Windows
Analysis Report
Zarefy4bOs.exe
Overview
General Information
Sample name: | Zarefy4bOs.exerenamed because original name is a hash value |
Original sample name: | e81ff60c955d9f232d4812a68ef4335f204be923d6aa75c5d309e8fe76eed1ed.exe |
Analysis ID: | 1422062 |
MD5: | eb9d9bc525bf2cfd5a566ff1939a65d8 |
SHA1: | d1d9c33251db984f86a31033d94e365ff2787ad6 |
SHA256: | e81ff60c955d9f232d4812a68ef4335f204be923d6aa75c5d309e8fe76eed1ed |
Tags: | exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Zarefy4bOs.exe (PID: 3648 cmdline:
"C:\Users\ user\Deskt op\Zarefy4 bOs.exe" MD5: EB9D9BC525BF2CFD5A566FF1939A65D8)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "tslogs@mksiimst.com", "Password": "EbxKZL@2", "Host": "us2.smtp.mailhostbox.com ", "Port": "587"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 2 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MALWARE_Win_SnakeKeylogger | Detects Snake Keylogger | ditekSHen |
| |
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Click to see the 5 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 2 entries |
System Summary |
---|
Source: | Author: frack113: |
Timestamp: | 04/08/24-10:03:49.773592 |
SID: | 2044767 |
Source Port: | 49728 |
Destination Port: | 587 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0266FA10 | |
Source: | Code function: | 0_2_0266EDF0 | |
Source: | Code function: | 0_2_0266EDF0 | |
Source: | Code function: | 0_2_0266E310 | |
Source: | Code function: | 0_2_027611C0 | |
Source: | Code function: | 0_2_02760D60 | |
Source: | Code function: | 0_2_0276DA18 | |
Source: | Code function: | 0_2_0276E2C8 | |
Source: | Code function: | 0_2_0276EB78 | |
Source: | Code function: | 0_2_0276B300 | |
Source: | Code function: | 0_2_0276BBB0 | |
Source: | Code function: | 0_2_02760040 | |
Source: | Code function: | 0_2_0276C008 | |
Source: | Code function: | 0_2_0276C8B8 | |
Source: | Code function: | 0_2_0276F880 | |
Source: | Code function: | 0_2_0276D168 | |
Source: | Code function: | 0_2_02760900 | |
Source: | Code function: | 0_2_027611B1 | |
Source: | Code function: | 0_2_0276DE70 | |
Source: | Code function: | 0_2_0276B758 | |
Source: | Code function: | 0_2_0276E720 | |
Source: | Code function: | 0_2_0276EFD0 | |
Source: | Code function: | 0_2_0276C460 | |
Source: | Code function: | 0_2_0276F428 | |
Source: | Code function: | 0_2_027604A0 | |
Source: | Code function: | 0_2_0276CD10 | |
Source: | Code function: | 0_2_02761506 | |
Source: | Code function: | 0_2_0276D5C0 |
Networking |
---|
Source: | Snort IDS: |
Source: | File source: | ||
Source: | File source: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_0266B388 | |
Source: | Code function: | 0_2_02666168 | |
Source: | Code function: | 0_2_0266C1F0 | |
Source: | Code function: | 0_2_026621A8 | |
Source: | Code function: | 0_2_0266C7B2 | |
Source: | Code function: | 0_2_02666790 | |
Source: | Code function: | 0_2_0266C4D0 | |
Source: | Code function: | 0_2_0266FA10 | |
Source: | Code function: | 0_2_0266CA92 | |
Source: | Code function: | 0_2_02664B31 | |
Source: | Code function: | 0_2_026698B8 | |
Source: | Code function: | 0_2_0266BF10 | |
Source: | Code function: | 0_2_0266EDF0 | |
Source: | Code function: | 0_2_0266E300 | |
Source: | Code function: | 0_2_0266E310 | |
Source: | Code function: | 0_2_0266305E | |
Source: | Code function: | 0_2_026630F6 | |
Source: | Code function: | 0_2_0266B552 | |
Source: | Code function: | 0_2_026635CA | |
Source: | Code function: | 0_2_0266BC32 | |
Source: | Code function: | 0_2_02768278 | |
Source: | Code function: | 0_2_02767988 | |
Source: | Code function: | 0_2_02763688 | |
Source: | Code function: | 0_2_02760D60 | |
Source: | Code function: | 0_2_0276DA18 | |
Source: | Code function: | 0_2_02767200 | |
Source: | Code function: | 0_2_0276DA09 | |
Source: | Code function: | 0_2_0276B2EF | |
Source: | Code function: | 0_2_0276E2C8 | |
Source: | Code function: | 0_2_0276E2B8 | |
Source: | Code function: | 0_2_0276EB78 | |
Source: | Code function: | 0_2_0276EB68 | |
Source: | Code function: | 0_2_0276B300 | |
Source: | Code function: | 0_2_0276BBB0 | |
Source: | Code function: | 0_2_0276BBA0 | |
Source: | Code function: | 0_2_02767BA8 | |
Source: | Code function: | 0_2_0276F871 | |
Source: | Code function: | 0_2_02760040 | |
Source: | Code function: | 0_2_02760007 | |
Source: | Code function: | 0_2_0276C008 | |
Source: | Code function: | 0_2_027608F1 | |
Source: | Code function: | 0_2_0276C8B8 | |
Source: | Code function: | 0_2_0276C8A8 | |
Source: | Code function: | 0_2_0276F880 | |
Source: | Code function: | 0_2_0276D168 | |
Source: | Code function: | 0_2_0276D158 | |
Source: | Code function: | 0_2_02760900 | |
Source: | Code function: | 0_2_027671FC | |
Source: | Code function: | 0_2_027681FC | |
Source: | Code function: | 0_2_0276DE70 | |
Source: | Code function: | 0_2_02763678 | |
Source: | Code function: | 0_2_0276DE61 | |
Source: | Code function: | 0_2_0276B752 | |
Source: | Code function: | 0_2_0276B758 | |
Source: | Code function: | 0_2_0276E720 | |
Source: | Code function: | 0_2_0276E710 | |
Source: | Code function: | 0_2_0276BFF8 | |
Source: | Code function: | 0_2_0276EFD0 | |
Source: | Code function: | 0_2_0276EFC1 | |
Source: | Code function: | 0_2_0276C460 | |
Source: | Code function: | 0_2_0276C450 | |
Source: | Code function: | 0_2_0276F428 | |
Source: | Code function: | 0_2_0276F418 | |
Source: | Code function: | 0_2_0276ACDE | |
Source: | Code function: | 0_2_027604A0 | |
Source: | Code function: | 0_2_02760490 | |
Source: | Code function: | 0_2_02760D50 | |
Source: | Code function: | 0_2_0276CD10 | |
Source: | Code function: | 0_2_0276CD01 | |
Source: | Code function: | 0_2_0276D5C0 | |
Source: | Code function: | 0_2_0276D5B0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | String found in binary or memory: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_02767988 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 1 OS Credential Dumping | 1 Query Registry | Remote Services | 1 Email Collection | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 31 Virtualization/Sandbox Evasion | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 31 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | 23 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 13 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
66% | ReversingLabs | ByteCode-MSIL.Keylogger.NotFound | ||
68% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1307591 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
6% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
1% | Virustotal | Browse | ||
15% | Virustotal | Browse | ||
6% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
us2.smtp.mailhostbox.com | 208.91.199.225 | true | false | high | |
reallyfreegeoip.org | 104.21.67.152 | true | false |
| unknown |
scratchdreams.tk | 104.21.27.85 | true | false |
| unknown |
checkip.dyndns.com | 193.122.6.168 | true | false |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.67.152 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
208.91.199.225 | us2.smtp.mailhostbox.com | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | false | |
104.21.27.85 | scratchdreams.tk | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1422062 |
Start date and time: | 2024-04-08 10:02:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Zarefy4bOs.exerenamed because original name is a hash value |
Original Sample Name: | e81ff60c955d9f232d4812a68ef4335f204be923d6aa75c5d309e8fe76eed1ed.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.winEXE@1/0@4/4 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
10:02:58 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.67.152 | Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | ||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse | |||
193.122.6.168 | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
208.91.199.225 | Get hash | malicious | AgentTesla | Browse | ||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
checkip.dyndns.com | Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
scratchdreams.tk | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
us2.smtp.mailhostbox.com | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ORACLE-BMC-31898US | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | SmokeLoader, Xehook Stealer | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 5.848474243927881 |
TrID: |
|
File name: | Zarefy4bOs.exe |
File size: | 133'120 bytes |
MD5: | eb9d9bc525bf2cfd5a566ff1939a65d8 |
SHA1: | d1d9c33251db984f86a31033d94e365ff2787ad6 |
SHA256: | e81ff60c955d9f232d4812a68ef4335f204be923d6aa75c5d309e8fe76eed1ed |
SHA512: | 2a41f25fd63148ed2eb2e1b26ae2c889a09c93bcad8ad5ecdf1e7e8deeeceecc030d6a05c38bd520c49d68219721016e62f6d4dfb35407db8fc53b0264239335 |
SSDEEP: | 3072:AA1JAirk7zoewGuynWGMUdNL9blyFFAsQ2wvxLO4LygbY:1AirqzoP6Vd9bKv4L7b |
TLSH: | 77D31B1937E88814E2FF997302716101C7B6B8531A16DF1D0AD2F4692B7DBA1CE1AF93 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..e..............P.................. ... ....@.. .......................`............@................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x4211be |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x65D90863 [Fri Feb 23 21:04:35 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x21170 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x22000 | 0x108f | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x24000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x1f1c4 | 0x1f200 | 38fbd64968fd4540516b6ed151d03db4 | False | 0.3587788654618474 | data | 5.86247167214779 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x22000 | 0x108f | 0x1200 | f59392b7fa5e8b22ad0c6b19a0b07c20 | False | 0.3663194444444444 | data | 4.868462934974607 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x24000 | 0xc | 0x200 | f07f68609b7dd4d134af65ad7e8480e7 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x220a0 | 0x394 | OpenPGP Secret Key | 0.42358078602620086 | ||
RT_MANIFEST | 0x22434 | 0xc5b | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.3926651912741069 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/08/24-10:03:49.773592 | TCP | 2044767 | ET TROJAN Snake Keylogger Exfil via SMTP | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2024 10:02:57.340023041 CEST | 49705 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:02:57.577135086 CEST | 80 | 49705 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:02:57.577241898 CEST | 49705 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:02:57.577605963 CEST | 49705 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:02:57.814512014 CEST | 80 | 49705 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:02:58.277544022 CEST | 80 | 49705 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:02:58.282962084 CEST | 49705 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:02:58.519921064 CEST | 80 | 49705 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:02:58.521754026 CEST | 80 | 49705 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:02:58.568444967 CEST | 49705 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:02:58.698631048 CEST | 49706 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:58.698679924 CEST | 443 | 49706 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:02:58.698781013 CEST | 49706 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:58.705890894 CEST | 49706 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:58.705910921 CEST | 443 | 49706 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:02:58.970863104 CEST | 443 | 49706 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:02:58.971009970 CEST | 49706 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:58.975447893 CEST | 49706 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:58.975459099 CEST | 443 | 49706 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:02:58.975832939 CEST | 443 | 49706 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:02:59.021430016 CEST | 49706 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:59.042711020 CEST | 49706 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:59.084237099 CEST | 443 | 49706 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:02:59.262979031 CEST | 443 | 49706 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:02:59.263076067 CEST | 443 | 49706 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:02:59.263173103 CEST | 49706 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:59.269284964 CEST | 49706 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:59.272654057 CEST | 49705 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:02:59.511491060 CEST | 80 | 49705 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:02:59.514556885 CEST | 49707 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:59.514596939 CEST | 443 | 49707 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:02:59.514666080 CEST | 49707 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:59.515074015 CEST | 49707 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:59.515080929 CEST | 443 | 49707 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:02:59.552709103 CEST | 49705 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:02:59.781657934 CEST | 443 | 49707 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:02:59.784163952 CEST | 49707 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:02:59.784188986 CEST | 443 | 49707 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:00.079196930 CEST | 443 | 49707 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:00.079307079 CEST | 443 | 49707 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:00.079371929 CEST | 49707 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:00.080009937 CEST | 49707 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:00.083276987 CEST | 49705 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:00.084616899 CEST | 49708 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:00.320198059 CEST | 80 | 49705 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:00.320286036 CEST | 49705 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:00.322242022 CEST | 80 | 49708 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:00.322324038 CEST | 49708 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:00.322504997 CEST | 49708 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:00.560576916 CEST | 80 | 49708 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:00.561847925 CEST | 80 | 49708 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:00.563397884 CEST | 49709 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:00.563441038 CEST | 443 | 49709 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:00.563507080 CEST | 49709 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:00.563872099 CEST | 49709 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:00.563885927 CEST | 443 | 49709 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:00.615192890 CEST | 49708 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:00.821615934 CEST | 443 | 49709 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:00.823163033 CEST | 49709 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:00.823187113 CEST | 443 | 49709 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:01.119183064 CEST | 443 | 49709 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:01.119285107 CEST | 443 | 49709 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:01.119340897 CEST | 49709 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:01.119889021 CEST | 49709 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:01.124775887 CEST | 49710 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:01.366841078 CEST | 80 | 49710 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:01.366960049 CEST | 49710 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:01.367100954 CEST | 49710 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:01.609117985 CEST | 80 | 49710 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:01.611212969 CEST | 80 | 49710 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:01.612401009 CEST | 49711 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:01.612435102 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:01.612498045 CEST | 49711 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:01.612744093 CEST | 49711 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:01.612756014 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:01.662035942 CEST | 49710 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:01.870656967 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:01.872411966 CEST | 49711 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:01.872431040 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:02.170308113 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:02.170416117 CEST | 443 | 49711 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:02.170494080 CEST | 49711 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:02.171030998 CEST | 49711 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:02.174384117 CEST | 49710 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:02.175487041 CEST | 49712 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:02.412379026 CEST | 80 | 49712 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:02.412467003 CEST | 49712 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:02.412601948 CEST | 49712 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:02.416831017 CEST | 80 | 49710 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:02.416894913 CEST | 49710 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:02.649599075 CEST | 80 | 49712 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:02.651235104 CEST | 80 | 49712 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:02.652510881 CEST | 49713 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:02.652554035 CEST | 443 | 49713 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:02.652621031 CEST | 49713 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:02.653050900 CEST | 49713 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:02.653065920 CEST | 443 | 49713 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:02.693281889 CEST | 49712 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:02.909548044 CEST | 443 | 49713 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:02.911125898 CEST | 49713 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:02.911151886 CEST | 443 | 49713 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:03.208363056 CEST | 443 | 49713 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:03.208487988 CEST | 443 | 49713 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:03.208550930 CEST | 49713 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:03.209127903 CEST | 49713 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:03.212634087 CEST | 49712 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:03.213859081 CEST | 49714 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:03.449671030 CEST | 80 | 49712 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:03.449774027 CEST | 49712 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:03.455389023 CEST | 80 | 49714 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:03.455496073 CEST | 49714 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:03.455678940 CEST | 49714 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:03.697280884 CEST | 80 | 49714 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:04.699583054 CEST | 80 | 49714 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:04.701189995 CEST | 49715 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:04.701227903 CEST | 443 | 49715 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:04.701293945 CEST | 49715 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:04.701596975 CEST | 49715 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:04.701611042 CEST | 443 | 49715 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:04.740226030 CEST | 49714 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:04.959300995 CEST | 443 | 49715 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:04.961036921 CEST | 49715 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:04.961057901 CEST | 443 | 49715 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:05.256786108 CEST | 443 | 49715 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:05.256875038 CEST | 443 | 49715 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:05.256920099 CEST | 49715 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:05.257496119 CEST | 49715 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:05.261332989 CEST | 49714 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:05.262800932 CEST | 49716 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:05.502966881 CEST | 80 | 49714 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:05.503055096 CEST | 49714 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:05.504618883 CEST | 80 | 49716 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:05.504687071 CEST | 49716 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:05.504890919 CEST | 49716 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:05.746809006 CEST | 80 | 49716 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:07.132369995 CEST | 80 | 49716 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:07.133759022 CEST | 49717 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:07.133795977 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:07.133887053 CEST | 49717 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:07.134130001 CEST | 49717 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:07.134140968 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:07.177736998 CEST | 49716 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:07.391735077 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:07.393260956 CEST | 49717 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:07.393286943 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:07.688474894 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:07.688599110 CEST | 443 | 49717 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:07.688699007 CEST | 49717 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:07.689354897 CEST | 49717 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:07.692905903 CEST | 49716 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:07.694168091 CEST | 49718 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:07.931200027 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:07.931337118 CEST | 49718 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:07.931536913 CEST | 49718 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:07.935656071 CEST | 80 | 49716 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:07.935738087 CEST | 49716 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:08.168643951 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:08.475114107 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:08.476480007 CEST | 49719 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:08.476531029 CEST | 443 | 49719 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:08.476715088 CEST | 49719 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:08.477020979 CEST | 49719 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:08.477030993 CEST | 443 | 49719 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:08.521387100 CEST | 49718 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:08.736641884 CEST | 443 | 49719 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:08.738500118 CEST | 49719 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:08.738523960 CEST | 443 | 49719 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:09.035382032 CEST | 443 | 49719 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:09.035491943 CEST | 443 | 49719 | 104.21.67.152 | 192.168.2.5 |
Apr 8, 2024 10:03:09.035552979 CEST | 49719 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:09.036128044 CEST | 49719 | 443 | 192.168.2.5 | 104.21.67.152 |
Apr 8, 2024 10:03:09.047113895 CEST | 49718 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:09.284634113 CEST | 80 | 49718 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:03:09.284734964 CEST | 49718 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:03:09.440977097 CEST | 49720 | 443 | 192.168.2.5 | 104.21.27.85 |
Apr 8, 2024 10:03:09.441020012 CEST | 443 | 49720 | 104.21.27.85 | 192.168.2.5 |
Apr 8, 2024 10:03:09.441104889 CEST | 49720 | 443 | 192.168.2.5 | 104.21.27.85 |
Apr 8, 2024 10:03:09.441603899 CEST | 49720 | 443 | 192.168.2.5 | 104.21.27.85 |
Apr 8, 2024 10:03:09.441626072 CEST | 443 | 49720 | 104.21.27.85 | 192.168.2.5 |
Apr 8, 2024 10:03:09.707825899 CEST | 443 | 49720 | 104.21.27.85 | 192.168.2.5 |
Apr 8, 2024 10:03:09.707962036 CEST | 49720 | 443 | 192.168.2.5 | 104.21.27.85 |
Apr 8, 2024 10:03:09.711285114 CEST | 49720 | 443 | 192.168.2.5 | 104.21.27.85 |
Apr 8, 2024 10:03:09.711294889 CEST | 443 | 49720 | 104.21.27.85 | 192.168.2.5 |
Apr 8, 2024 10:03:09.711579084 CEST | 443 | 49720 | 104.21.27.85 | 192.168.2.5 |
Apr 8, 2024 10:03:09.713305950 CEST | 49720 | 443 | 192.168.2.5 | 104.21.27.85 |
Apr 8, 2024 10:03:09.756232023 CEST | 443 | 49720 | 104.21.27.85 | 192.168.2.5 |
Apr 8, 2024 10:03:40.856298923 CEST | 443 | 49720 | 104.21.27.85 | 192.168.2.5 |
Apr 8, 2024 10:03:40.856373072 CEST | 443 | 49720 | 104.21.27.85 | 192.168.2.5 |
Apr 8, 2024 10:03:40.856522083 CEST | 49720 | 443 | 192.168.2.5 | 104.21.27.85 |
Apr 8, 2024 10:03:40.897336960 CEST | 49720 | 443 | 192.168.2.5 | 104.21.27.85 |
Apr 8, 2024 10:03:46.387043953 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:46.583738089 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:46.583846092 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:47.095187902 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:47.146344900 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:47.361692905 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:47.558557987 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:47.558579922 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:47.562429905 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:47.762252092 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:47.802628040 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:48.956451893 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:49.157191992 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:49.157516956 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:49.358012915 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:49.358366966 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:49.573837042 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:49.574067116 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:49.772804976 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:49.773591995 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:49.773665905 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:49.773684978 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:49.773704052 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:03:49.969856977 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:49.970089912 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:50.093750000 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:03:50.146392107 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:04:05.561872005 CEST | 80 | 49708 | 193.122.6.168 | 192.168.2.5 |
Apr 8, 2024 10:04:05.561943054 CEST | 49708 | 80 | 192.168.2.5 | 193.122.6.168 |
Apr 8, 2024 10:05:26.598421097 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:05:26.796036005 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:05:26.796065092 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Apr 8, 2024 10:05:26.796137094 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:05:26.796235085 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 |
Apr 8, 2024 10:05:26.992697954 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2024 10:02:57.206253052 CEST | 63619 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 8, 2024 10:02:57.330614090 CEST | 53 | 63619 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2024 10:02:58.572525978 CEST | 49863 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 8, 2024 10:02:58.697789907 CEST | 53 | 49863 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2024 10:03:09.047684908 CEST | 53771 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 8, 2024 10:03:09.440099955 CEST | 53 | 53771 | 1.1.1.1 | 192.168.2.5 |
Apr 8, 2024 10:03:46.258917093 CEST | 64814 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 8, 2024 10:03:46.384594917 CEST | 53 | 64814 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 8, 2024 10:02:57.206253052 CEST | 192.168.2.5 | 1.1.1.1 | 0xb45c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 8, 2024 10:02:58.572525978 CEST | 192.168.2.5 | 1.1.1.1 | 0x530 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 8, 2024 10:03:09.047684908 CEST | 192.168.2.5 | 1.1.1.1 | 0xe30 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 8, 2024 10:03:46.258917093 CEST | 192.168.2.5 | 1.1.1.1 | 0xb3a5 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 8, 2024 10:02:57.330614090 CEST | 1.1.1.1 | 192.168.2.5 | 0xb45c | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 8, 2024 10:02:57.330614090 CEST | 1.1.1.1 | 192.168.2.5 | 0xb45c | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:02:57.330614090 CEST | 1.1.1.1 | 192.168.2.5 | 0xb45c | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:02:57.330614090 CEST | 1.1.1.1 | 192.168.2.5 | 0xb45c | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:02:57.330614090 CEST | 1.1.1.1 | 192.168.2.5 | 0xb45c | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:02:57.330614090 CEST | 1.1.1.1 | 192.168.2.5 | 0xb45c | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:02:58.697789907 CEST | 1.1.1.1 | 192.168.2.5 | 0x530 | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:02:58.697789907 CEST | 1.1.1.1 | 192.168.2.5 | 0x530 | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:03:09.440099955 CEST | 1.1.1.1 | 192.168.2.5 | 0xe30 | No error (0) | 104.21.27.85 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:03:09.440099955 CEST | 1.1.1.1 | 192.168.2.5 | 0xe30 | No error (0) | 172.67.169.18 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:03:46.384594917 CEST | 1.1.1.1 | 192.168.2.5 | 0xb3a5 | No error (0) | 208.91.199.225 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:03:46.384594917 CEST | 1.1.1.1 | 192.168.2.5 | 0xb3a5 | No error (0) | 208.91.199.223 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:03:46.384594917 CEST | 1.1.1.1 | 192.168.2.5 | 0xb3a5 | No error (0) | 208.91.198.143 | A (IP address) | IN (0x0001) | false | ||
Apr 8, 2024 10:03:46.384594917 CEST | 1.1.1.1 | 192.168.2.5 | 0xb3a5 | No error (0) | 208.91.199.224 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49705 | 193.122.6.168 | 80 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 10:02:57.577605963 CEST | 151 | OUT | |
Apr 8, 2024 10:02:58.277544022 CEST | 324 | IN | |
Apr 8, 2024 10:02:58.282962084 CEST | 127 | OUT | |
Apr 8, 2024 10:02:58.521754026 CEST | 324 | IN | |
Apr 8, 2024 10:02:59.272654057 CEST | 127 | OUT | |
Apr 8, 2024 10:02:59.511491060 CEST | 324 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49708 | 193.122.6.168 | 80 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 10:03:00.322504997 CEST | 127 | OUT | |
Apr 8, 2024 10:03:00.561847925 CEST | 324 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49710 | 193.122.6.168 | 80 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 10:03:01.367100954 CEST | 151 | OUT | |
Apr 8, 2024 10:03:01.611212969 CEST | 324 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49712 | 193.122.6.168 | 80 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 10:03:02.412601948 CEST | 151 | OUT | |
Apr 8, 2024 10:03:02.651235104 CEST | 324 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49714 | 193.122.6.168 | 80 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 10:03:03.455678940 CEST | 151 | OUT | |
Apr 8, 2024 10:03:04.699583054 CEST | 324 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49716 | 193.122.6.168 | 80 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 10:03:05.504890919 CEST | 151 | OUT | |
Apr 8, 2024 10:03:07.132369995 CEST | 324 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49718 | 193.122.6.168 | 80 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 8, 2024 10:03:07.931536913 CEST | 151 | OUT | |
Apr 8, 2024 10:03:08.475114107 CEST | 324 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49706 | 104.21.67.152 | 443 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 08:02:59 UTC | 88 | OUT | |
2024-04-08 08:02:59 UTC | 710 | IN | |
2024-04-08 08:02:59 UTC | 380 | IN | |
2024-04-08 08:02:59 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49707 | 104.21.67.152 | 443 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 08:02:59 UTC | 64 | OUT | |
2024-04-08 08:03:00 UTC | 702 | IN | |
2024-04-08 08:03:00 UTC | 380 | IN | |
2024-04-08 08:03:00 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49709 | 104.21.67.152 | 443 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 08:03:00 UTC | 64 | OUT | |
2024-04-08 08:03:01 UTC | 708 | IN | |
2024-04-08 08:03:01 UTC | 380 | IN | |
2024-04-08 08:03:01 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49711 | 104.21.67.152 | 443 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 08:03:01 UTC | 88 | OUT | |
2024-04-08 08:03:02 UTC | 712 | IN | |
2024-04-08 08:03:02 UTC | 380 | IN | |
2024-04-08 08:03:02 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49713 | 104.21.67.152 | 443 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 08:03:02 UTC | 64 | OUT | |
2024-04-08 08:03:03 UTC | 708 | IN | |
2024-04-08 08:03:03 UTC | 380 | IN | |
2024-04-08 08:03:03 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49715 | 104.21.67.152 | 443 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 08:03:04 UTC | 88 | OUT | |
2024-04-08 08:03:05 UTC | 702 | IN | |
2024-04-08 08:03:05 UTC | 380 | IN | |
2024-04-08 08:03:05 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49717 | 104.21.67.152 | 443 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 08:03:07 UTC | 64 | OUT | |
2024-04-08 08:03:07 UTC | 712 | IN | |
2024-04-08 08:03:07 UTC | 380 | IN | |
2024-04-08 08:03:07 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49719 | 104.21.67.152 | 443 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 08:03:08 UTC | 88 | OUT | |
2024-04-08 08:03:09 UTC | 708 | IN | |
2024-04-08 08:03:09 UTC | 380 | IN | |
2024-04-08 08:03:09 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49720 | 104.21.27.85 | 443 | 3648 | C:\Users\user\Desktop\Zarefy4bOs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-08 08:03:09 UTC | 79 | OUT | |
2024-04-08 08:03:40 UTC | 739 | IN | |
2024-04-08 08:03:40 UTC | 15 | IN |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Apr 8, 2024 10:03:47.095187902 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 | 220 us2.outbound.mailhostbox.com ESMTP Postfix |
Apr 8, 2024 10:03:47.361692905 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 | EHLO 138727 |
Apr 8, 2024 10:03:47.558579922 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 | 250-us2.outbound.mailhostbox.com 250-PIPELINING 250-SIZE 41648128 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 CHUNKING |
Apr 8, 2024 10:03:47.562429905 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 | AUTH login dHNsb2dzQG1rc2lpbXN0LmNvbQ== |
Apr 8, 2024 10:03:47.762252092 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 | 334 UGFzc3dvcmQ6 |
Apr 8, 2024 10:03:49.157191992 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 | 235 2.7.0 Authentication successful |
Apr 8, 2024 10:03:49.157516956 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 | MAIL FROM:<tslogs@mksiimst.com> |
Apr 8, 2024 10:03:49.358012915 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 | 250 2.1.0 Ok |
Apr 8, 2024 10:03:49.358366966 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 | RCPT TO:<tslogs@mksiimst.com> |
Apr 8, 2024 10:03:49.573837042 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 | 250 2.1.5 Ok |
Apr 8, 2024 10:03:49.574067116 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 | DATA |
Apr 8, 2024 10:03:49.772804976 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 | 354 End data with <CR><LF>.<CR><LF> |
Apr 8, 2024 10:03:49.773704052 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 | . |
Apr 8, 2024 10:03:50.093750000 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 | 250 2.0.0 Ok: queued as 7383D640698 |
Apr 8, 2024 10:05:26.598421097 CEST | 49728 | 587 | 192.168.2.5 | 208.91.199.225 | QUIT |
Apr 8, 2024 10:05:26.796036005 CEST | 587 | 49728 | 208.91.199.225 | 192.168.2.5 | 221 2.0.0 Bye |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 10:02:56 |
Start date: | 08/04/2024 |
Path: | C:\Users\user\Desktop\Zarefy4bOs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x420000 |
File size: | 133'120 bytes |
MD5 hash: | EB9D9BC525BF2CFD5A566FF1939A65D8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 19.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 65.8% |
Total number of Nodes: | 38 |
Total number of Limit Nodes: | 4 |
Graph
Function 026621A8 Relevance: 8.2, Strings: 6, Instructions: 692COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02666790 Relevance: 6.7, Strings: 5, Instructions: 441COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266B388 Relevance: 6.6, Strings: 5, Instructions: 351COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266C1F0 Relevance: 6.4, Strings: 5, Instructions: 199COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266BF10 Relevance: 6.4, Strings: 5, Instructions: 197COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266CA92 Relevance: 6.4, Strings: 5, Instructions: 189COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266C7B2 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02664B31 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266C4D0 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02763688 Relevance: 4.3, Strings: 1, Instructions: 3069COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266BC32 Relevance: 3.9, Strings: 3, Instructions: 167COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266B552 Relevance: 3.9, Strings: 3, Instructions: 152COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02768278 Relevance: 3.5, Strings: 1, Instructions: 2263COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026698B8 Relevance: 3.4, Strings: 2, Instructions: 860COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02666168 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02767988 Relevance: 2.0, APIs: 1, Instructions: 534COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027681FC Relevance: 1.6, Strings: 1, Instructions: 381COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266EDF0 Relevance: .7, Instructions: 720COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266FA10 Relevance: .3, Instructions: 274COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02760D60 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027611B1 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027611C0 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02761506 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02760D50 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02666EB8 Relevance: 10.5, Strings: 8, Instructions: 477COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02668849 Relevance: 4.3, Strings: 3, Instructions: 503COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02667850 Relevance: 3.2, Strings: 2, Instructions: 707COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02665700 Relevance: 2.8, Strings: 2, Instructions: 326COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02665C60 Relevance: 2.7, Strings: 2, Instructions: 230COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02660C8F Relevance: 1.7, Strings: 1, Instructions: 419COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02660CA0 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02767F8C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266A6B0 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266A878 Relevance: .4, Instructions: 411COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02667498 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266E087 Relevance: .2, Instructions: 176COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266D3C2 Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266D3D0 Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266D719 Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266CD70 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02663951 Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02663960 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02669AC3 Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02664E20 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02667730 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026690E0 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266A869 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02667740 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4D005 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02665AB8 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026620B8 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4D044 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026690D9 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02664E11 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266DBD8 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02665AC8 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02661FB8 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266DBE8 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266565F Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02662068 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02662078 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026682B8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266A76D Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02665F00 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026690B0 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02665F10 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266305E Relevance: 2.8, Strings: 2, Instructions: 350COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026630F6 Relevance: 2.8, Strings: 2, Instructions: 316COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026635CA Relevance: 2.8, Strings: 2, Instructions: 269COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266E310 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02767200 Relevance: 1.6, Strings: 1, Instructions: 367COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0266E300 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276DE70 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276DA18 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276E2C8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276EB78 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276B758 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276E720 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276B300 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276EFD0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276BBB0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276C460 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02760040 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276F428 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276C008 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276C8B8 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027604A0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276F880 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276D168 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276CD10 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02760900 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276D5C0 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02763678 Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276ACDE Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02760007 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027671FC Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276BFF8 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276BBA0 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02760490 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276DA09 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276E2B8 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276EFC1 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276F871 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276C450 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276F418 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027608F1 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276D158 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276CD01 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276DE61 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276B2EF Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276EB68 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276E710 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276C8A8 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276D5B0 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276B752 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02767BA8 Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 026660E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |