Windows
Analysis Report
7ITPeT3VWW.exe
Overview
General Information
Sample name: | 7ITPeT3VWW.exerenamed because original name is a hash value |
Original sample name: | 30732747ca33bd37a757c90aada0c604.exe |
Analysis ID: | 1417423 |
MD5: | 30732747ca33bd37a757c90aada0c604 |
SHA1: | b175606037f75bc349b5221aa999334d961c471b |
SHA256: | 3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047 |
Tags: | 32exetrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 7ITPeT3VWW.exe (PID: 7268 cmdline:
"C:\Users\ user\Deskt op\7ITPeT3 VWW.exe" MD5: 30732747CA33BD37A757C90AADA0C604) - WerFault.exe (PID: 7452 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 268 -s 176 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["pillowbrocccolipe.shop", "communicationgenerwo.shop", "diskretainvigorousiw.shop", "affordcharmcropwo.shop", "dismissalcylinderhostw.shop", "enthusiasimtitleow.shop", "worryfillvolcawoi.shop", "cleartotalfisherwo.shop", "wagonglidemonkywo.shop"], "Build id": "P6Mk0M--key"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 0_2_004162C7 |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Directory queried: |
Source: | Code function: | 0_2_004381B0 | |
Source: | Code function: | 0_2_004162C7 | |
Source: | Code function: | 0_2_0041B6AF | |
Source: | Code function: | 0_2_00409BC0 | |
Source: | Code function: | 0_2_00402CD0 | |
Source: | Code function: | 0_2_00419E30 | |
Source: | Code function: | 0_2_0041EFD0 | |
Source: | Code function: | 0_2_0042404C | |
Source: | Code function: | 0_2_00411007 | |
Source: | Code function: | 0_2_00424038 | |
Source: | Code function: | 0_2_004210E3 | |
Source: | Code function: | 0_2_004110A3 | |
Source: | Code function: | 0_2_004231D2 | |
Source: | Code function: | 0_2_00414190 | |
Source: | Code function: | 0_2_004171A5 | |
Source: | Code function: | 0_2_0041B230 | |
Source: | Code function: | 0_2_004122E0 | |
Source: | Code function: | 0_2_004232E4 | |
Source: | Code function: | 0_2_00422355 | |
Source: | Code function: | 0_2_00422355 | |
Source: | Code function: | 0_2_004183C0 | |
Source: | Code function: | 0_2_0042E3D0 | |
Source: | Code function: | 0_2_004223FC | |
Source: | Code function: | 0_2_00423381 | |
Source: | Code function: | 0_2_00414397 | |
Source: | Code function: | 0_2_00421418 | |
Source: | Code function: | 0_2_0042342A | |
Source: | Code function: | 0_2_00422328 | |
Source: | Code function: | 0_2_00432600 | |
Source: | Code function: | 0_2_00402620 | |
Source: | Code function: | 0_2_0041D634 | |
Source: | Code function: | 0_2_004206F1 | |
Source: | Code function: | 0_2_004206F1 | |
Source: | Code function: | 0_2_004226A7 | |
Source: | Code function: | 0_2_004226A4 | |
Source: | Code function: | 0_2_00421770 | |
Source: | Code function: | 0_2_0041D878 | |
Source: | Code function: | 0_2_00421FEE | |
Source: | Code function: | 0_2_0041F94E | |
Source: | Code function: | 0_2_004149A0 | |
Source: | Code function: | 0_2_00420A55 | |
Source: | Code function: | 0_2_00433A9A | |
Source: | Code function: | 0_2_0041DBCB | |
Source: | Code function: | 0_2_00433A95 | |
Source: | Code function: | 0_2_0040DF20 | |
Source: | Code function: | 0_2_0041FFD9 | |
Source: | Code function: | 0_2_00421FF3 | |
Source: | Code function: | 0_2_00423FF3 | |
Source: | Code function: | 0_2_021AF237 | |
Source: | Code function: | 0_2_021B225A | |
Source: | Code function: | 0_2_021B425A | |
Source: | Code function: | 0_2_021B0245 | |
Source: | Code function: | 0_2_021A126E | |
Source: | Code function: | 0_2_021B429F | |
Source: | Code function: | 0_2_021B42B3 | |
Source: | Code function: | 0_2_021A130A | |
Source: | Code function: | 0_2_021B134A | |
Source: | Code function: | 0_2_021A43F7 | |
Source: | Code function: | 0_2_021AA097 | |
Source: | Code function: | 0_2_0219E187 | |
Source: | Code function: | 0_2_021BE637 | |
Source: | Code function: | 0_2_021A8627 | |
Source: | Code function: | 0_2_021B167F | |
Source: | Code function: | 0_2_021B2663 | |
Source: | Code function: | 0_2_021B3691 | |
Source: | Code function: | 0_2_021B258F | |
Source: | Code function: | 0_2_021C8417 | |
Source: | Code function: | 0_2_021A740C | |
Source: | Code function: | 0_2_021B3439 | |
Source: | Code function: | 0_2_021AB497 | |
Source: | Code function: | 0_2_021A652E | |
Source: | Code function: | 0_2_021B354B | |
Source: | Code function: | 0_2_021A2547 | |
Source: | Code function: | 0_2_021B25BC | |
Source: | Code function: | 0_2_021B25BC | |
Source: | Code function: | 0_2_021A45FE | |
Source: | Code function: | 0_2_021B35E8 | |
Source: | Code function: | 0_2_021ADADF | |
Source: | Code function: | 0_2_021B2255 | |
Source: | Code function: | 0_2_021AFBB5 | |
Source: | Code function: | 0_2_021C2867 | |
Source: | Code function: | 0_2_021AD89B | |
Source: | Code function: | 0_2_02192887 | |
Source: | Code function: | 0_2_021AB916 | |
Source: | Code function: | 0_2_021B290B | |
Source: | Code function: | 0_2_021B290E | |
Source: | Code function: | 0_2_021B0958 | |
Source: | Code function: | 0_2_021B0958 | |
Source: | Code function: | 0_2_021AA981 | |
Source: | Code function: | 0_2_021B19D7 | |
Source: | Code function: | 0_2_021ADE32 | |
Source: | Code function: | 0_2_02199E27 | |
Source: | Code function: | 0_2_021AEE57 | |
Source: | Code function: | 0_2_021AAE7B | |
Source: | Code function: | 0_2_021A4C07 | |
Source: | Code function: | 0_2_021B0CBC | |
Source: | Code function: | 0_2_021C3D01 | |
Source: | Code function: | 0_2_021C3CFC |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0042AFE0 |
Source: | Code function: | 0_2_0042AFE0 |
Source: | Code function: | 0_2_0042B190 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_004180C5 | |
Source: | Code function: | 0_2_004371C0 | |
Source: | Code function: | 0_2_004381B0 | |
Source: | Code function: | 0_2_004322C0 | |
Source: | Code function: | 0_2_004372F0 | |
Source: | Code function: | 0_2_00415300 | |
Source: | Code function: | 0_2_00438470 | |
Source: | Code function: | 0_2_004344DB | |
Source: | Code function: | 0_2_00437550 | |
Source: | Code function: | 0_2_004376C0 | |
Source: | Code function: | 0_2_004166A7 | |
Source: | Code function: | 0_2_0041B6AF | |
Source: | Code function: | 0_2_00415B15 | |
Source: | Code function: | 0_2_00419C00 | |
Source: | Code function: | 0_2_00423C16 | |
Source: | Code function: | 0_2_00433CF7 | |
Source: | Code function: | 0_2_00416C80 | |
Source: | Code function: | 0_2_00434D0A | |
Source: | Code function: | 0_2_00436E10 | |
Source: | Code function: | 0_2_00419E30 | |
Source: | Code function: | 0_2_0041EFD0 | |
Source: | Code function: | 0_2_00436FF0 | |
Source: | Code function: | 0_2_0041315B | |
Source: | Code function: | 0_2_00430450 | |
Source: | Code function: | 0_2_00437420 | |
Source: | Code function: | 0_2_00417670 | |
Source: | Code function: | 0_2_00432600 | |
Source: | Code function: | 0_2_004136F0 | |
Source: | Code function: | 0_2_004177E0 | |
Source: | Code function: | 0_2_004328F0 | |
Source: | Code function: | 0_2_00421890 | |
Source: | Code function: | 0_2_004379E0 | |
Source: | Code function: | 0_2_00432A50 | |
Source: | Code function: | 0_2_0041BA3C | |
Source: | Code function: | 0_2_0041DA90 | |
Source: | Code function: | 0_2_00432B60 | |
Source: | Code function: | 0_2_00418B31 | |
Source: | Code function: | 0_2_0041DBF0 | |
Source: | Code function: | 0_2_00432C90 | |
Source: | Code function: | 0_2_00437D70 | |
Source: | Code function: | 0_2_00432DA0 | |
Source: | Code function: | 0_2_00416E36 | |
Source: | Code function: | 0_2_00423FF3 | |
Source: | Code function: | 0_2_021AF237 | |
Source: | Code function: | 0_2_021B425A | |
Source: | Code function: | 0_2_021C7257 | |
Source: | Code function: | 0_2_021A832C | |
Source: | Code function: | 0_2_021A33C2 | |
Source: | Code function: | 0_2_021C3007 | |
Source: | Code function: | 0_2_021C7077 | |
Source: | Code function: | 0_2_021A709D | |
Source: | Code function: | 0_2_021AA097 | |
Source: | Code function: | 0_2_021AA62C | |
Source: | Code function: | 0_2_021C7687 | |
Source: | Code function: | 0_2_021C06B7 | |
Source: | Code function: | 0_2_021C86D7 | |
Source: | Code function: | 0_2_021C4742 | |
Source: | Code function: | 0_2_021C77B7 | |
Source: | Code function: | 0_2_021C8417 | |
Source: | Code function: | 0_2_021C7427 | |
Source: | Code function: | 0_2_021C2527 | |
Source: | Code function: | 0_2_021C7557 | |
Source: | Code function: | 0_2_021A5567 | |
Source: | Code function: | 0_2_021A7A47 | |
Source: | Code function: | 0_2_021B1AF7 | |
Source: | Code function: | 0_2_021C2B57 | |
Source: | Code function: | 0_2_021C2867 | |
Source: | Code function: | 0_2_021A78D7 | |
Source: | Code function: | 0_2_021AB916 | |
Source: | Code function: | 0_2_021A690E | |
Source: | Code function: | 0_2_021C7927 | |
Source: | Code function: | 0_2_021A3957 | |
Source: | Code function: | 0_2_021AA981 | |
Source: | Code function: | 0_2_021AEE57 | |
Source: | Code function: | 0_2_021ADE4E | |
Source: | Code function: | 0_2_021B3E7D | |
Source: | Code function: | 0_2_021A9E67 | |
Source: | Code function: | 0_2_021C2EF7 | |
Source: | Code function: | 0_2_021A6EF4 | |
Source: | Code function: | 0_2_021C7FD7 | |
Source: | Code function: | 0_2_021C7C47 | |
Source: | Code function: | 0_2_021C2CB7 | |
Source: | Code function: | 0_2_021ABCA3 | |
Source: | Code function: | 0_2_021ADCEB | |
Source: | Code function: | 0_2_021AED2E | |
Source: | Code function: | 0_2_021A5D7C | |
Source: | Code function: | 0_2_021A8D98 | |
Source: | Code function: | 0_2_021C2DC7 |
Source: | Code function: | 0_3_008DB11F | |
Source: | Code function: | 0_3_008DB120 | |
Source: | Code function: | 0_2_00404AB0 | |
Source: | Code function: | 0_2_0041EFD0 | |
Source: | Code function: | 0_2_0042404C | |
Source: | Code function: | 0_2_004301F0 | |
Source: | Code function: | 0_2_004051B0 | |
Source: | Code function: | 0_2_00403350 | |
Source: | Code function: | 0_2_0040A300 | |
Source: | Code function: | 0_2_00411410 | |
Source: | Code function: | 0_2_004064F0 | |
Source: | Code function: | 0_2_00403740 | |
Source: | Code function: | 0_2_00405700 | |
Source: | Code function: | 0_2_004379E0 | |
Source: | Code function: | 0_2_00406BF0 | |
Source: | Code function: | 0_2_00420BFA | |
Source: | Code function: | 0_2_00437D70 | |
Source: | Code function: | 0_2_0041DDB7 | |
Source: | Code function: | 0_2_00423F4D | |
Source: | Code function: | 0_2_00407FE0 | |
Source: | Code function: | 0_2_00423FF3 | |
Source: | Code function: | 0_2_021AF237 | |
Source: | Code function: | 0_2_021B425A | |
Source: | Code function: | 0_2_02198247 | |
Source: | Code function: | 0_2_02191267 | |
Source: | Code function: | 0_2_021B42B3 | |
Source: | Code function: | 0_2_021AE01E | |
Source: | Code function: | 0_2_021B41B4 | |
Source: | Code function: | 0_2_021A1677 | |
Source: | Code function: | 0_2_02196757 | |
Source: | Code function: | 0_2_02195417 | |
Source: | Code function: | 0_2_021C0457 | |
Source: | Code function: | 0_2_0219A567 | |
Source: | Code function: | 0_2_021935B7 | |
Source: | Code function: | 0_2_02195967 | |
Source: | Code function: | 0_2_021939A7 | |
Source: | Code function: | 0_2_02196E57 | |
Source: | Code function: | 0_2_021B0E61 | |
Source: | Code function: | 0_2_021C7FD7 | |
Source: | Code function: | 0_2_021C7C47 | |
Source: | Code function: | 0_2_02194D17 |
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_008104B6 |
Source: | Code function: | 0_2_00427EC8 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Virustotal: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_3_008D11B9 | |
Source: | Code function: | 0_3_008D77C9 | |
Source: | Code function: | 0_3_008D73D9 | |
Source: | Code function: | 0_3_008D2909 | |
Source: | Code function: | 0_3_008D5029 | |
Source: | Code function: | 0_3_008D1181 | |
Source: | Code function: | 0_2_0043E099 | |
Source: | Code function: | 0_2_0043CE49 | |
Source: | Code function: | 0_2_00811582 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_0080FD93 | |
Source: | Code function: | 0_2_0219092B | |
Source: | Code function: | 0_2_02190D90 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | Directory queried: |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | 31 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1316639 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
10% | Virustotal | Browse | ||
10% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
2% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
wagonglidemonkywo.shop | 104.21.38.98 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.38.98 | wagonglidemonkywo.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417423 |
Start date and time: | 2024-03-29 08:58:08 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 7ITPeT3VWW.exerenamed because original name is a hash value |
Original Sample Name: | 30732747ca33bd37a757c90aada0c604.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@2/5@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.168.117.173
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryDirectoryFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
08:58:53 | API Interceptor | |
08:59:14 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.38.98 | Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
wagonglidemonkywo.shop | Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse |
| |
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | DBatLoader, Remcos | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7ITPeT3VWW.exe_392958df52fafd03bf95a85ca8f5874405d8c_a80dd0fe_e452142c-69af-4a0a-ab2a-4b2fe8a9f3ad\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9928226234829971 |
Encrypted: | false |
SSDEEP: | 96:U+piQ9IsLhqZ57q0fh2QXIDcQuc6OCcEPcw3t+HbHg/8BRTf32rLWIOy4HNYUAWb:z8Q9IFWwp0wxVujhRF7zuiFQZ24IO8L |
MD5: | FB87FCCAE1B4E3A3CC11F3719A3C9E4E |
SHA1: | EF18EF9EC3FFC176E01C58261EBA6F810A16291B |
SHA-256: | 6026B376AEBA9969AB7BB85CB42AA13D3BB0DFB2FAE2CC18755D179744C49210 |
SHA-512: | EEF414E367577DA2A93CD8D4FC9F7EC7BD84941DCBA45E2B96795C8123111D51107093AC17D4E6AFB63E809EA52D62D2315D2963D0D879071047278E027FDBEC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48406 |
Entropy (8bit): | 2.7183670317041897 |
Encrypted: | false |
SSDEEP: | 192:FWFX+WAy1Ux12a7ODBNefK3fAv1Xo18WmMzP6q4z2zbfEm2nitUeMh:XWAaUD2aCDBNuK3fAv8zE6X8P6UF |
MD5: | 57E57DA1AE2CD941F6BB6C177EA58941 |
SHA1: | 16092AD034C6B9E77CFA26F5272150A76B19BFD8 |
SHA-256: | D96638EEB1F26CA593739109296B0EF254A1ED933CFC0CE4553ED41C520D28EB |
SHA-512: | 732E2F0904115EFB0BA1B37B6EAB4CA8DF231A9761E05062ABF369A36E0BDEF6CE34A9ABCADC5765B9B2676AAB474B8D073B17EB0FA8595DE4F854BF6475BD08 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8318 |
Entropy (8bit): | 3.6955970816465027 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJsX6z6YEI9SU5Jgmfl5gpxCpD089bP5sfgFm:R6lXJ86z6YEiSU5Jgmfl5hPSfP |
MD5: | 1B118703AC75B309F264DCD6205958FF |
SHA1: | 0562D2C785F1C45F96D814E748373FB2FA19C98B |
SHA-256: | AA5B48610E8EFA457BEA902D6E0962BC13F14B93D0F50132586E2FCB3FF4EAFF |
SHA-512: | 5E9F45328458CA9513EE2D336DDF701A5B6DC7854140E9A158847C865F3585CA4EC8FD81DE10B3693252221FF0B820BFD6D0576A2176E0062D446DBD18840BA9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4579 |
Entropy (8bit): | 4.470899716921139 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs6Jg77aI9AkOWpW8VY0Ym8M4JnpFFG+q8aiJT+ad:uIjfII7rv7VoJJGCJT+ad |
MD5: | 237DD8D5499181D14D2D4ED5E57DD963 |
SHA1: | 5B6EB9BFEF81585F69A5DF60FBBB6BD01AC8E2A5 |
SHA-256: | 8706F9ABB226E19E180480CCF2641958C642A48B29834DA1B17AE17AC8DE4623 |
SHA-512: | 7177B6F7EBB072198E050ECB337683D63351DCEF67EF9199047825A54B582E07593DBC9D316DA9E7DC1718F50626C2E000D819B4D36532100B4CE9EDC3E1061F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.421560398186751 |
Encrypted: | false |
SSDEEP: | 6144:ySvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNH0uhiTw:BvloTMW+EZMM6DFyF03w |
MD5: | E38553A3C397443413C61213484732C0 |
SHA1: | 17EA20555FD18B54427290A941A787AD08C37AA9 |
SHA-256: | 645E2D07BD0512BDC37F192141667AFECA5389C1CA99756742AA3BA7FF1E4BD3 |
SHA-512: | 42F63E98F6F2CE9CD865BCAC38DD7D8EA987E6D2C70121E59F33EB5BA467775596991C0C163A6F3278350888271B3BA3484081594930011C3967839E933FD69B |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.037281408234631 |
TrID: |
|
File name: | 7ITPeT3VWW.exe |
File size: | 327'168 bytes |
MD5: | 30732747ca33bd37a757c90aada0c604 |
SHA1: | b175606037f75bc349b5221aa999334d961c471b |
SHA256: | 3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047 |
SHA512: | a672d0d573a3cb2fcb06db975ae3d34ae820f7c14c8e6ce24a1d63da511ff7bb3aaeb331026441729e3def6a9625e444b36e6b2a7d76072ebf08a6e5416980a1 |
SSDEEP: | 6144:DuTgT9kw0NZk9gAGkgAcYjd56miof1AjoM0kkrBS9F:JTKw4ZWg6cYjd55ih8RkkrAF |
TLSH: | 7264E0727290D032E197A6305570C6A18A7FB8726B3551CB37842AEE2FF47D05A3A3D7 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Y...Y...Y...6.'.A...6...-...6...~...P.*.P...Y...2...6...X...6.#.X...6.$.X...RichY...................PE..L...;..c........... |
Icon Hash: | 13694d4d29170f17 |
Entrypoint: | 0x4028b2 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x63DCA33B [Fri Feb 3 06:01:31 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 257369aa226cb4b09879eb1a5063d4d0 |
Instruction |
---|
call 00007FF574E5F500h |
jmp 00007FF574E5B1AEh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 20h |
mov eax, dword ptr [ebp+08h] |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 00411270h |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov dword ptr [ebp-08h], eax |
mov eax, dword ptr [ebp+0Ch] |
pop edi |
mov dword ptr [ebp-04h], eax |
pop esi |
test eax, eax |
je 00007FF574E5B32Eh |
test byte ptr [eax], 00000008h |
je 00007FF574E5B329h |
mov dword ptr [ebp-0Ch], 01994000h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
push dword ptr [ebp-10h] |
push dword ptr [ebp-1Ch] |
push dword ptr [ebp-20h] |
call dword ptr [004110B8h] |
leave |
retn 0008h |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 00000328h |
mov dword ptr [00448358h], eax |
mov dword ptr [00448354h], ecx |
mov dword ptr [00448350h], edx |
mov dword ptr [0044834Ch], ebx |
mov dword ptr [00448348h], esi |
mov dword ptr [00448344h], edi |
mov word ptr [00448370h], ss |
mov word ptr [00448364h], cs |
mov word ptr [00448340h], ds |
mov word ptr [0044833Ch], es |
mov word ptr [00448338h], fs |
mov word ptr [00448334h], gs |
pushfd |
pop dword ptr [00448368h] |
mov eax, dword ptr [ebp+00h] |
mov dword ptr [0044835Ch], eax |
mov eax, dword ptr [ebp+04h] |
mov dword ptr [00448360h], eax |
lea eax, dword ptr [ebp+08h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x45394 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x14b000 | 0x7fa8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x11000 | 0x190 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xfe03 | 0x10000 | e12cd827e0e1f293ccd221a4aca0a77b | False | 0.593994140625 | data | 6.637943133338379 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x11000 | 0x34cba | 0x34e00 | 256ae26ca8a1476e419a06f4c75314ab | False | 0.8202617095153665 | data | 7.273330056904142 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x46000 | 0x1042e4 | 0x2c00 | b3c8ca6359653685199ae46ebb0305b7 | False | 0.158203125 | data | 1.873319835535628 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x14b000 | 0x7fa8 | 0x8000 | 0d54bfd0a48b559db4ee101225ab8aa5 | False | 0.548675537109375 | data | 5.555392341349006 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x151d08 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.4276315789473684 | ||
RT_CURSOR | 0x151e50 | 0x134 | Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001" | 0.75 | ||
RT_ICON | 0x14b490 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Spanish | Peru | 0.4341684434968017 |
RT_ICON | 0x14c338 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Spanish | Peru | 0.5640794223826715 |
RT_ICON | 0x14cbe0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Spanish | Peru | 0.6359447004608295 |
RT_ICON | 0x14d2a8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Spanish | Peru | 0.7066473988439307 |
RT_ICON | 0x14d810 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Spanish | Peru | 0.5592323651452282 |
RT_ICON | 0x14fdb8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Spanish | Peru | 0.5898217636022514 |
RT_ICON | 0x150e60 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Spanish | Peru | 0.6717213114754098 |
RT_ICON | 0x1517e8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Spanish | Peru | 0.7092198581560284 |
RT_DIALOG | 0x152190 | 0x98 | data | 0.7631578947368421 | ||
RT_STRING | 0x152228 | 0xee | data | 0.5588235294117647 | ||
RT_STRING | 0x152318 | 0x6e2 | data | 0.42622020431328034 | ||
RT_STRING | 0x152a00 | 0x160 | data | 0.4971590909090909 | ||
RT_STRING | 0x152b60 | 0x448 | data | 0.458029197080292 | ||
RT_ACCELERATOR | 0x151cc8 | 0x40 | data | 0.859375 | ||
RT_GROUP_CURSOR | 0x151e38 | 0x14 | data | 1.15 | ||
RT_GROUP_CURSOR | 0x151f88 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_ICON | 0x151c50 | 0x76 | data | Spanish | Peru | 0.6610169491525424 |
RT_VERSION | 0x151fa0 | 0x1f0 | MS Windows COFF PowerPC object file | 0.5705645161290323 |
DLL | Import |
---|---|
KERNEL32.dll | CreateFileA, GetNumaProcessorNode, DebugActiveProcessStop, GetConsoleAliasExesLengthA, SetUnhandledExceptionFilter, InterlockedIncrement, HeapFree, WaitForSingleObject, SetComputerNameW, ConnectNamedPipe, GetModuleHandleW, ReadConsoleOutputA, GlobalFindAtomA, LoadLibraryW, GetLocaleInfoW, GetFileAttributesA, HeapCreate, lstrcpynW, GetAtomNameW, GetModuleFileNameW, FindNextVolumeMountPointW, SetConsoleTitleA, GetLastError, GetLongPathNameW, GetThreadLocale, GetProcAddress, CreateHardLinkW, SetConsoleDisplayMode, FindAtomA, SetSystemTime, SetConsoleTitleW, HeapSetInformation, GetCurrentDirectoryA, DeleteCriticalSection, SetCalendarInfoA, FindAtomW, CreateFileW, ReadFile, FlushFileBuffers, HeapReAlloc, GetStringTypeW, HeapAlloc, ExitProcess, DecodePointer, GetCommandLineA, GetStartupInfoW, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, IsProcessorFeaturePresent, WriteFile, GetStdHandle, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetModuleFileNameA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, Sleep, RtlUnwind, MultiByteToWideChar, HeapSize, SetStdHandle, WriteConsoleW, LCMapStringW, CloseHandle |
USER32.dll | CopyRect, GetMonitorInfoW, LoadIconA |
ole32.dll | CoTaskMemFree |
WINHTTP.dll | WinHttpAddRequestHeaders, WinHttpCloseHandle |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Spanish | Peru |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 08:58:54.117887974 CET | 49704 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.117930889 CET | 443 | 49704 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:54.118046045 CET | 49704 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.119153023 CET | 49704 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.119165897 CET | 443 | 49704 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:54.328799963 CET | 443 | 49704 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:54.328877926 CET | 49704 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.331770897 CET | 49704 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.331778049 CET | 443 | 49704 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:54.332093000 CET | 443 | 49704 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:54.381917000 CET | 49704 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.386183977 CET | 49704 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.386212111 CET | 49704 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.386287928 CET | 443 | 49704 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:54.851263046 CET | 443 | 49704 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:54.851388931 CET | 443 | 49704 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:54.851473093 CET | 49704 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.863866091 CET | 49704 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.863894939 CET | 443 | 49704 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:54.863909006 CET | 49704 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.863914967 CET | 443 | 49704 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:54.870891094 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.870924950 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:54.871047974 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.871318102 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:54.871332884 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.070292950 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.070427895 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.071667910 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.071675062 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.071930885 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.073127985 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.073154926 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.073193073 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.585686922 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.585728884 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.585760117 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.585788965 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.585788965 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.585813046 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.585828066 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.585856915 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.585894108 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.585895061 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.585906982 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.585943937 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.585951090 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.586517096 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.586549044 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.586564064 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.586570024 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.586611986 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.586616993 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.586651087 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.586678982 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.586694002 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.586700916 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.586740017 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.586745977 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.586772919 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.586817980 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.587074041 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.587089062 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.587096930 CET | 49705 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.587100983 CET | 443 | 49705 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.723186016 CET | 49706 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.723223925 CET | 443 | 49706 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.723412991 CET | 49706 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.723640919 CET | 49706 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.723650932 CET | 443 | 49706 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.923264980 CET | 443 | 49706 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.923548937 CET | 49706 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.924689054 CET | 49706 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.924698114 CET | 443 | 49706 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.924949884 CET | 443 | 49706 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:55.926193953 CET | 49706 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.926352978 CET | 49706 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:55.926387072 CET | 443 | 49706 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:56.396981955 CET | 443 | 49706 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:56.397090912 CET | 443 | 49706 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:56.397183895 CET | 49706 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:56.397382975 CET | 49706 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:56.397399902 CET | 443 | 49706 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:56.566778898 CET | 49707 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:56.566812038 CET | 443 | 49707 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:56.566891909 CET | 49707 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:56.567173004 CET | 49707 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:56.567187071 CET | 443 | 49707 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:56.776235104 CET | 443 | 49707 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:56.776323080 CET | 49707 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:56.777587891 CET | 49707 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:56.777596951 CET | 443 | 49707 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:56.777861118 CET | 443 | 49707 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:56.778984070 CET | 49707 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:56.779099941 CET | 49707 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:56.779133081 CET | 443 | 49707 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:56.779187918 CET | 49707 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:56.779195070 CET | 443 | 49707 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:57.286597967 CET | 443 | 49707 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:57.286715984 CET | 443 | 49707 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:57.286765099 CET | 49707 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:57.286809921 CET | 49707 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:57.286828995 CET | 443 | 49707 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:57.433442116 CET | 49708 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:57.433484077 CET | 443 | 49708 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:57.433552980 CET | 49708 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:57.433864117 CET | 49708 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:57.433875084 CET | 443 | 49708 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:57.632194996 CET | 443 | 49708 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:57.632272959 CET | 49708 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:57.633537054 CET | 49708 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:57.633546114 CET | 443 | 49708 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:57.633776903 CET | 443 | 49708 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:57.634944916 CET | 49708 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:57.635087967 CET | 49708 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:57.635114908 CET | 443 | 49708 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:57.635163069 CET | 49708 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:57.635170937 CET | 443 | 49708 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:58.168004990 CET | 443 | 49708 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:58.168108940 CET | 443 | 49708 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:58.168184042 CET | 49708 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:58.168401957 CET | 49708 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:58.168416977 CET | 443 | 49708 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:58.948306084 CET | 49709 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:58.948345900 CET | 443 | 49709 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:58.948415995 CET | 49709 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:58.948829889 CET | 49709 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:58.948843002 CET | 443 | 49709 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.146886110 CET | 443 | 49709 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.146965027 CET | 49709 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.148381948 CET | 49709 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.148391962 CET | 443 | 49709 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.148616076 CET | 443 | 49709 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.149714947 CET | 49709 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.149868011 CET | 49709 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.149892092 CET | 443 | 49709 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.638955116 CET | 443 | 49709 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.639087915 CET | 443 | 49709 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.639142990 CET | 49709 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.639199018 CET | 49709 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.639219046 CET | 443 | 49709 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.781464100 CET | 49710 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.781510115 CET | 443 | 49710 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.781578064 CET | 49710 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.781862020 CET | 49710 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.781873941 CET | 443 | 49710 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.981537104 CET | 443 | 49710 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.981642008 CET | 49710 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.982902050 CET | 49710 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.982908964 CET | 443 | 49710 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.983181953 CET | 443 | 49710 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:58:59.984314919 CET | 49710 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.984400988 CET | 49710 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:58:59.984405994 CET | 443 | 49710 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:00.461071014 CET | 443 | 49710 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:00.461204052 CET | 443 | 49710 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:00.461258888 CET | 49710 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:00.461289883 CET | 49710 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:00.461308002 CET | 443 | 49710 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.075906992 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.075946093 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.076026917 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.076308012 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.076319933 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.274157047 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.274229050 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.275377989 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.275383949 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.275610924 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.276707888 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.277410984 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.277439117 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.277518034 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.277548075 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.277626038 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.277656078 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.277739048 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.277760029 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.277861118 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.277879000 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.277991056 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.278017998 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.324234962 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.324385881 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.324417114 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.372246981 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.372370005 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.372402906 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.372415066 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.420241117 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.420372963 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.420408964 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.466717005 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.466780901 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.466811895 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.466836929 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.466866970 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.466888905 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:01.512228966 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.562689066 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:01.563626051 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:02.772274017 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:02.772403002 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Mar 29, 2024 08:59:02.772504091 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:02.772922039 CET | 49711 | 443 | 192.168.2.5 | 104.21.38.98 |
Mar 29, 2024 08:59:02.772947073 CET | 443 | 49711 | 104.21.38.98 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 08:58:54.011069059 CET | 63002 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 29, 2024 08:58:54.112392902 CET | 53 | 63002 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 29, 2024 08:58:54.011069059 CET | 192.168.2.5 | 1.1.1.1 | 0xe34e | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 29, 2024 08:58:54.112392902 CET | 1.1.1.1 | 192.168.2.5 | 0xe34e | No error (0) | 104.21.38.98 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 08:58:54.112392902 CET | 1.1.1.1 | 192.168.2.5 | 0xe34e | No error (0) | 172.67.221.128 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49704 | 104.21.38.98 | 443 | 7268 | C:\Users\user\Desktop\7ITPeT3VWW.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 07:58:54 UTC | 269 | OUT | |
2024-03-29 07:58:54 UTC | 8 | OUT | |
2024-03-29 07:58:54 UTC | 808 | IN | |
2024-03-29 07:58:54 UTC | 7 | IN | |
2024-03-29 07:58:54 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49705 | 104.21.38.98 | 443 | 7268 | C:\Users\user\Desktop\7ITPeT3VWW.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 07:58:55 UTC | 270 | OUT | |
2024-03-29 07:58:55 UTC | 52 | OUT | |
2024-03-29 07:58:55 UTC | 816 | IN | |
2024-03-29 07:58:55 UTC | 553 | IN | |
2024-03-29 07:58:55 UTC | 1369 | IN | |
2024-03-29 07:58:55 UTC | 1369 | IN | |
2024-03-29 07:58:55 UTC | 1369 | IN | |
2024-03-29 07:58:55 UTC | 1369 | IN | |
2024-03-29 07:58:55 UTC | 1369 | IN | |
2024-03-29 07:58:55 UTC | 1369 | IN | |
2024-03-29 07:58:55 UTC | 1002 | IN | |
2024-03-29 07:58:55 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49706 | 104.21.38.98 | 443 | 7268 | C:\Users\user\Desktop\7ITPeT3VWW.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 07:58:55 UTC | 288 | OUT | |
2024-03-29 07:58:55 UTC | 12833 | OUT | |
2024-03-29 07:58:56 UTC | 814 | IN | |
2024-03-29 07:58:56 UTC | 22 | IN | |
2024-03-29 07:58:56 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49707 | 104.21.38.98 | 443 | 7268 | C:\Users\user\Desktop\7ITPeT3VWW.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 07:58:56 UTC | 288 | OUT | |
2024-03-29 07:58:56 UTC | 15075 | OUT | |
2024-03-29 07:58:57 UTC | 800 | IN | |
2024-03-29 07:58:57 UTC | 22 | IN | |
2024-03-29 07:58:57 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49708 | 104.21.38.98 | 443 | 7268 | C:\Users\user\Desktop\7ITPeT3VWW.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 07:58:57 UTC | 288 | OUT | |
2024-03-29 07:58:57 UTC | 15331 | OUT | |
2024-03-29 07:58:57 UTC | 5234 | OUT | |
2024-03-29 07:58:58 UTC | 812 | IN | |
2024-03-29 07:58:58 UTC | 22 | IN | |
2024-03-29 07:58:58 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49709 | 104.21.38.98 | 443 | 7268 | C:\Users\user\Desktop\7ITPeT3VWW.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 07:58:59 UTC | 287 | OUT | |
2024-03-29 07:58:59 UTC | 7086 | OUT | |
2024-03-29 07:58:59 UTC | 808 | IN | |
2024-03-29 07:58:59 UTC | 22 | IN | |
2024-03-29 07:58:59 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49710 | 104.21.38.98 | 443 | 7268 | C:\Users\user\Desktop\7ITPeT3VWW.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 07:58:59 UTC | 287 | OUT | |
2024-03-29 07:58:59 UTC | 1394 | OUT | |
2024-03-29 07:59:00 UTC | 802 | IN | |
2024-03-29 07:59:00 UTC | 22 | IN | |
2024-03-29 07:59:00 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49711 | 104.21.38.98 | 443 | 7268 | C:\Users\user\Desktop\7ITPeT3VWW.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 07:59:01 UTC | 289 | OUT | |
2024-03-29 07:59:01 UTC | 15331 | OUT | |
2024-03-29 07:59:01 UTC | 15331 | OUT | |
2024-03-29 07:59:01 UTC | 15331 | OUT | |
2024-03-29 07:59:01 UTC | 15331 | OUT | |
2024-03-29 07:59:01 UTC | 15331 | OUT | |
2024-03-29 07:59:01 UTC | 15331 | OUT | |
2024-03-29 07:59:01 UTC | 15331 | OUT | |
2024-03-29 07:59:01 UTC | 15331 | OUT | |
2024-03-29 07:59:01 UTC | 15331 | OUT | |
2024-03-29 07:59:01 UTC | 15331 | OUT | |
2024-03-29 07:59:02 UTC | 812 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:58:52 |
Start date: | 29/03/2024 |
Path: | C:\Users\user\Desktop\7ITPeT3VWW.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 327'168 bytes |
MD5 hash: | 30732747CA33BD37A757C90AADA0C604 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 08:59:01 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcb0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.6% |
Dynamic/Decrypted Code Coverage: | 7.8% |
Signature Coverage: | 47.8% |
Total number of Nodes: | 360 |
Total number of Limit Nodes: | 13 |
Graph
Function 0042B190 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 76windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409BC0 Relevance: 11.7, Strings: 9, Instructions: 455COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436E10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142nativememoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404AB0 Relevance: 5.5, Strings: 4, Instructions: 506COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436FF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B6AF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437550 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004372F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419C00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423C16 Relevance: 3.2, APIs: 2, Instructions: 175COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008104B6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433CF7 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434D0A Relevance: 1.5, APIs: 1, Instructions: 32nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402CD0 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427EC8 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004275B6 Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 90memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434917 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 121libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0219003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433F74 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004341A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 99libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02190E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00434EAA Relevance: 1.6, APIs: 1, Instructions: 90memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432120 Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432220 Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043593A Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435AE5 Relevance: 1.5, APIs: 1, Instructions: 12memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00810175 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02199E27 Relevance: 11.7, Strings: 9, Instructions: 455COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042AFE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115clipboardCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437D70 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 334nativememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021C7FD7 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 334nativememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BA3C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328nativememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021ABCA3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328nativememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021C7077 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142nativememoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021A652E Relevance: 6.5, Strings: 5, Instructions: 205COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02194D17 Relevance: 5.5, Strings: 4, Instructions: 506COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021C7257 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021AB916 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021C77B7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021C7687 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021C7557 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021A9E67 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004183C0 Relevance: 5.3, Strings: 4, Instructions: 326COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021A8627 Relevance: 5.3, Strings: 4, Instructions: 326COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02195417 Relevance: 3.9, Strings: 3, Instructions: 116COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0219092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405700 Relevance: 3.4, Strings: 2, Instructions: 867COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02195967 Relevance: 3.4, Strings: 2, Instructions: 867COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B3E7D Relevance: 3.2, APIs: 2, Instructions: 175COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B290B Relevance: 3.2, Strings: 2, Instructions: 657COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B290E Relevance: 3.1, Strings: 2, Instructions: 645COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B2255 Relevance: 3.1, Strings: 2, Instructions: 624COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008DB11F Relevance: 2.9, Strings: 2, Instructions: 416COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004110A3 Relevance: 2.6, Strings: 2, Instructions: 68COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021A130A Relevance: 2.6, Strings: 2, Instructions: 68COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02191267 Relevance: 1.8, Strings: 1, Instructions: 549COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008DB120 Relevance: 1.7, Strings: 1, Instructions: 424COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042404C Relevance: 1.6, Strings: 1, Instructions: 395COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B42B3 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420BFA Relevance: 1.6, Strings: 1, Instructions: 378COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B0E61 Relevance: 1.6, Strings: 1, Instructions: 378COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424038 Relevance: 1.6, Strings: 1, Instructions: 347COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B429F Relevance: 1.6, Strings: 1, Instructions: 347COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004171A5 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021A740C Relevance: 1.6, Strings: 1, Instructions: 302COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406BF0 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02196E57 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004223FC Relevance: 1.4, Strings: 1, Instructions: 186COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B2663 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422355 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B25BC Relevance: 1.4, Strings: 1, Instructions: 175COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004149A0 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021A4C07 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422328 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B258F Relevance: 1.4, Strings: 1, Instructions: 131COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407FE0 Relevance: .8, Instructions: 820COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02198247 Relevance: .8, Instructions: 820COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403740 Relevance: .6, Instructions: 648COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021939A7 Relevance: .6, Instructions: 648COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004064F0 Relevance: .6, Instructions: 587COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02196757 Relevance: .6, Instructions: 587COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DDB7 Relevance: .3, Instructions: 296COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021AE01E Relevance: .3, Instructions: 296COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421418 Relevance: .3, Instructions: 278COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B167F Relevance: .3, Instructions: 278COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421FF3 Relevance: .3, Instructions: 270COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B225A Relevance: .3, Instructions: 270COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414397 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021A45FE Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004210E3 Relevance: .2, Instructions: 235COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B134A Relevance: .2, Instructions: 235COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414190 Relevance: .2, Instructions: 199COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021A43F7 Relevance: .2, Instructions: 199COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004301F0 Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021C0457 Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A300 Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0219A567 Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433A9A Relevance: .2, Instructions: 157COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021C3D01 Relevance: .2, Instructions: 157COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F94E Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021AFBB5 Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411410 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021A1677 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004051B0 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423F4D Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B41B4 Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042342A Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B3691 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403350 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433A95 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021935B7 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021C3CFC Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402620 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02192887 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004206F1 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B0958 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D878 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021ADADF Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423381 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B35E8 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004232E4 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D634 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B354B Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021AD89B Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E3D0 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021BE637 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080FD93 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021AAE7B Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004122E0 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021A2547 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02190D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DF20 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0219E187 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420A55 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B0CBC Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411007 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021A126E Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004231D2 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421770 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B3439 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B19D7 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DBCB Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021ADE32 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FFD9 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B0245 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021BB3F7 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 76windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021BB247 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115clipboardCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |