Advanced File Analysis System | Valkyrie

File Name: aHT0uuO9iQ.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 9f75d272645b1dbcb6fb63f60ab7873982f13c08

MD5: a286f6e999f60d56ce6e7e798d0a5c6d

Download Kill Chain Report

Contacted IPs

Network Port Distribution

Name	IP	Country	ASN	ASN Name	Trigger Process Type
	139.59.208.246	Germany	14061	DigitalOcean, LLC	Malware Process
	8.8.4.4	United States	15169	Level 3 Parent, LLC	Malware Process
	23.67.250.184	United States	20940	Akamai Technologies, Inc.	Malware Process
	47.74.235.198	Singapore	45102	Alibaba.com LLC	Malware Process
	23.67.250.154		20940	Akamai Technologies, Inc.	Malware Process

HTTP Packets

Host	Port	Method	Version	User Agent	Count	Call Time During Execution(Sec)
www.msftncsi.com	80	GET	1.1	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	26.0195441246
Path: /ncsi.txt URI: http://www.msftncsi.com/ncsi.txt
connectionfailed.bit	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	33.1671309471
Path: / URI: http://connectionfailed.bit/

DNS Queries/Answers

Request	Type
www.msftncsi.com	A
Answers - 23.67.250.184 (A) - 23.67.250.154 (A) - www.msftncsi.com.edgesuite.net (CNAME) - a1961.g2.akamai.net (CNAME)
connectionfailed.bit	A
Answers - 47.74.235.198 (A)

TCP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
26.0195441246	Sandbox	23.67.250.184	80
33.1671309471	Sandbox	47.74.235.198	80

UDP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
6.96763205528	Sandbox	224.0.0.252	5355
6.97456097603	Sandbox	192.168.56.255	137
7.17297911644	Sandbox	224.0.0.252	5355
7.17685008049	Sandbox	239.255.255.250	3702
9.72813200951	Sandbox	224.0.0.252	5355
12.975908041	Sandbox	192.168.56.255	138
25.8954460621	Sandbox	8.8.4.4	53
32.7731409073	Sandbox	139.59.208.246	53

Loading...