Advanced File Analysis System | Valkyrie

File Name: 9ea7d8ba25a4bad3016c138b414c5613d1b9df79

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 9ea7d8ba25a4bad3016c138b414c5613d1b9df79

MD5: 5b1a0d21643c69a853ebdad223d6bbc0

Download Kill Chain Report

Contacted IPs

Network Port Distribution

Name	IP	Country	ASN	ASN Name	Trigger Process Type
	8.8.4.4	United States	15169	Level 3 Parent, LLC	Malware Process
	23.215.130.203	United States	20940	Akamai Technologies, Inc.	OS Process
	52.218.52.154	Ireland	16509	Amazon Technologies Inc.	Malware Process
ctldl.windowsupdate.com	63.238.216.8	United States	209	Qwest Communications Company, LLC	OS Process
crl4.digicert.com	66.225.197.197	United States	30081	Server Central Network	Malware Process
crl3.digicert.com	72.21.91.29	United States	15133	MCI Communications Services, Inc. d/b/a Verizon Business	Malware Process
ocsp.digicert.com	72.21.91.29	United States	15133	MCI Communications Services, Inc. d/b/a Verizon Business	Malware Process
s3-eu-west-1.amazonaws.com	52.218.52.44	Ireland	16509	Amazon Technologies Inc.	Malware Process

HTTP Packets

Host	Port	Method	Version	User Agent	Count	Call Time During Execution(Sec)
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	21.0993249416
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?65c5493cec8ec257 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?65c5493cec8ec257
ocsp.digicert.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	27.6102149487
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAGC%2BAmOouYmuRo7J4Qfua8%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAGC%2BAmOouYmuRo7J4Qfua8%3D
ocsp.digicert.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	33.9702329636
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuqL92L3tjkN67RNFF%2FEdvT6NEzAQUwBKyKHRoRmfpcCV0GgBFWwZ9XEQCEA7cK%2FJk9VZxucRii0Q9yCY%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuqL92L3tjkN67RNFF%2FEdvT6NEzAQUwBKyKHRoRmfpcCV0GgBFWwZ9XEQCEA7cK%2FJk9VZxucRii0Q9yCY%3D
crl3.digicert.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	34.4035670757
Path: /DigiCertBaltimoreCA-2G2.crl URI: http://crl3.digicert.com/DigiCertBaltimoreCA-2G2.crl
crl4.digicert.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	34.4569809437
Path: /DigiCertBaltimoreCA-2G2.crl URI: http://crl4.digicert.com/DigiCertBaltimoreCA-2G2.crl

DNS Queries/Answers

Request	Type
s3-eu-west-1.amazonaws.com	A
Answers - 52.218.52.154 (A)
ctldl.windowsupdate.com	A
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - 23.215.130.195 (A) - a1621.g.akamai.net (CNAME) - ctldl.windowsupdate.com.edgesuite.net (CNAME) - 23.215.130.203 (A)
ocsp.digicert.com	A
Answers - cs9.wac.phicdn.net (CNAME) - 72.21.91.29 (A)
crl3.digicert.com	A
crl4.digicert.com	A
Answers - digicert.cachefly.net (CNAME) - 66.225.197.197 (A) - rvip1.ue.cachefly.net (CNAME)

TCP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
12.7196469307	Sandbox	52.218.52.154	443
21.0993249416	Sandbox	23.215.130.203	80
27.6102149487	Sandbox	72.21.91.29	80
34.2285599709	Sandbox	52.218.52.154	443
34.4035670757	Sandbox	72.21.91.29	80
34.4569809437	Sandbox	66.225.197.197	80

UDP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
3.06670308113	Sandbox	224.0.0.252	5355
3.0874080658	Sandbox	224.0.0.252	5355
3.09290909767	Sandbox	239.255.255.250	3702
3.1280310154	Sandbox	192.168.56.255	137
5.64674401283	Sandbox	224.0.0.252	5355
6.14324498177	Sandbox	192.168.56.255	138
9.73594307899	Sandbox	224.0.0.252	5355
12.5801029205	Sandbox	8.8.4.4	53
15.3915688992	Sandbox	224.0.0.252	5355
18.2519989014	Sandbox	224.0.0.252	5355
21.0172488689	Sandbox	8.8.4.4	53
21.9707429409	Sandbox	224.0.0.252	5355
24.8315870762	Sandbox	224.0.0.252	5355
27.5660190582	Sandbox	8.8.4.4	53
28.4390189648	Sandbox	224.0.0.252	5355
31.3295559883	Sandbox	224.0.0.252	5355
34.3144218922	Sandbox	8.8.4.4	53
34.3921279907	Sandbox	8.8.4.4	53

Loading...