Windows
Analysis Report
hcjt7Ajt5t.exe
Overview
General Information
Sample name: | hcjt7Ajt5t.exerenamed because original name is a hash value |
Original sample name: | d05ddc72d9c4fae1ee83e9ac16275afc.exe |
Analysis ID: | 1427170 |
MD5: | d05ddc72d9c4fae1ee83e9ac16275afc |
SHA1: | 852e1078974794aeaa40a74201efce257987be2c |
SHA256: | 7d233935547785aa757807b0a483b8ac5fe9195297f0fc0f53d29931b9dbbfda |
Tags: | 32exetrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- hcjt7Ajt5t.exe (PID: 5016 cmdline:
"C:\Users\ user\Deskt op\hcjt7Aj t5t.exe" MD5: D05DDC72D9C4FAE1EE83E9AC16275AFC) - RegAsm.exe (PID: 2724 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["wifeplasterbakewis.shop", "mealplayerpreceodsju.shop", "bordersoarmanusjuw.shop", "suitcaseacanehalk.shop", "absentconvicsjawun.shop", "pushjellysingeywus.shop", "economicscreateojsu.shop", "entitlementappwo.shop", "pushjellysingeywus.shop"], "Build id": "pGlMMn--rocketprosupport1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Timestamp: | 04/17/24-07:14:54.859340 |
SID: | 2052041 |
Source Port: | 49701 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-07:14:53.180062 |
SID: | 2052032 |
Source Port: | 60237 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-07:14:57.875755 |
SID: | 2052041 |
Source Port: | 49705 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-07:14:55.621372 |
SID: | 2052041 |
Source Port: | 49702 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-07:14:56.277994 |
SID: | 2052041 |
Source Port: | 49703 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-07:14:57.120361 |
SID: | 2052041 |
Source Port: | 49704 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-07:14:54.071042 |
SID: | 2052041 |
Source Port: | 49700 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-07:14:53.328511 |
SID: | 2052041 |
Source Port: | 49699 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/17/24-07:14:59.072182 |
SID: | 2052041 |
Source Port: | 49706 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 2_2_00415B57 |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_00417239 | |
Source: | Code function: | 2_2_004212B0 | |
Source: | Code function: | 2_2_00415390 | |
Source: | Code function: | 2_2_00421670 | |
Source: | Code function: | 2_2_0043B800 | |
Source: | Code function: | 2_2_00435ACB | |
Source: | Code function: | 2_2_00409D20 | |
Source: | Code function: | 2_2_0043AE30 | |
Source: | Code function: | 2_2_00421F80 | |
Source: | Code function: | 2_2_0041403B | |
Source: | Code function: | 2_2_0043A0D9 | |
Source: | Code function: | 2_2_00432140 | |
Source: | Code function: | 2_2_0041D128 | |
Source: | Code function: | 2_2_00424240 | |
Source: | Code function: | 2_2_00415216 | |
Source: | Code function: | 2_2_0043822F | |
Source: | Code function: | 2_2_0040D2C0 | |
Source: | Code function: | 2_2_0041B2A0 | |
Source: | Code function: | 2_2_00439461 | |
Source: | Code function: | 2_2_0043B470 | |
Source: | Code function: | 2_2_0041347E | |
Source: | Code function: | 2_2_004384D6 | |
Source: | Code function: | 2_2_004025E0 | |
Source: | Code function: | 2_2_00416582 | |
Source: | Code function: | 2_2_004216CE | |
Source: | Code function: | 2_2_004176E1 | |
Source: | Code function: | 2_2_00413722 | |
Source: | Code function: | 2_2_00411739 | |
Source: | Code function: | 2_2_0040F7CD | |
Source: | Code function: | 2_2_0041B930 | |
Source: | Code function: | 2_2_0043799B | |
Source: | Code function: | 2_2_00416A62 | |
Source: | Code function: | 2_2_00417A78 | |
Source: | Code function: | 2_2_00422B54 | |
Source: | Code function: | 2_2_00422B70 | |
Source: | Code function: | 2_2_00417BF5 | |
Source: | Code function: | 2_2_0041FBB5 | |
Source: | Code function: | 2_2_00410C5B | |
Source: | Code function: | 2_2_00416E69 | |
Source: | Code function: | 2_2_0040FED9 | |
Source: | Code function: | 2_2_00410F4D | |
Source: | Code function: | 2_2_00414F10 | |
Source: | Code function: | 2_2_0041EF19 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 2_2_0042DDE0 |
Source: | Code function: | 2_2_0042DDE0 |
System Summary |
---|
Source: | Large array initialization: |
Source: | Code function: | 0_2_00E70A2F | |
Source: | Code function: | 2_2_00425183 | |
Source: | Code function: | 2_2_00421670 | |
Source: | Code function: | 2_2_00415B57 | |
Source: | Code function: | 2_2_00404C40 | |
Source: | Code function: | 2_2_00421F80 | |
Source: | Code function: | 2_2_00410060 | |
Source: | Code function: | 2_2_00401000 | |
Source: | Code function: | 2_2_0041D128 | |
Source: | Code function: | 2_2_0043B130 | |
Source: | Code function: | 2_2_00408250 | |
Source: | Code function: | 2_2_00404260 | |
Source: | Code function: | 2_2_00403370 | |
Source: | Code function: | 2_2_0043B470 | |
Source: | Code function: | 2_2_00436480 | |
Source: | Code function: | 2_2_00406610 | |
Source: | Code function: | 2_2_004216CE | |
Source: | Code function: | 2_2_00401740 | |
Source: | Code function: | 2_2_00403770 | |
Source: | Code function: | 2_2_00405890 | |
Source: | Code function: | 2_2_00406C20 | |
Source: | Code function: | 2_2_0041DD72 | |
Source: | Code function: | 2_2_00426E67 | |
Source: | Code function: | 2_2_00426F29 | |
Source: | Code function: | 2_2_00426FA0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 2_2_0042A936 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Code function: | 2_2_0043F5AD | |
Source: | Code function: | 2_2_0043FC65 | |
Source: | Code function: | 2_2_00440C17 | |
Source: | Code function: | 2_2_0043FC9D | |
Source: | Code function: | 2_2_0043FD87 |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_00435B70 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_02812435 |
Source: | Memory written: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 111 Security Software Discovery | Remote Services | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 31 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 131 Virtualization/Sandbox Evasion | Security Account Manager | 131 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 2 Clipboard Data | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Deobfuscate/Decode Files or Information | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 4 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Timestomp | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 DLL Side-Loading | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
55% | ReversingLabs | ByteCode-MSIL.Trojan.LummaStealer | ||
67% | Virustotal | Browse | ||
100% | Avira | TR/Kryptik.ojlaa | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse | ||
17% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
16% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
13% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
10% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
pushjellysingeywus.shop | 172.67.217.241 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.217.241 | pushjellysingeywus.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427170 |
Start date and time: | 2024-04-17 07:14:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 3 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | hcjt7Ajt5t.exerenamed because original name is a hash value |
Original Sample Name: | d05ddc72d9c4fae1ee83e9ac16275afc.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/1@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
07:14:52 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.217.241 | Get hash | malicious | Lokibot | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, RedLine, SmokeLoader | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Djvu, LummaC Stealer, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DBatLoader | Browse |
| ||
Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Users\user\Desktop\hcjt7Ajt5t.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 42 |
Entropy (8bit): | 4.0050635535766075 |
Encrypted: | false |
SSDEEP: | 3:QHXMKa/xwwUy:Q3La/xwQ |
MD5: | 84CFDB4B995B1DBF543B26B86C863ADC |
SHA1: | D2F47764908BF30036CF8248B9FF5541E2711FA2 |
SHA-256: | D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B |
SHA-512: | 485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.989589899095504 |
TrID: |
|
File name: | hcjt7Ajt5t.exe |
File size: | 315'904 bytes |
MD5: | d05ddc72d9c4fae1ee83e9ac16275afc |
SHA1: | 852e1078974794aeaa40a74201efce257987be2c |
SHA256: | 7d233935547785aa757807b0a483b8ac5fe9195297f0fc0f53d29931b9dbbfda |
SHA512: | 3b0f662f28fa449146159da4821e0f6004edb57506159f8ac2bedd8a45e771bcfcb696c2f6a59a1df0c80099bb83c6a7d11542280ff411bba2397799a943a587 |
SSDEEP: | 6144:j11lb/L51L7HCaspEUi48UgZUbTtg/N0inheNH1e8EtlcjItq0a0:x/X/f418UgZUG10iOVM0 |
TLSH: | 0164234FC2E96932F6ADC57253B4425B59F1D86038148FA5B428B0FEB3AB7538C0725E |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............f2... ........@.. .......................@............`................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x403266 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0xFFA68CF6 [Tue Dec 1 10:05:42 2105 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
test dword ptr [edx], ecx |
leave |
and esi, ebp |
in al, 50h |
or edi, esi |
insb |
mov byte ptr [759C3875h], ah |
test al, B3h |
inc eax |
push ss |
adc al, 91h |
add byte ptr [ebp+eax*4+10h], al |
std |
hlt |
js 00007F4624B9A3FFh |
dec eax |
outsd |
loopne 00007F4624B9A36Fh |
pop ecx |
retf |
bound edx, dword ptr [eax] |
mov eax, dword ptr [eax+05EC53CDh] |
pop ss |
mov al, byte ptr [511601B2h] |
stosb |
aam 55h |
aas |
mov byte ptr [A271034Dh], al |
lea edi, eax |
das |
mov dword ptr [eax+55405215h], edx |
ror dword ptr [ecx+17h], 06h |
cwde |
test dword ptr [ebx-6Eh], esp |
std |
outsd |
mov byte ptr [CE741A06h], al |
push ss |
rol dword ptr [ebp+esi*4+7Ch], 0Bh |
dec esp |
adc al, 24h |
stosd |
mov eax, 18C1BFE8h |
and al, D6h |
retf 5226h |
adc byte ptr [esi+6Fh], FFFFFF96h |
and dh, byte ptr [edx+484F2E5Eh] |
pop ebp |
jnl 00007F4624B9A398h |
pop eax |
lahf |
test eax, 15C2B68Eh |
sbb eax, 23B61AD1h |
push eax |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3212 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x50000 | 0x5dc | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x52000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3198 | 0x38 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x4c730 | 0x4c800 | 5a4654d53eb908314910c5b03796e758 | False | 0.9935470281862745 | data | 7.996520138498733 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x50000 | 0x5dc | 0x600 | 66e93be62c76ea1d6e1f50b2751ee5fb | False | 0.4407552083333333 | data | 4.157587641676639 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x52000 | 0xc | 0x200 | 7aff7626f6d3e02c0efddfcfa8f48418 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x50090 | 0x34c | data | 0.44549763033175355 | ||
RT_MANIFEST | 0x503ec | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/17/24-07:14:54.859340 | TCP | 2052041 | ET TROJAN Observed Lumma Stealer Related Domain (pushjellysingeywus .shop in TLS SNI) | 49701 | 443 | 192.168.2.6 | 172.67.217.241 |
04/17/24-07:14:53.180062 | UDP | 2052032 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (pushjellysingeywus .shop) | 60237 | 53 | 192.168.2.6 | 1.1.1.1 |
04/17/24-07:14:57.875755 | TCP | 2052041 | ET TROJAN Observed Lumma Stealer Related Domain (pushjellysingeywus .shop in TLS SNI) | 49705 | 443 | 192.168.2.6 | 172.67.217.241 |
04/17/24-07:14:55.621372 | TCP | 2052041 | ET TROJAN Observed Lumma Stealer Related Domain (pushjellysingeywus .shop in TLS SNI) | 49702 | 443 | 192.168.2.6 | 172.67.217.241 |
04/17/24-07:14:56.277994 | TCP | 2052041 | ET TROJAN Observed Lumma Stealer Related Domain (pushjellysingeywus .shop in TLS SNI) | 49703 | 443 | 192.168.2.6 | 172.67.217.241 |
04/17/24-07:14:57.120361 | TCP | 2052041 | ET TROJAN Observed Lumma Stealer Related Domain (pushjellysingeywus .shop in TLS SNI) | 49704 | 443 | 192.168.2.6 | 172.67.217.241 |
04/17/24-07:14:54.071042 | TCP | 2052041 | ET TROJAN Observed Lumma Stealer Related Domain (pushjellysingeywus .shop in TLS SNI) | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
04/17/24-07:14:53.328511 | TCP | 2052041 | ET TROJAN Observed Lumma Stealer Related Domain (pushjellysingeywus .shop in TLS SNI) | 49699 | 443 | 192.168.2.6 | 172.67.217.241 |
04/17/24-07:14:59.072182 | TCP | 2052041 | ET TROJAN Observed Lumma Stealer Related Domain (pushjellysingeywus .shop in TLS SNI) | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 07:14:53.324784994 CEST | 49699 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:53.324822903 CEST | 443 | 49699 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:53.324942112 CEST | 49699 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:53.328511000 CEST | 49699 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:53.328525066 CEST | 443 | 49699 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:53.559541941 CEST | 443 | 49699 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:53.559721947 CEST | 49699 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:53.563220024 CEST | 49699 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:53.563227892 CEST | 443 | 49699 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:53.563633919 CEST | 443 | 49699 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:53.603889942 CEST | 49699 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:53.619298935 CEST | 49699 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:53.619344950 CEST | 49699 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:53.619510889 CEST | 443 | 49699 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.061978102 CEST | 443 | 49699 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.062066078 CEST | 443 | 49699 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.062119007 CEST | 49699 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.064234018 CEST | 49699 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.064250946 CEST | 443 | 49699 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.070549011 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.070574045 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.070640087 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.071042061 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.071053982 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.289681911 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.289762020 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.294934034 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.294941902 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.295177937 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.297851086 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.297928095 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.297949076 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.814958096 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815068960 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815143108 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.815155983 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815182924 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815226078 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.815270901 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815398932 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815450907 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.815459013 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815582991 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815630913 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.815635920 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815733910 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815782070 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.815788031 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815886021 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.815932989 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.815937996 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.816056013 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.816104889 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.816109896 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.816220045 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.816260099 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.816265106 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.816416979 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.816471100 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.816524029 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.816539049 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.816549063 CEST | 49700 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.816555023 CEST | 443 | 49700 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.858788013 CEST | 49701 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.858829021 CEST | 443 | 49701 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:54.858930111 CEST | 49701 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.859339952 CEST | 49701 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:54.859376907 CEST | 443 | 49701 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.080647945 CEST | 443 | 49701 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.080785036 CEST | 49701 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.082043886 CEST | 49701 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.082070112 CEST | 443 | 49701 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.082418919 CEST | 443 | 49701 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.083473921 CEST | 49701 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.083631992 CEST | 49701 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.083681107 CEST | 443 | 49701 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.585083961 CEST | 443 | 49701 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.585222960 CEST | 443 | 49701 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.585333109 CEST | 49701 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.585480928 CEST | 49701 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.585522890 CEST | 443 | 49701 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.620660067 CEST | 49702 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.620770931 CEST | 443 | 49702 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.620891094 CEST | 49702 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.621371984 CEST | 49702 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.621450901 CEST | 443 | 49702 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.842473030 CEST | 443 | 49702 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.842701912 CEST | 49702 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.844494104 CEST | 49702 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.844544888 CEST | 443 | 49702 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.844898939 CEST | 443 | 49702 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.846050024 CEST | 49702 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.846215963 CEST | 49702 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.846265078 CEST | 443 | 49702 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:55.846338987 CEST | 49702 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:55.846354008 CEST | 443 | 49702 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:56.219419956 CEST | 443 | 49702 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:56.219722986 CEST | 49702 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:56.219733000 CEST | 443 | 49702 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:56.219790936 CEST | 49702 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:56.277458906 CEST | 49703 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:56.277488947 CEST | 443 | 49703 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:56.277573109 CEST | 49703 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:56.277993917 CEST | 49703 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:56.278007030 CEST | 443 | 49703 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:56.500776052 CEST | 443 | 49703 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:56.500961065 CEST | 49703 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:56.502125025 CEST | 49703 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:56.502135992 CEST | 443 | 49703 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:56.502460957 CEST | 443 | 49703 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:56.504075050 CEST | 49703 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:56.504245996 CEST | 49703 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:56.504285097 CEST | 443 | 49703 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:56.504354000 CEST | 49703 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:56.504364014 CEST | 443 | 49703 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.048451900 CEST | 443 | 49703 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.048599958 CEST | 443 | 49703 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.048721075 CEST | 49703 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.048991919 CEST | 49703 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.049005985 CEST | 443 | 49703 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.118859053 CEST | 49704 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.118947029 CEST | 443 | 49704 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.119074106 CEST | 49704 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.120361090 CEST | 49704 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.120393038 CEST | 443 | 49704 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.345278978 CEST | 443 | 49704 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.345423937 CEST | 49704 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.347145081 CEST | 49704 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.347172022 CEST | 443 | 49704 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.348169088 CEST | 443 | 49704 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.349745989 CEST | 49704 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.349895954 CEST | 49704 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.349926949 CEST | 443 | 49704 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.840640068 CEST | 443 | 49704 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.840787888 CEST | 443 | 49704 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.840856075 CEST | 49704 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.841051102 CEST | 49704 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.841068029 CEST | 443 | 49704 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.875160933 CEST | 49705 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.875219107 CEST | 443 | 49705 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:57.875303984 CEST | 49705 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.875755072 CEST | 49705 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:57.875772953 CEST | 443 | 49705 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:58.098562002 CEST | 443 | 49705 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:58.098679066 CEST | 49705 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:58.099998951 CEST | 49705 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:58.100011110 CEST | 443 | 49705 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:58.100347042 CEST | 443 | 49705 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:58.101917982 CEST | 49705 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:58.102031946 CEST | 49705 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:58.102037907 CEST | 443 | 49705 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:58.584568024 CEST | 443 | 49705 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:58.584853888 CEST | 443 | 49705 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:58.584868908 CEST | 49705 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:58.584901094 CEST | 49705 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.071639061 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.071724892 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.071825981 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.072181940 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.072218895 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.296853065 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.297066927 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.298621893 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.298650980 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.299163103 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.300612926 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.301621914 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.301671028 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.301799059 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.301847935 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.301987886 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.302053928 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.302216053 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.302263975 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.302459955 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.302515984 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.302714109 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.302762032 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.302779913 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.302808046 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.302900076 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.302944899 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.302993059 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.303081036 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.303124905 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.348118067 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.348519087 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.348613024 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.348670006 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.348722935 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:14:59.348798037 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Apr 17, 2024 07:14:59.348843098 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:15:00.820161104 CEST | 443 | 49706 | 172.67.217.241 | 192.168.2.6 |
Apr 17, 2024 07:15:00.820723057 CEST | 49706 | 443 | 192.168.2.6 | 172.67.217.241 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 07:14:53.180062056 CEST | 60237 | 53 | 192.168.2.6 | 1.1.1.1 |
Apr 17, 2024 07:14:53.317984104 CEST | 53 | 60237 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 17, 2024 07:14:53.180062056 CEST | 192.168.2.6 | 1.1.1.1 | 0x861d | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 17, 2024 07:14:53.317984104 CEST | 1.1.1.1 | 192.168.2.6 | 0x861d | No error (0) | 172.67.217.241 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 07:14:53.317984104 CEST | 1.1.1.1 | 192.168.2.6 | 0x861d | No error (0) | 104.21.70.22 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49699 | 172.67.217.241 | 443 | 2724 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 05:14:53 UTC | 270 | OUT | |
2024-04-17 05:14:53 UTC | 8 | OUT | |
2024-04-17 05:14:54 UTC | 810 | IN | |
2024-04-17 05:14:54 UTC | 7 | IN | |
2024-04-17 05:14:54 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49700 | 172.67.217.241 | 443 | 2724 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 05:14:54 UTC | 271 | OUT | |
2024-04-17 05:14:54 UTC | 66 | OUT | |
2024-04-17 05:14:54 UTC | 810 | IN | |
2024-04-17 05:14:54 UTC | 559 | IN | |
2024-04-17 05:14:54 UTC | 1369 | IN | |
2024-04-17 05:14:54 UTC | 1369 | IN | |
2024-04-17 05:14:54 UTC | 666 | IN | |
2024-04-17 05:14:54 UTC | 1369 | IN | |
2024-04-17 05:14:54 UTC | 1369 | IN | |
2024-04-17 05:14:54 UTC | 1369 | IN | |
2024-04-17 05:14:54 UTC | 1369 | IN | |
2024-04-17 05:14:54 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49701 | 172.67.217.241 | 443 | 2724 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 05:14:55 UTC | 289 | OUT | |
2024-04-17 05:14:55 UTC | 12871 | OUT | |
2024-04-17 05:14:55 UTC | 818 | IN | |
2024-04-17 05:14:55 UTC | 20 | IN | |
2024-04-17 05:14:55 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49702 | 172.67.217.241 | 443 | 2724 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 05:14:55 UTC | 289 | OUT | |
2024-04-17 05:14:55 UTC | 15117 | OUT | |
2024-04-17 05:14:56 UTC | 824 | IN | |
2024-04-17 05:14:56 UTC | 20 | IN | |
2024-04-17 05:14:56 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 49703 | 172.67.217.241 | 443 | 2724 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 05:14:56 UTC | 289 | OUT | |
2024-04-17 05:14:56 UTC | 15331 | OUT | |
2024-04-17 05:14:56 UTC | 4644 | OUT | |
2024-04-17 05:14:57 UTC | 816 | IN | |
2024-04-17 05:14:57 UTC | 20 | IN | |
2024-04-17 05:14:57 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 49704 | 172.67.217.241 | 443 | 2724 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 05:14:57 UTC | 288 | OUT | |
2024-04-17 05:14:57 UTC | 5454 | OUT | |
2024-04-17 05:14:57 UTC | 810 | IN | |
2024-04-17 05:14:57 UTC | 20 | IN | |
2024-04-17 05:14:57 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.6 | 49705 | 172.67.217.241 | 443 | 2724 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 05:14:58 UTC | 288 | OUT | |
2024-04-17 05:14:58 UTC | 1367 | OUT | |
2024-04-17 05:14:58 UTC | 810 | IN | |
2024-04-17 05:14:58 UTC | 20 | IN | |
2024-04-17 05:14:58 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.6 | 49706 | 172.67.217.241 | 443 | 2724 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 05:14:59 UTC | 290 | OUT | |
2024-04-17 05:14:59 UTC | 15331 | OUT | |
2024-04-17 05:14:59 UTC | 15331 | OUT | |
2024-04-17 05:14:59 UTC | 15331 | OUT | |
2024-04-17 05:14:59 UTC | 15331 | OUT | |
2024-04-17 05:14:59 UTC | 15331 | OUT | |
2024-04-17 05:14:59 UTC | 15331 | OUT | |
2024-04-17 05:14:59 UTC | 15331 | OUT | |
2024-04-17 05:14:59 UTC | 15331 | OUT | |
2024-04-17 05:14:59 UTC | 15331 | OUT | |
2024-04-17 05:14:59 UTC | 15331 | OUT | |
2024-04-17 05:15:00 UTC | 816 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:14:51 |
Start date: | 17/04/2024 |
Path: | C:\Users\user\Desktop\hcjt7Ajt5t.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x4d0000 |
File size: | 315'904 bytes |
MD5 hash: | D05DDC72D9C4FAE1EE83E9AC16275AFC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 07:14:51 |
Start date: | 17/04/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9c0000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 45% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 30.6% |
Total number of Nodes: | 36 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Function 02812435 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E704F4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E70500 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 15% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 15.1% |
Total number of Nodes: | 332 |
Total number of Limit Nodes: | 23 |
Graph
Function 00421670 Relevance: 10.5, Strings: 8, Instructions: 515COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004216CE Relevance: 10.5, Strings: 8, Instructions: 462COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409D20 Relevance: 6.7, Strings: 5, Instructions: 468COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421F80 Relevance: 2.9, Strings: 2, Instructions: 369COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004212B0 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435ACB Relevance: 1.5, APIs: 1, Instructions: 41memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435B70 Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043AE30 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B800 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415390 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417239 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A936 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A245 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 83memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004383AD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004391C0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004359F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DE10 Relevance: 3.2, APIs: 2, Instructions: 187COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004154A0 Relevance: 3.2, APIs: 2, Instructions: 162COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E6AB Relevance: 3.1, APIs: 2, Instructions: 63COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00438312 Relevance: 1.5, APIs: 1, Instructions: 36libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043914C Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042DDE0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 153clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EF19 Relevance: 15.5, Strings: 12, Instructions: 473COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FBB5 Relevance: 15.5, Strings: 12, Instructions: 465COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F7CD Relevance: 13.8, Strings: 11, Instructions: 100COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424240 Relevance: 9.0, Strings: 7, Instructions: 223COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D128 Relevance: 8.0, Strings: 6, Instructions: 493COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B470 Relevance: 4.1, Strings: 3, Instructions: 313COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416E69 Relevance: 4.0, Strings: 3, Instructions: 266COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411739 Relevance: 3.5, APIs: 2, Instructions: 509COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B930 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B2A0 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410C5B Relevance: 1.5, Strings: 1, Instructions: 234COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004176E1 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417A78 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413722 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041347E Relevance: 1.3, Strings: 1, Instructions: 69COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422B70 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422B54 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041403B Relevance: 1.3, Strings: 1, Instructions: 26COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417BF5 Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410F4D Relevance: .2, Instructions: 249COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416A62 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414F10 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415216 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043822F Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004025E0 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432140 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043799B Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A0D9 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D2C0 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FED9 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416582 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439461 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |