    var poundIndex = DocURL.indexOf('#');
    
    if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))
    {
   
       //this is where the http or https will be, as found by searching for :// but skipping the res://
       protocolIndex=DocURL.indexOf("://", 4);
   
       //this finds the ending slash for the domain server
       serverIndex=DocURL.indexOf("/", protocolIndex + 3);
   
       //for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
       //of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
       //urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
       BeginURL=DocURL.indexOf("#",1) + 1;
       urlresult=DocURL.substring(BeginURL, serverIndex);
       if (protocolIndex - BeginURL > 7)
           urlresult="";

        //for display, we need to skip after http://, and go to the next slash
       displayresult=DocURL.substring(protocolIndex + 3, serverIndex);
    } 
    else
    {
       displayresult = "";
       urlresult = "";
    }

    var aElement = document.createElement("A");

    aElement.innerText = displayresult;
    aElement.href = urlresult;

    homepageContainer.appendChild(aElement);
}


function initConnectionStatus()
{

    if (navigator.onLine) //the network connection is connected
    {
        checkConnection.innerText = L_CONNECTION_ON_TEXT;
    }
    else
    {
        checkConnection.innerText = L_CONNECTION_OFF_TEXT;
    }
}

function initGoBack()
{
    //fills in the span container for "back to previous page"
    //Basically, makes "back to previous page" a clickable item IF there's something in the navstack.

    if (history.length < 1)
    {
        //this page is the only thing. Nothing in history.
        var textNode = document.createTextNode(L_GOBACK_TEXT);
        goBackContainer.appendChild(textNode);
    }
    else
    {
        var bElement = document.createElement("A");
        bElement.innerText = L_GOBACK_TEXT ;
        bElement.href = "javascript:history.back();";
        goBackContainer.appendChild(bElement);
    }
}

function initMoreInfo(infoBlockID)
{
    var bElement = document.createElement("A");
    bElement.innerText = L_MOREINFO_TEXT;
    bElement.href = "javascript:expandCollapse(\'infoBlockID\', true);";
    moreInfoContainer.appendChild(bElement);				
}

function initOfflineUser(offlineUserID)
{
    var bElement = document.createElement("A");
    bElement.innerText = L_OFFLINE_USERS_TEXT;
    bElement.href = "javascript:expandCollapse('offlineUserID', true);";
    offlineUserContainer.appendChild(bElement);
}

function initUnframeContent()
{
    var location = window.location.href;
    var poundIndex = location.indexOf('#');
    
    if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))
    {
        document.all.whatToDoIntro.style.display="block";
        document.all.whatToDoBody.style.display="block";
    }
}

function makeNewWindow()
{
    var location = window.location.href;
    var poundIndex = location.indexOf('#');
    
    if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))
    {
        window.open(location.substring(poundIndex+1));
    }
}

function setTabInfo(tabInfoBlockID)
{
    //removes the previous tabInfo text
    var bPrevElement = document.getElementById("tabInfoTextID");
    var bPrevImage   = document.getElementById("tabInfoBlockIDImage");

    if (bPrevElement != null)
    {
        tabInfoContainer.removeChild(bPrevElement);
    }

    if (bPrevImage != null)
    {
        tabImageContainer.removeChild(bPrevImage);
    }

    var bElement = document.createElement("A");
    var bImageElement = document.createElement("IMG");

    var ecBlock = document.getElementById(tabInfoBlockID);

    //determines if the block is closed
    if ((ecBlock != undefined && ecBlock != null) &&
        (ecBlock.currentStyle.display == "none" || ecBlock.currentStyle.display == null || ecBlock.currentStyle.display == ""))
    {
        bElement.innerText = L_SHOW_HOTKEYS_TEXT;
        bImageElement.alt = L_SHOW_HOTKEYS_TEXT;
        bImageElement.src="down.png";
    }
    else
    {
        bElement.innerText = L_HIDE_HOTKEYS_TEXT;
        bImageElement.alt = L_HIDE_HOTKEYS_TEXT;
        bImageElement.src="up.png";
    }

    bElement.id = "tabInfoTextID";
    bElement.href = "javascript:expandCollapse(\'tabInfoBlockID\', false); setTabInfo('tabInfoBlockID');";


    bImageElement.id="tabInfoBlockIDImage";
    bImageElement.border="0";
    bImageElement.className="actionIcon";

    tabInfoContainer.appendChild(bElement);
    tabImageContainer.appendChild(bImageElement);
}

function diagnoseConnection()
{
    window.external.DiagnoseConnection();
}

function diagnoseConnectionAndRefresh()
{
    window.external.DiagnoseConnection();
    if (navigator.onLine) //network connection is connected
    {
        clickRefresh();
    }
}

success 0 0
Feb. 22, 2019, 11:05 p.m.
COleScript_Compile
type: JScript - onload function
script:
function onload()
{
initMoreInfo('infoBlockID');
}

success 0 0
Feb. 22, 2019, 11:05 p.m.
COleScript_Compile
type: JScript - onclick function
script:
function onclick()
{
diagnoseConnectionAndRefresh(); return false;
}

success 0 0
Feb. 22, 2019, 11:05 p.m.
COleScript_Compile
type: JScript - onclick function
script:
function onclick()
{
expandCollapse('infoBlockID', true); return false;
}

success 0 0

Screenshots

No screenshots available.

Network

DNS

Name Response Post-Analysis Lookup
www.bing.com 204.79.197.200
google.com 172.217.16.174

Hosts

No hosts contacted.

Summary

Process iexplore.exe (2356)

  • Opened files

    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
    • C:\
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\History\Low
    • C:\Users\zamen\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
    • C:\Users\zamen\Favorites\Links for United States\USA.gov.url
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
    • C:\Users\zamen\AppData\Local\
    • C:\Users\zamen\Favorites\MSN Websites\MSN Money.url
    • C:\Users\zamen\Favorites\Microsoft Websites\IE Add-on site.url
    • C:\Users\zamen\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
    • C:\Users\zamen
    • C:\Users\zamen\Favorites\MSN Websites\MSN Sports.url
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
    • C:\Windows\System32\shell32.dll
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
    • C:\Users\zamen\Favorites\Links
    • C:\Program Files\
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\History\
    • C:\Users\zamen\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
    • C:\Windows\System32\wininet.dll
    • C:\Windows\System32\oleaccrc.dll
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    • C:\Windows\Globalization\Sorting\sortdefault.nls
    • C:\Windows\System32\url.dll
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\History
    • C:\Users\zamen\Favorites\Links for United States\
    • C:\Windows\System32\ieframe.dll
    • C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll
    • C:\Users\zamen\AppData\
    • C:\Users\zamen\AppData\Roaming\Microsoft\
    • C:\Users\zamen\Favorites\Windows Live\Windows Live Spaces.url
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
    • C:\Users\zamen\Favorites\Windows Live\Windows Live Gallery.url
    • C:\Users\zamen\Favorites\Microsoft Websites\
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\Cookies\
    • C:\Users\zamen\Favorites\MSN Websites\MSN Autos.url
    • C:\Users\zamen\AppData\Local\Temp
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\
    • C:\Users\zamen\Favorites\Links for United States\GobiernoUSA.gov.url
    • C:\Windows\System32\en-US\MSCTF.dll.mui
    • C:\Users\zamen\Favorites\Links\Web Slice Gallery.url
    • C:\Users\zamen\AppData\Local\Microsoft\
    • C:\Users\zamen\Favorites\Microsoft Websites\Microsoft Store.url
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\IETldCache
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\IECompatCache\
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    • C:\Windows\System32\stdole2.tlb
    • C:\Windows\Fonts\staticcache.dat
    • C:\Users\zamen\AppData\Local
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\History\History.IE5\
    • C:\Users\zamen\Desktop
    • C:\Program Files\Java\jre1.8.0_111\bin\
    • C:\Users\zamen\Favorites\
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\PrivacIE
    • C:\Users\zamen\AppData\Local\Microsoft\Feeds Cache\
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
    • C:\Users\zamen\AppData\Roaming\Microsoft\Network\Connections\Pbk\
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\IETldCache\
    • C:\Users\zamen\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
    • C:\Users\zamen\AppData\Roaming\Microsoft
    • C:\Users\zamen\Desktop\desktop.ini
    • C:\Users\zamen\Favorites\Links\
    • C:\Users\zamen\AppData\Roaming
    • C:\Windows\System32\en-US\urlmon.dll.mui
    • C:\Users\zamen\Favorites\Windows Live\
    • C:\Users\
    • C:\Users\zamen\Favorites\Links\desktop.ini
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
    • C:\Users
    • C:\Users\zamen\Favorites\Windows Live\Windows Live Mail.url
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\History\Low\
    • C:\Users\zamen\AppData\Roaming\
    • C:\Users\desktop.ini
    • C:\Users\zamen\Favorites\Microsoft Websites\Microsoft At Home.url
    • C:\Program Files\Java\jre1.8.0_111\
    • \??\FDC#GENERIC_FLOPPY_DRIVE#6&3b4c39bd&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
    • C:\Users\zamen\AppData\Local\Temp\Low\
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\IECompatCache
    • C:\Users\zamen\Favorites\MSN Websites\MSN Entertainment.url
    • C:\Windows\System32\ras\
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\Cookies\Low\
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\IETldCache\Low
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\PrivacIE\
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\
    • C:\Users\zamen\AppData\Local\Microsoft
    • C:\Users\zamen\Favorites\Microsoft Websites\IE site on Microsoft.com.url
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\Cookies
    • C:\Users\zamen\AppData\Local\Microsoft\Windows
    • C:\Users\zamen\Favorites
    • C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\Cookies\Low
    • C:\Users\zamen\AppData
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Temporary Internet Files\
    • C:\Users\zamen\Favorites\MSN Websites\
    • C:\Users\zamen\Favorites\Microsoft Websites\Microsoft At Work.url
    • C:\Users\zamen\AppData\Local\Temp\
    • C:\Users\zamen\Favorites\MSN Websites\MSN.url
    • C:\Users\zamen\Favorites\MSN Websites\MSNBC News.url
    • C:\Users\zamen\AppData\Local\Microsoft\Feeds Cache\index.dat
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    • C:\Users\zamen\Favorites\desktop.ini
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
    • C:\Users\zamen\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
    • C:\Users\zamen\AppData\Local\Microsoft\Windows\Temporary Internet Files
    • C:\Users\zamen\AppData\Local\Temp\Low
    • C:\Users\zamen\Favorites\Windows Live\Get Windows Live.url
    • C:\Users\zamen\
  • Written files

    • C:\Users\zamen\AppData\Local\Temp\~DF9451491418A8E7F6.TMP
    • C:\Users\zamen\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2A80DF58-3721-11E9-B036-0050569395D7}.dat
    • C:\Users\zamen\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2A80DF59-3721-11E9-B036-0050569395D7}.dat
    • C:\Users\zamen\AppData\Local\Temp\~DF25C0C249718ACE0B.TMP

Process iexplore.exe (2356)

Process iexplore.exe (2356)

Process iexplore.exe (2356)

Process iexplore.exe (2356)

  • Processes created

    • "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2356 CREDAT:79873
  • DLLs Loaded

    • IEFRAME.dll
    • C:\Windows\System32\fwpuclnt.dll
    • sensapi.dll
    • urlmon.dll
    • propsys.dll
    • C:\Windows\System32\mswsock.dll
    • apphelp.dll
    • CRYPT32.dll
    • rasadhlp.dll
    • Shell32.dll
    • kernel32.dll
    • comdlg32.dll
    • CRYPTBASE.dll
    • C:\Windows\System32\wshtcpip.dll
    • C:\Windows\system32\ole32.dll
    • dwmapi.dll
    • NTDLL.DLL
    • shlwapi.dll
    • C:\Windows\system32\napinsp.dll
    • iphlpapi
    • ntmarta.dll
    • API-MS-WIN-Service-Management-L1-1-0.dll
    • C:\Program Files\Internet Explorer\ieproxy.dll
    • PROPSYS.dll
    • USP10.dll
    • WININET.dll
    • C:\Windows\System32\wship6.dll
    • dnsapi
    • API-MS-Win-Core-LocalRegistry-L1-1-0.dll
    • msfeeds.dll
    • SspiCli.dll
    • ole32.dll
    • CRYPTSP.dll
    • USER32.dll
    • IMM32.dll
    • C:\Program Files\Internet Explorer\sqmapi.dll
    • API-MS-Win-Security-SDDL-L1-1-0.dll
    • C:\Windows\system32\pnrpnsp.dll
    • RASMAN.DLL
    • msctf.dll
    • rtutils.dll
    • IPHLPAPI.DLL
    • API-MS-WIN-Service-winsvc-L1-1-0.dll
    • wininet.dll
    • SHELL32.DLL
    • C:\Windows\system32\xmllite.dll
    • RASAPI32.dll
    • OLEAUT32.dll
    • profapi.dll
    • SHELL32.dll
    • RPCRT4.dll
    • DNSAPI.dll
    • C:\Windows\System32\winrnr.dll
    • IEUI.dll
    • comctl32.dll
    • C:\Windows\system32\oleaut32.dll
    • C:\Windows\system32\NLAapi.dll
    • C:\Windows\system32\IEUI.dll
    • VERSION.dll
    • ws2_32
    • MLANG.dll
    • UXTHEME.DLL
    • UxTheme.dll
    • Normaliz.dll
    • C:\Windows\system32\mswsock.dll
    • SXS.DLL
    • ADVAPI32.dll
    • rpcrt4.dll
    • advapi32
    • SETUPAPI.dll
    • WS2_32.dll
    • C:\Windows\system32\MSCTF.dll
    • user32.dll
    • MSIMG32.dll
No static analysis available.
Antivirus Result
CLEAN MX Clean Site
DNS8 Clean Site
VX Vault Clean Site
ZDB Zeus Clean Site
Tencent Clean Site
Netcraft Unrated Site
desenmascara_me Clean Site
Dr_Web Clean Site
PhishLabs Unrated Site
Zerofox Clean Site
K7AntiVirus Clean Site
Virusdie External Site Scan Clean Site
SCUMWARE_org Clean Site
Quttera Clean Site
AegisLab WebGuard Clean Site
MalwareDomainList Clean Site
ZeusTracker Clean Site
zvelo Clean Site
Google Safebrowsing Clean Site
Kaspersky Clean Site
BitDefender Clean Site
Certly Clean Site
G-Data Clean Site
C-SIRT Clean Site
OpenPhish Clean Site
Malware Domain Blocklist Clean Site
MalwarePatrol Clean Site
Trustwave Clean Site
Web Security Guard Clean Site
CyRadar Clean Site
ADMINUSLabs Clean Site
Malwarebytes hpHosts Clean Site
Opera Clean Site
AlienVault Clean Site
Emsisoft Clean Site
Malc0de Database Clean Site
Spam404 Clean Site
Phishtank Clean Site
Malwared Clean Site
Avira Clean Site
NotMining Unrated Site
CyberCrime Clean Site
Antiy-AVL Clean Site
Forcepoint ThreatSeeker Clean Site
FraudSense Clean Site
malwares_com URL checker Clean Site
Comodo Site Inspector Clean Site
Malekal Clean Site
ESET Clean Site
Sophos Unrated Site
Yandex Safebrowsing Clean Site
SecureBrain Clean Site
Nucleon Clean Site
Sucuri SiteCheck Clean Site
Blueliv Clean Site
ZCloudsec Clean Site
AutoShun Unrated Site
ThreatHive Clean Site
FraudScore Clean Site
Rising Clean Site
URLQuery Unrated Site
StopBadware Unrated Site
Fortinet Clean Site
ZeroCERT Clean Site
Baidu-International Clean Site
securolytics Clean Site

Process Tree


iexplore.exe, PID: 2356, Parent PID: 2308

default registry file network process services synchronisation iexplore office pdf

iexplore.exe, PID: 2496, Parent PID: 2356

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

Name Response Post-Analysis Lookup
www.bing.com 204.79.197.200
google.com 172.217.16.174

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.109 52096 192.168.128.111 53
192.168.128.109 60112 192.168.128.111 53
192.168.128.109 64209 192.168.128.111 53
192.168.128.109 137 192.168.128.255 137
192.168.128.109 138 192.168.128.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name 1a3be36c7467051f_recoverystore.{2a80df58-3721-11e9-b036-0050569395d7}.dat
Filepath C:\Users\zamen\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2A80DF58-3721-11E9-B036-0050569395D7}.dat
Size 3.5KB
Processes 2356 (iexplore.exe)
Type Composite Document File V2 Document, No summary info
MD5 f249d5459744e777a84bd2e7a4c287e9
SHA1 6bcfd0ebcd9ee46863de3ce4c4edfe4fb2006048
SHA256 1a3be36c7467051fb19c6f01801f9c2a2313c6592d6545d181934d6625cbeafc
CRC32 3E0D0AB7
ssdeep 12:rl0YmGF20HrEg5+IaCrI017+F5FsDrEgmf+IaCy8qgQNlTqF2:rI0H5/EYGv/TQNlWF2
Yara
  • maldoc_OLE_file_magic_number -
VirusTotal Search for analysis
Name 61f1667b3261338c_{2a80df59-3721-11e9-b036-0050569395d7}.dat
Filepath C:\Users\zamen\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2A80DF59-3721-11E9-B036-0050569395D7}.dat
Size 4.5KB
Processes 2356 (iexplore.exe)
Type Composite Document File V2 Document, No summary info
MD5 de562970803eca798dad805c23f7d89b
SHA1 495af6e86fd0c6d77c85d89f0abfdb3d66026c06
SHA256 61f1667b3261338c809abfe16e165b8734f0ad87664857539aa88cdb55ee1cfb
CRC32 5A57C8D1
ssdeep 12:rlfFKrrEgmfR16FxsDrEgmfR1qjNlYfO8Nlj9aAuDG:r6GMYGENlj8NlxapD
Yara
  • maldoc_OLE_file_magic_number -
VirusTotal Search for analysis
Sorry! No dropped buffers.
Task ID 1287
Mongo ID 5c710f6611d30812ab71f822
Cuckoo release 2.0-dev