Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 7420 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 3D03E50E7ACC908A73CAC1928347D0C7)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["wifeplasterbakewis.shop", "mealplayerpreceodsju.shop", "bordersoarmanusjuw.shop", "suitcaseacanehalk.shop", "absentconvicsjawun.shop", "pushjellysingeywus.shop", "economicscreateojsu.shop", "entitlementappwo.shop", "greetclassifytalk.shop"], "Build id": "4sxFKu--daili"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 0_2_00D45B57 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00D6AE30 | |
Source: | Code function: | 0_2_00D44F10 | |
Source: | Code function: | 0_2_00D512B0 | |
Source: | Code function: | 0_2_00D47239 | |
Source: | Code function: | 0_2_00D45390 | |
Source: | Code function: | 0_2_00D51670 | |
Source: | Code function: | 0_2_00D6B800 | |
Source: | Code function: | 0_2_00D65ACB | |
Source: | Code function: | 0_2_00D39D20 | |
Source: | Code function: | 0_2_00D51F80 | |
Source: | Code function: | 0_2_00D6A0D9 | |
Source: | Code function: | 0_2_00D4403B | |
Source: | Code function: | 0_2_00D62140 | |
Source: | Code function: | 0_2_00D54240 | |
Source: | Code function: | 0_2_00D6822F | |
Source: | Code function: | 0_2_00D684D6 | |
Source: | Code function: | 0_2_00D325E0 | |
Source: | Code function: | 0_2_00D46582 | |
Source: | Code function: | 0_2_00D54786 | |
Source: | Code function: | 0_2_00D46A62 | |
Source: | Code function: | 0_2_00D52B54 | |
Source: | Code function: | 0_2_00D52B70 | |
Source: | Code function: | 0_2_00D40C5B | |
Source: | Code function: | 0_2_00D46E69 | |
Source: | Code function: | 0_2_00D40F4D | |
Source: | Code function: | 0_2_00D4EF19 | |
Source: | Code function: | 0_2_00D4D128 | |
Source: | Code function: | 0_2_00D3D2C0 | |
Source: | Code function: | 0_2_00D4B2A0 | |
Source: | Code function: | 0_2_00D45216 | |
Source: | Code function: | 0_2_00D6B470 | |
Source: | Code function: | 0_2_00D4347E | |
Source: | Code function: | 0_2_00D69461 | |
Source: | Code function: | 0_2_00D516CE | |
Source: | Code function: | 0_2_00D476E1 | |
Source: | Code function: | 0_2_00D3F7CD | |
Source: | Code function: | 0_2_00D41739 | |
Source: | Code function: | 0_2_00D43722 | |
Source: | Code function: | 0_2_00D6799B | |
Source: | Code function: | 0_2_00D4B930 | |
Source: | Code function: | 0_2_00D47A78 | |
Source: | Code function: | 0_2_00D47BF5 | |
Source: | Code function: | 0_2_00D4FBB5 | |
Source: | Code function: | 0_2_00D3FED9 |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Static PE information: |
Source: | Code function: | 0_2_00D34C40 | |
Source: | Code function: | 0_2_00D55183 | |
Source: | Code function: | 0_2_00D51670 | |
Source: | Code function: | 0_2_00D31740 | |
Source: | Code function: | 0_2_00D45B57 | |
Source: | Code function: | 0_2_00D51F80 | |
Source: | Code function: | 0_2_00D40060 | |
Source: | Code function: | 0_2_00D38250 | |
Source: | Code function: | 0_2_00D34260 | |
Source: | Code function: | 0_2_00D66480 | |
Source: | Code function: | 0_2_00D36610 | |
Source: | Code function: | 0_2_00D9487F | |
Source: | Code function: | 0_2_00D36C20 | |
Source: | Code function: | 0_2_00D56E67 | |
Source: | Code function: | 0_2_00D56FA0 | |
Source: | Code function: | 0_2_00D56F29 | |
Source: | Code function: | 0_2_00D31000 | |
Source: | Code function: | 0_2_00D6B130 | |
Source: | Code function: | 0_2_00D4D128 | |
Source: | Code function: | 0_2_00D33370 | |
Source: | Code function: | 0_2_00D6B470 | |
Source: | Code function: | 0_2_00D516CE | |
Source: | Code function: | 0_2_00D33770 | |
Source: | Code function: | 0_2_00D35890 | |
Source: | Code function: | 0_2_00D4DD72 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00E8B552 | |
Source: | Code function: | 0_2_00D7D8A0 | |
Source: | Code function: | 0_2_00D86079 | |
Source: | Code function: | 0_2_00FF976C | |
Source: | Code function: | 0_2_00D7A1E0 | |
Source: | Code function: | 0_2_00D7C1F2 | |
Source: | Code function: | 0_2_00D7A181 | |
Source: | Code function: | 0_2_00D8A187 | |
Source: | Code function: | 0_2_00D7A116 | |
Source: | Code function: | 0_2_00D86139 | |
Source: | Code function: | 0_2_00FF7424 | |
Source: | Code function: | 0_2_00D7C2F8 | |
Source: | Code function: | 0_2_00F4FDC6 | |
Source: | Code function: | 0_2_00D7A212 | |
Source: | Code function: | 0_2_0104357E | |
Source: | Code function: | 0_2_00D823F9 | |
Source: | Code function: | 0_2_01036353 | |
Source: | Code function: | 0_2_00F2675D | |
Source: | Code function: | 0_2_01075B7E | |
Source: | Code function: | 0_2_00F76D22 | |
Source: | Code function: | 0_2_00F73B91 | |
Source: | Code function: | 0_2_00E65B87 | |
Source: | Code function: | 0_2_00D7A4A7 | |
Source: | Code function: | 0_2_00D7C446 | |
Source: | Code function: | 0_2_0109B676 | |
Source: | Code function: | 0_2_00E1B0F7 | |
Source: | Code function: | 0_2_00E65B87 | |
Source: | Code function: | 0_2_00E70FF2 | |
Source: | Code function: | 0_2_00FB6D71 | |
Source: | Code function: | 0_2_01053C73 | |
Source: | Code function: | 0_2_00EC80F2 |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 0_2_00F1D5CC |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-19937 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00F1D5CC |
Source: | Code function: | 0_2_00D65B70 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 331 Security Software Discovery | Remote Services | 1 Credential API Hooking | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Deobfuscate/Decode Files or Information | 1 Credential API Hooking | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 3 Obfuscated Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 31 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 112 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
55% | ReversingLabs | Win32.Spyware.Lummastealer | ||
48% | Virustotal | Browse | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
2% | Virustotal | Browse | ||
13% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
17% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
14% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
greetclassifytalk.shop | 104.21.51.78 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | unknown | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false | unknown | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | high | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.51.78 | greetclassifytalk.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1426552 |
Start date and time: | 2024-04-16 10:29:45 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/0@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
10:30:33 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.51.78 | Get hash | malicious | LummaC | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
greetclassifytalk.shop | Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | MicroClip | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 7.951231105343811 |
TrID: |
|
File name: | file.exe |
File size: | 5'719'040 bytes |
MD5: | 3d03e50e7acc908a73cac1928347d0c7 |
SHA1: | 8c059a014a22d80ebbccdd2e3a3bc1e8933fd696 |
SHA256: | fd6158af16fde7ad1e8152d53991bedf566b38f54266f0f03c5c73560e486568 |
SHA512: | 4bf7585d6feddffa6bf865335a9995f354afad3cd331172de194e0a9ac4431651ecc6a2b0aaeb3cb2d29bb95698d1de04fd0bed74ceff1c043151b1f4af8b266 |
SSDEEP: | 98304:mZUP3t/11NgjBWsbMqSCuc7ntoHEVAyXIRYa6SQQ+5utaO7TGbTys483U+DfvHZN:cUP3tdDCWtFkVxST+3ssN5Z4euyj |
TLSH: | F6462373525A4080E6F8883A9A277DC471FB47BA8E41A8BD70E7B9C534329F5F603947 |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......f..............................T...........@.......................................@...................................F.... |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x94b9c6 |
Entrypoint Section: | .vmp1 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66199A16 [Fri Apr 12 20:31:18 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 89c8abd38fd3ffc06ee06d01f9b3cbbf |
Instruction |
---|
push 2270DDD5h |
call 00007F4CECE0BEE2h |
cmc |
rol eax, 1 |
jmp 00007F4CECE1B027h |
rol ecx, 1 |
test ah, FFFFFFB1h |
lea ecx, dword ptr [ecx-170E2CF0h] |
neg ecx |
bswap ecx |
xor ebx, ecx |
add edi, ecx |
jmp 00007F4CECD75852h |
stc |
clc |
rol eax, 03h |
cmp ebp, esi |
test ch, FFFFFFAFh |
lea eax, dword ptr [eax-49BD2A76h] |
clc |
stc |
xor ebx, eax |
cmp ecx, esi |
add edi, eax |
jmp 00007F4CECDB8963h |
cmc |
rol eax, 1 |
sub eax, 2930686Bh |
jmp 00007F4CECE1D4D1h |
add esi, eax |
jmp 00007F4CECF27845h |
bswap edx |
cmc |
rol edx, 1 |
cmp edx, edi |
xor edx, 72526007h |
xor ebx, edx |
stc |
test esi, ebp |
add esi, edx |
jmp esi |
clc |
rol eax, 1 |
cmp bx, bp |
jmp 00007F4CECF084CCh |
jmp esi |
jl 00007F4CECEC6921h |
jnc 00007F4CECEC68D6h |
jmp 00007F4CECE1D2B9h |
mov eax, dword ptr [esi+04h] |
bswap dx |
cmp eax, 1AD07DDAh |
btr edx, 77h |
mov edx, dword ptr [esi] |
cmp ebp, edi |
mov ecx, dword ptr [esi+08h] |
div ecx |
jmp 00007F4CECD17610h |
bswap ecx |
jmp 00007F4CECE50262h |
dec ecx |
mov dword ptr [ebx+08h], ebp |
dec eax |
bswap ebp |
dec eax |
movsx ebp, di |
pushfd |
inc eax |
adc ch, FFFFFF86h |
cmc |
inc ecx |
pop dword ptr [ebx] |
inc ecx |
mov ebp, dword ptr [eax] |
inc ecx |
test edx, 000000BBh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x46c1e0 | 0xdc | .vmp1 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x8ed000 | 0x5e0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x3b1000 | 0x80 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3aaa0 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x3c000 | 0x28fb | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3f000 | 0xad64 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.vmp0 | 0x4a000 | 0x32edff | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.vmp1 | 0x379000 | 0x573950 | 0x573a00 | 37c74343852d0f198a96b64e249e1acd | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.reloc | 0x8ed000 | 0x5e0 | 0x600 | 236f7cd2c1515fef6df9ab3f6667f275 | False | 0.52734375 | GLS_BINARY_LSB_FIRST | 4.256577661171387 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
KERNEL32.dll | ExitProcess |
ole32.dll | CoCreateInstance |
OLEAUT32.dll | SysAllocString |
USER32.dll | CloseClipboard |
GDI32.dll | BitBlt |
WTSAPI32.dll | WTSSendMessageW |
KERNEL32.dll | VirtualQuery |
USER32.dll | GetProcessWindowStation |
KERNEL32.dll | LocalAlloc, LocalFree, GetModuleFileNameW, GetProcessAffinityMask, SetProcessAffinityMask, SetThreadAffinityMask, Sleep, ExitProcess, FreeLibrary, LoadLibraryA, GetModuleHandleA, GetProcAddress |
USER32.dll | GetProcessWindowStation, GetUserObjectInformationW |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 16, 2024 10:30:34.048131943 CEST | 49704 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.048165083 CEST | 443 | 49704 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:34.048363924 CEST | 49704 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.051388979 CEST | 49704 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.051403999 CEST | 443 | 49704 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:34.278755903 CEST | 443 | 49704 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:34.278875113 CEST | 49704 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.288403034 CEST | 49704 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.288414955 CEST | 443 | 49704 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:34.288815022 CEST | 443 | 49704 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:34.338891983 CEST | 49704 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.375226021 CEST | 49704 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.375262976 CEST | 49704 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.375412941 CEST | 443 | 49704 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:34.784193039 CEST | 443 | 49704 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:34.784331083 CEST | 443 | 49704 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:34.784420967 CEST | 49704 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.801222086 CEST | 49704 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.801246881 CEST | 443 | 49704 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:34.801259041 CEST | 49704 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.801265955 CEST | 443 | 49704 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:34.820926905 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.820950031 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:34.821024895 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.821311951 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:34.821326971 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.036694050 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.036801100 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.047241926 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.047257900 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.047518969 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.049381971 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.049412966 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.049458027 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.556380987 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.556427956 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.556456089 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.556497097 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.556519032 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.556570053 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.556596994 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.556684971 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.556684971 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.556731939 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.556780100 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.556807995 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.556823969 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.556833029 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.556889057 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.556895971 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.557600975 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.557637930 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.557660103 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.557668924 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.557703018 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.557728052 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.557735920 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.557782888 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.557790995 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.557806015 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.557857990 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.558111906 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.558130026 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.558146000 CEST | 49705 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.558152914 CEST | 443 | 49705 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.842590094 CEST | 49706 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.842631102 CEST | 443 | 49706 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:35.842899084 CEST | 49706 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.843223095 CEST | 49706 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:35.843239069 CEST | 443 | 49706 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.070765018 CEST | 443 | 49706 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.070952892 CEST | 49706 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.074290991 CEST | 49706 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.074299097 CEST | 443 | 49706 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.075362921 CEST | 443 | 49706 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.077150106 CEST | 49706 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.081296921 CEST | 49706 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.081336975 CEST | 443 | 49706 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.577866077 CEST | 443 | 49706 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.578054905 CEST | 443 | 49706 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.578123093 CEST | 49706 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.578212976 CEST | 49706 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.578232050 CEST | 443 | 49706 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.745070934 CEST | 49707 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.745112896 CEST | 443 | 49707 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.745223045 CEST | 49707 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.745667934 CEST | 49707 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.745692968 CEST | 443 | 49707 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.963283062 CEST | 443 | 49707 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.963414907 CEST | 49707 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.965177059 CEST | 49707 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.965190887 CEST | 443 | 49707 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.965477943 CEST | 443 | 49707 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.966641903 CEST | 49707 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.966821909 CEST | 49707 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.966872931 CEST | 443 | 49707 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:36.966938019 CEST | 49707 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:36.966945887 CEST | 443 | 49707 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:37.459481001 CEST | 443 | 49707 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:37.459600925 CEST | 443 | 49707 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:37.459673882 CEST | 49707 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:37.459745884 CEST | 49707 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:37.459767103 CEST | 443 | 49707 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:37.612677097 CEST | 49708 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:37.612705946 CEST | 443 | 49708 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:37.612796068 CEST | 49708 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:37.613106966 CEST | 49708 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:37.613118887 CEST | 443 | 49708 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:37.828505993 CEST | 443 | 49708 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:37.828577995 CEST | 49708 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:37.832952023 CEST | 49708 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:37.832964897 CEST | 443 | 49708 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:37.833220005 CEST | 443 | 49708 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:37.836472988 CEST | 49708 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:37.838032961 CEST | 49708 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:37.838076115 CEST | 443 | 49708 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:37.838143110 CEST | 49708 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:37.838154078 CEST | 443 | 49708 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:38.341727972 CEST | 443 | 49708 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:38.341847897 CEST | 443 | 49708 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:38.341908932 CEST | 49708 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:38.342019081 CEST | 49708 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:38.342036009 CEST | 443 | 49708 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:38.689951897 CEST | 49709 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:38.689991951 CEST | 443 | 49709 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:38.690099955 CEST | 49709 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:38.690440893 CEST | 49709 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:38.690449953 CEST | 443 | 49709 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:38.909240007 CEST | 443 | 49709 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:38.909316063 CEST | 49709 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:38.910562038 CEST | 49709 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:38.910571098 CEST | 443 | 49709 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:38.910896063 CEST | 443 | 49709 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:38.912138939 CEST | 49709 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:38.912256956 CEST | 49709 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:38.912285089 CEST | 443 | 49709 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:39.384490967 CEST | 443 | 49709 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:39.384639978 CEST | 443 | 49709 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:39.384701967 CEST | 49709 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:39.384737968 CEST | 49709 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:39.384754896 CEST | 443 | 49709 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:39.522907019 CEST | 49710 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:39.523000956 CEST | 443 | 49710 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:39.523087978 CEST | 49710 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:39.523411989 CEST | 49710 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:39.523443937 CEST | 443 | 49710 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:39.746073008 CEST | 443 | 49710 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:39.746160030 CEST | 49710 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:39.747809887 CEST | 49710 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:39.747833967 CEST | 443 | 49710 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:39.748209953 CEST | 443 | 49710 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:39.750132084 CEST | 49710 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:39.750324011 CEST | 49710 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:39.750338078 CEST | 443 | 49710 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:40.235097885 CEST | 443 | 49710 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:40.235203981 CEST | 443 | 49710 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:40.235255003 CEST | 49710 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:40.235385895 CEST | 49710 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:40.235400915 CEST | 443 | 49710 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:40.992652893 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:40.992683887 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:40.992796898 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:40.993088961 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:40.993105888 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.211543083 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.211903095 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.213466883 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.213479996 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.213798046 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.216329098 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.216329098 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.216355085 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.217515945 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.217538118 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.217634916 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.217690945 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.218031883 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.218056917 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.218163013 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.218182087 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.218274117 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.218288898 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.218297005 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.218420982 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.218450069 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.260106087 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.260258913 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.260293007 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.260299921 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.304110050 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.304236889 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.304263115 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.304280996 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.352119923 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.352267981 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:41.396121025 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:41.529882908 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:42.697082996 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:42.697221041 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Apr 16, 2024 10:30:42.697375059 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:42.697567940 CEST | 49711 | 443 | 192.168.2.10 | 104.21.51.78 |
Apr 16, 2024 10:30:42.697582960 CEST | 443 | 49711 | 104.21.51.78 | 192.168.2.10 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 16, 2024 10:30:33.857851028 CEST | 58392 | 53 | 192.168.2.10 | 1.1.1.1 |
Apr 16, 2024 10:30:33.993429899 CEST | 53 | 58392 | 1.1.1.1 | 192.168.2.10 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 16, 2024 10:30:33.857851028 CEST | 192.168.2.10 | 1.1.1.1 | 0xf45 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 16, 2024 10:30:33.993429899 CEST | 1.1.1.1 | 192.168.2.10 | 0xf45 | No error (0) | 104.21.51.78 | A (IP address) | IN (0x0001) | false | ||
Apr 16, 2024 10:30:33.993429899 CEST | 1.1.1.1 | 192.168.2.10 | 0xf45 | No error (0) | 172.67.177.98 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.10 | 49704 | 104.21.51.78 | 443 | 7420 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 08:30:34 UTC | 269 | OUT | |
2024-04-16 08:30:34 UTC | 8 | OUT | |
2024-04-16 08:30:34 UTC | 810 | IN | |
2024-04-16 08:30:34 UTC | 7 | IN | |
2024-04-16 08:30:34 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.10 | 49705 | 104.21.51.78 | 443 | 7420 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 08:30:35 UTC | 270 | OUT | |
2024-04-16 08:30:35 UTC | 54 | OUT | |
2024-04-16 08:30:35 UTC | 802 | IN | |
2024-04-16 08:30:35 UTC | 567 | IN | |
2024-04-16 08:30:35 UTC | 943 | IN | |
2024-04-16 08:30:35 UTC | 1369 | IN | |
2024-04-16 08:30:35 UTC | 1369 | IN | |
2024-04-16 08:30:35 UTC | 1369 | IN | |
2024-04-16 08:30:35 UTC | 1369 | IN | |
2024-04-16 08:30:35 UTC | 1369 | IN | |
2024-04-16 08:30:35 UTC | 1369 | IN | |
2024-04-16 08:30:35 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.10 | 49706 | 104.21.51.78 | 443 | 7420 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 08:30:36 UTC | 288 | OUT | |
2024-04-16 08:30:36 UTC | 12847 | OUT | |
2024-04-16 08:30:36 UTC | 800 | IN | |
2024-04-16 08:30:36 UTC | 20 | IN | |
2024-04-16 08:30:36 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.10 | 49707 | 104.21.51.78 | 443 | 7420 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 08:30:36 UTC | 288 | OUT | |
2024-04-16 08:30:36 UTC | 15074 | OUT | |
2024-04-16 08:30:37 UTC | 818 | IN | |
2024-04-16 08:30:37 UTC | 20 | IN | |
2024-04-16 08:30:37 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.10 | 49708 | 104.21.51.78 | 443 | 7420 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 08:30:37 UTC | 288 | OUT | |
2024-04-16 08:30:37 UTC | 15331 | OUT | |
2024-04-16 08:30:37 UTC | 5105 | OUT | |
2024-04-16 08:30:38 UTC | 814 | IN | |
2024-04-16 08:30:38 UTC | 20 | IN | |
2024-04-16 08:30:38 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.10 | 49709 | 104.21.51.78 | 443 | 7420 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 08:30:38 UTC | 287 | OUT | |
2024-04-16 08:30:38 UTC | 7096 | OUT | |
2024-04-16 08:30:39 UTC | 804 | IN | |
2024-04-16 08:30:39 UTC | 20 | IN | |
2024-04-16 08:30:39 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.10 | 49710 | 104.21.51.78 | 443 | 7420 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 08:30:39 UTC | 287 | OUT | |
2024-04-16 08:30:39 UTC | 1373 | OUT | |
2024-04-16 08:30:40 UTC | 808 | IN | |
2024-04-16 08:30:40 UTC | 20 | IN | |
2024-04-16 08:30:40 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.10 | 49711 | 104.21.51.78 | 443 | 7420 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 08:30:41 UTC | 289 | OUT | |
2024-04-16 08:30:41 UTC | 15331 | OUT | |
2024-04-16 08:30:41 UTC | 15331 | OUT | |
2024-04-16 08:30:41 UTC | 15331 | OUT | |
2024-04-16 08:30:41 UTC | 15331 | OUT | |
2024-04-16 08:30:41 UTC | 15331 | OUT | |
2024-04-16 08:30:41 UTC | 15331 | OUT | |
2024-04-16 08:30:41 UTC | 15331 | OUT | |
2024-04-16 08:30:41 UTC | 15331 | OUT | |
2024-04-16 08:30:41 UTC | 15331 | OUT | |
2024-04-16 08:30:41 UTC | 15331 | OUT | |
2024-04-16 08:30:42 UTC | 806 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 10:30:31 |
Start date: | 16/04/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd30000 |
File size: | 5'719'040 bytes |
MD5 hash: | 3D03E50E7ACC908A73CAC1928347D0C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 9.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 9.2% |
Total number of Nodes: | 666 |
Total number of Limit Nodes: | 24 |
Graph
Function 00D31740 Relevance: 10.6, Strings: 8, Instructions: 594COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D51670 Relevance: 10.5, Strings: 8, Instructions: 515COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D516CE Relevance: 10.5, Strings: 8, Instructions: 462COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D39D20 Relevance: 6.7, Strings: 5, Instructions: 468COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D34C40 Relevance: 5.5, Strings: 4, Instructions: 498COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D51F80 Relevance: 2.9, Strings: 2, Instructions: 369COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D512B0 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D65ACB Relevance: 1.5, APIs: 1, Instructions: 41memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D65B70 Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6AE30 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6B800 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D45390 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D47239 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D44F10 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D5A245 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 83memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D671E7 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D683AD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6890C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D659F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4DE10 Relevance: 3.2, APIs: 2, Instructions: 187COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D454A0 Relevance: 3.2, APIs: 2, Instructions: 162COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D5E6AB Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D68312 Relevance: 1.5, APIs: 1, Instructions: 36libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6914C Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4EF19 Relevance: 15.5, Strings: 12, Instructions: 473COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4FBB5 Relevance: 15.5, Strings: 12, Instructions: 465COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D3F7CD Relevance: 13.8, Strings: 11, Instructions: 100COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4D128 Relevance: 8.0, Strings: 6, Instructions: 493COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D54240 Relevance: 7.7, Strings: 6, Instructions: 223COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6B470 Relevance: 4.1, Strings: 3, Instructions: 313COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D46E69 Relevance: 4.0, Strings: 3, Instructions: 266COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D41739 Relevance: 3.5, APIs: 2, Instructions: 509COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D35890 Relevance: 3.4, Strings: 2, Instructions: 859COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D56E67 Relevance: 3.3, Strings: 2, Instructions: 794COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D66480 Relevance: 1.9, Strings: 1, Instructions: 632COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D56F29 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D56FA0 Relevance: 1.6, Strings: 1, Instructions: 367COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4B930 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4B2A0 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D54786 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6B130 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D36C20 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D476E1 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D47A78 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D43722 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4347E Relevance: 1.3, Strings: 1, Instructions: 69COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D38250 Relevance: .8, Instructions: 838COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D33770 Relevance: .7, Instructions: 740COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D34260 Relevance: .6, Instructions: 607COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D31000 Relevance: .6, Instructions: 558COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D36610 Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D47BF5 Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4DD72 Relevance: .2, Instructions: 250COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D40F4D Relevance: .2, Instructions: 249COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D40C5B Relevance: .2, Instructions: 234COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D46A62 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D40060 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D45216 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6822F Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D33370 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D325E0 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D62140 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6799B Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D52B70 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6A0D9 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D52B54 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4403B Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D3D2C0 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F1D5CC Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D3FED9 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D46582 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D69461 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D8F105 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D988E0 Relevance: 7.8, APIs: 5, Instructions: 263COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D9384B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |