Windows
Analysis Report
SecuriteInfo.com.Trojan.PWS.Steam.37210.2413.24955.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Trojan.PWS.Steam.37210.2413.24955.exe (PID: 2832 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.PWS .Steam.372 10.2413.24 955.exe" MD5: C60F5FA3A579BCA2C8C377F7E15B2221) - RegAsm.exe (PID: 6796 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["wifeplasterbakewis.shop", "mealplayerpreceodsju.shop", "bordersoarmanusjuw.shop", "suitcaseacanehalk.shop", "absentconvicsjawun.shop", "pushjellysingeywus.shop", "economicscreateojsu.shop", "entitlementappwo.shop", "bordersoarmanusjuw.shop"], "Build id": "H8NgCl--"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Timestamp: | 04/19/24-07:22:32.232365 |
SID: | 2052042 |
Source Port: | 49710 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-07:22:35.788931 |
SID: | 2052042 |
Source Port: | 49714 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-07:22:32.893467 |
SID: | 2052042 |
Source Port: | 49711 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-07:22:29.715929 |
SID: | 2052033 |
Source Port: | 63633 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-07:22:29.839072 |
SID: | 2052042 |
Source Port: | 49707 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-07:22:33.773056 |
SID: | 2052042 |
Source Port: | 49712 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-07:22:30.612609 |
SID: | 2052042 |
Source Port: | 49708 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-07:22:31.428591 |
SID: | 2052042 |
Source Port: | 49709 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-07:22:34.565358 |
SID: | 2052042 |
Source Port: | 49713 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 1_2_00415B57 |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00417239 | |
Source: | Code function: | 1_2_004212B0 | |
Source: | Code function: | 1_2_00415390 | |
Source: | Code function: | 1_2_00421670 | |
Source: | Code function: | 1_2_0043B800 | |
Source: | Code function: | 1_2_00435ACB | |
Source: | Code function: | 1_2_00409D20 | |
Source: | Code function: | 1_2_0043AE30 | |
Source: | Code function: | 1_2_00421F80 | |
Source: | Code function: | 1_2_0041403B | |
Source: | Code function: | 1_2_0043A0D9 | |
Source: | Code function: | 1_2_00432140 | |
Source: | Code function: | 1_2_0041D128 | |
Source: | Code function: | 1_2_00424240 | |
Source: | Code function: | 1_2_00415216 | |
Source: | Code function: | 1_2_0043822F | |
Source: | Code function: | 1_2_0040D2C0 | |
Source: | Code function: | 1_2_0041B2A0 | |
Source: | Code function: | 1_2_00439461 | |
Source: | Code function: | 1_2_0043B470 | |
Source: | Code function: | 1_2_0041347E | |
Source: | Code function: | 1_2_004384D6 | |
Source: | Code function: | 1_2_004025E0 | |
Source: | Code function: | 1_2_00416582 | |
Source: | Code function: | 1_2_004216CE | |
Source: | Code function: | 1_2_004176E1 | |
Source: | Code function: | 1_2_00413722 | |
Source: | Code function: | 1_2_00411739 | |
Source: | Code function: | 1_2_0040F7CD | |
Source: | Code function: | 1_2_0041B930 | |
Source: | Code function: | 1_2_0043799B | |
Source: | Code function: | 1_2_00416A62 | |
Source: | Code function: | 1_2_00417A78 | |
Source: | Code function: | 1_2_00422B54 | |
Source: | Code function: | 1_2_00422B70 | |
Source: | Code function: | 1_2_00417BF5 | |
Source: | Code function: | 1_2_0041FBB5 | |
Source: | Code function: | 1_2_00410C5B | |
Source: | Code function: | 1_2_00416E69 | |
Source: | Code function: | 1_2_0040FED9 | |
Source: | Code function: | 1_2_00410F4D | |
Source: | Code function: | 1_2_00414F10 | |
Source: | Code function: | 1_2_0041EF19 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 1_2_0042DDE0 |
Source: | Code function: | 1_2_0042DDE0 |
System Summary |
---|
Source: | Large array initialization: |
Source: | Code function: | 0_2_00D80A31 | |
Source: | Code function: | 1_2_00425183 | |
Source: | Code function: | 1_2_00421670 | |
Source: | Code function: | 1_2_00415B57 | |
Source: | Code function: | 1_2_00404C40 | |
Source: | Code function: | 1_2_00421F80 | |
Source: | Code function: | 1_2_00410060 | |
Source: | Code function: | 1_2_00401000 | |
Source: | Code function: | 1_2_0041D128 | |
Source: | Code function: | 1_2_0043B130 | |
Source: | Code function: | 1_2_00408250 | |
Source: | Code function: | 1_2_00404260 | |
Source: | Code function: | 1_2_00403370 | |
Source: | Code function: | 1_2_0043B470 | |
Source: | Code function: | 1_2_00436480 | |
Source: | Code function: | 1_2_00406610 | |
Source: | Code function: | 1_2_004216CE | |
Source: | Code function: | 1_2_00401740 | |
Source: | Code function: | 1_2_00403770 | |
Source: | Code function: | 1_2_00405890 | |
Source: | Code function: | 1_2_00406C20 | |
Source: | Code function: | 1_2_0041DD72 | |
Source: | Code function: | 1_2_00426E67 | |
Source: | Code function: | 1_2_00426F29 | |
Source: | Code function: | 1_2_00426FA0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 1_2_0042A936 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Code function: | 1_2_0043F5AD | |
Source: | Code function: | 1_2_0043FC65 | |
Source: | Code function: | 1_2_00440C17 | |
Source: | Code function: | 1_2_0043FC9D | |
Source: | Code function: | 1_2_0043FD87 | |
Source: | Code function: | 1_2_0043DF3E |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_00435B70 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_02772565 |
Source: | Memory written: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 31 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 131 Virtualization/Sandbox Evasion | Security Account Manager | 131 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 2 Clipboard Data | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Deobfuscate/Decode Files or Information | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 4 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Timestomp | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 DLL Side-Loading | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
74% | ReversingLabs | ByteCode-MSIL.Trojan.LummaStealer | ||
76% | Virustotal | Browse | ||
100% | Avira | TR/AD.Nekark.sbdpe | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
16% | Virustotal | Browse | ||
16% | Virustotal | Browse | ||
17% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
13% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
2% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bordersoarmanusjuw.shop | 172.67.189.66 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.189.66 | bordersoarmanusjuw.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428542 |
Start date and time: | 2024-04-19 07:21:14 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 3 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Trojan.PWS.Steam.37210.2413.24955.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/1@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
07:22:29 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.189.66 | Get hash | malicious | LummaC | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bordersoarmanusjuw.shop | Get hash | malicious | LummaC, RisePro Stealer | Browse |
| |
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Amadey, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Amadey, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, RisePro Stealer | Browse |
| ||
Get hash | malicious | Dynamer | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PWS.Steam.37210.2413.24955.exe.log
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Steam.37210.2413.24955.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 42 |
Entropy (8bit): | 4.0050635535766075 |
Encrypted: | false |
SSDEEP: | 3:QHXMKa/xwwUy:Q3La/xwQ |
MD5: | 84CFDB4B995B1DBF543B26B86C863ADC |
SHA1: | D2F47764908BF30036CF8248B9FF5541E2711FA2 |
SHA-256: | D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B |
SHA-512: | 485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.9900301024348765 |
TrID: |
|
File name: | SecuriteInfo.com.Trojan.PWS.Steam.37210.2413.24955.exe |
File size: | 315'904 bytes |
MD5: | c60f5fa3a579bca2c8c377f7e15b2221 |
SHA1: | d44b5c6dd64284f00d6f9d05cf5327a91cad9339 |
SHA256: | f5913e753281dbdf88f36c73d13afbf4af62046e25f8e148e87a80e88818c4d7 |
SHA512: | f419adf4bd07ce18d9b7de7445b2d0185653de27738fd4403f880ee11bf49ca8a1958c1b2c94f8f4c5da52ebc79462cfb6fe71849439f6af017a95b44af2f77b |
SSDEEP: | 6144:DVa+NrJiVBc2wc6oKXwdUWFQg1SGWEWAMiY7ivtaqgntTZXHAYq7:J1NrJaBcOOiHWEWAMFKtdstTfq |
TLSH: | DB642363F0FDB1A9EC58A1B864F22DF74BF3551C59C2C5876B17C6AEA109B408C9098F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5............"...0.............~2... ........@.. .......................@............`................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x40327e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x8AD735A1 [Sun Oct 25 04:22:57 2043 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
nop |
mov al, byte ptr [DC8E4FD7h] |
sbb eax, 4444496Dh |
fsubr dword ptr [edi] |
sti |
add dword ptr [AF423359h], eax |
pop ds |
mov ch, A9h |
add byte ptr [E2758961h], dl |
enter EABBh, DFh |
push edx |
loope 00007FFADCDC2B98h |
or esi, dword ptr [ebx] |
in eax, 6Dh |
mov al, byte ptr [1C2148E7h] |
mov edx, 595DA215h |
int3 |
push ebp |
imul ebp, dword ptr [ecx+657178E2h], CF9A75BFh |
and byte ptr [edi+ebx*4+7A0DD122h], dh |
pop ss |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x322c | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x50000 | 0x5e4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x52000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x31b8 | 0x38 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x4c748 | 0x4c800 | 1f38ac716df462aa0b7e89a6063a6b53 | False | 0.9936044730392157 | data | 7.996781792059311 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x50000 | 0x5e4 | 0x600 | 395bc37c0fa31f16b78244b604350463 | False | 0.4407552083333333 | data | 4.158930167978647 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x52000 | 0xc | 0x200 | 800853871f5d68c5a722718b0f3aa3da | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x50090 | 0x354 | data | 0.44366197183098594 | ||
RT_MANIFEST | 0x503f4 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/19/24-07:22:32.232365 | TCP | 2052042 | ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) | 49710 | 443 | 192.168.2.8 | 172.67.189.66 |
04/19/24-07:22:35.788931 | TCP | 2052042 | ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
04/19/24-07:22:32.893467 | TCP | 2052042 | ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) | 49711 | 443 | 192.168.2.8 | 172.67.189.66 |
04/19/24-07:22:29.715929 | UDP | 2052033 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (bordersoarmanusjuw .shop) | 63633 | 53 | 192.168.2.8 | 1.1.1.1 |
04/19/24-07:22:29.839072 | TCP | 2052042 | ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
04/19/24-07:22:33.773056 | TCP | 2052042 | ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) | 49712 | 443 | 192.168.2.8 | 172.67.189.66 |
04/19/24-07:22:30.612609 | TCP | 2052042 | ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
04/19/24-07:22:31.428591 | TCP | 2052042 | ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) | 49709 | 443 | 192.168.2.8 | 172.67.189.66 |
04/19/24-07:22:34.565358 | TCP | 2052042 | ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) | 49713 | 443 | 192.168.2.8 | 172.67.189.66 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 07:22:29.834861994 CEST | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:29.834897995 CEST | 443 | 49707 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:29.834980965 CEST | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:29.839071989 CEST | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:29.839085102 CEST | 443 | 49707 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.066659927 CEST | 443 | 49707 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.066917896 CEST | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.080069065 CEST | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.080089092 CEST | 443 | 49707 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.080530882 CEST | 443 | 49707 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.123183966 CEST | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.138783932 CEST | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.138802052 CEST | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.138957024 CEST | 443 | 49707 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.600183964 CEST | 443 | 49707 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.600322008 CEST | 443 | 49707 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.600447893 CEST | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.601906061 CEST | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.601906061 CEST | 49707 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.601928949 CEST | 443 | 49707 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.601937056 CEST | 443 | 49707 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.611881018 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.611901045 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.612006903 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.612608910 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.612623930 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.831754923 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.831851959 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.834053993 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.834062099 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.834413052 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:30.836978912 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.836978912 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:30.837083101 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.375839949 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.375881910 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.375910044 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.375946045 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.375967979 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.376024008 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.376035929 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.376061916 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.376122952 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.376172066 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.376363039 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.376399994 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.376415968 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.376424074 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.376456976 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.376517057 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.376524925 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.376588106 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.377034903 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.377100945 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.377137899 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.377172947 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.377212048 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.377212048 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.377219915 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.377288103 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.377388000 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.377569914 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.377580881 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.377593994 CEST | 49708 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.377599001 CEST | 443 | 49708 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.428055048 CEST | 49709 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.428144932 CEST | 443 | 49709 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.428239107 CEST | 49709 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.428591013 CEST | 49709 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.428632021 CEST | 443 | 49709 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.646661997 CEST | 443 | 49709 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.646747112 CEST | 49709 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.647933960 CEST | 49709 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.647948980 CEST | 443 | 49709 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.648300886 CEST | 443 | 49709 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:31.649522066 CEST | 49709 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.649666071 CEST | 49709 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:31.649702072 CEST | 443 | 49709 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.202603102 CEST | 443 | 49709 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.202754021 CEST | 443 | 49709 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.202878952 CEST | 49709 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.203011036 CEST | 49709 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.203052998 CEST | 443 | 49709 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.231789112 CEST | 49710 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.231848955 CEST | 443 | 49710 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.231960058 CEST | 49710 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.232364893 CEST | 49710 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.232393980 CEST | 443 | 49710 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.450054884 CEST | 443 | 49710 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.450158119 CEST | 49710 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.453829050 CEST | 49710 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.453843117 CEST | 443 | 49710 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.454174995 CEST | 443 | 49710 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.455539942 CEST | 49710 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.455828905 CEST | 49710 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.455867052 CEST | 443 | 49710 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.455929041 CEST | 49710 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.455936909 CEST | 443 | 49710 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.835908890 CEST | 443 | 49710 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.836028099 CEST | 443 | 49710 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.836106062 CEST | 49710 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.836229086 CEST | 49710 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.836246967 CEST | 443 | 49710 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.893016100 CEST | 49711 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.893079042 CEST | 443 | 49711 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:32.893163919 CEST | 49711 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.893466949 CEST | 49711 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:32.893502951 CEST | 443 | 49711 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.112266064 CEST | 443 | 49711 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.112366915 CEST | 49711 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.118921995 CEST | 49711 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.118937016 CEST | 443 | 49711 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.119277000 CEST | 443 | 49711 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.138633966 CEST | 49711 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.138758898 CEST | 49711 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.138798952 CEST | 443 | 49711 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.138885021 CEST | 49711 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.138895988 CEST | 443 | 49711 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.710768938 CEST | 443 | 49711 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.710902929 CEST | 443 | 49711 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.710961103 CEST | 49711 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.711030960 CEST | 49711 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.711049080 CEST | 443 | 49711 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.772550106 CEST | 49712 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.772630930 CEST | 443 | 49712 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.772737026 CEST | 49712 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.773056030 CEST | 49712 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.773068905 CEST | 443 | 49712 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.992674112 CEST | 443 | 49712 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.992793083 CEST | 49712 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.994138002 CEST | 49712 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.994169950 CEST | 443 | 49712 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.994435072 CEST | 443 | 49712 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:33.995867968 CEST | 49712 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.996023893 CEST | 49712 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:33.996052980 CEST | 443 | 49712 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:34.548017025 CEST | 443 | 49712 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:34.548257113 CEST | 49712 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:34.548265934 CEST | 443 | 49712 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:34.548317909 CEST | 49712 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:34.564893007 CEST | 49713 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:34.564949036 CEST | 443 | 49713 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:34.565032005 CEST | 49713 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:34.565357924 CEST | 49713 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:34.565376997 CEST | 443 | 49713 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:34.785012960 CEST | 443 | 49713 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:34.785088062 CEST | 49713 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:34.786623001 CEST | 49713 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:34.786634922 CEST | 443 | 49713 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:34.786915064 CEST | 443 | 49713 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:34.788127899 CEST | 49713 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:34.788223028 CEST | 49713 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:34.788229942 CEST | 443 | 49713 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:35.327255964 CEST | 443 | 49713 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:35.327379942 CEST | 443 | 49713 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:35.327455044 CEST | 49713 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:35.327605963 CEST | 49713 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:35.327624083 CEST | 443 | 49713 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:35.788441896 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:35.788502932 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:35.788628101 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:35.788930893 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:35.788945913 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.007935047 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.008022070 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.009710073 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.009723902 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.009973049 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.011261940 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.012183905 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.012222052 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.012325048 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.012362003 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.012473106 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.012516022 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.012639046 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.012666941 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.012818098 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.012845993 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.013036966 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.013081074 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.013091087 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.013247013 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.013278961 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.056180954 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.056590080 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.056638956 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.056653976 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.104114056 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.104506016 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.104597092 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.104643106 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.148153067 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.148303032 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:36.196125031 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:36.327337980 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:37.696538925 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:37.696676016 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Apr 19, 2024 07:22:37.696758986 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:37.696862936 CEST | 49714 | 443 | 192.168.2.8 | 172.67.189.66 |
Apr 19, 2024 07:22:37.696903944 CEST | 443 | 49714 | 172.67.189.66 | 192.168.2.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 07:22:29.715929031 CEST | 63633 | 53 | 192.168.2.8 | 1.1.1.1 |
Apr 19, 2024 07:22:29.824047089 CEST | 53 | 63633 | 1.1.1.1 | 192.168.2.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 07:22:29.715929031 CEST | 192.168.2.8 | 1.1.1.1 | 0xdcee | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 07:22:29.824047089 CEST | 1.1.1.1 | 192.168.2.8 | 0xdcee | No error (0) | 172.67.189.66 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 07:22:29.824047089 CEST | 1.1.1.1 | 192.168.2.8 | 0xdcee | No error (0) | 104.21.9.123 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49707 | 172.67.189.66 | 443 | 6796 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 05:22:30 UTC | 270 | OUT | |
2024-04-19 05:22:30 UTC | 8 | OUT | |
2024-04-19 05:22:30 UTC | 824 | IN | |
2024-04-19 05:22:30 UTC | 7 | IN | |
2024-04-19 05:22:30 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.8 | 49708 | 172.67.189.66 | 443 | 6796 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 05:22:30 UTC | 271 | OUT | |
2024-04-19 05:22:30 UTC | 49 | OUT | |
2024-04-19 05:22:31 UTC | 810 | IN | |
2024-04-19 05:22:31 UTC | 559 | IN | |
2024-04-19 05:22:31 UTC | 1369 | IN | |
2024-04-19 05:22:31 UTC | 1369 | IN | |
2024-04-19 05:22:31 UTC | 1369 | IN | |
2024-04-19 05:22:31 UTC | 1369 | IN | |
2024-04-19 05:22:31 UTC | 1369 | IN | |
2024-04-19 05:22:31 UTC | 1369 | IN | |
2024-04-19 05:22:31 UTC | 1369 | IN | |
2024-04-19 05:22:31 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.8 | 49709 | 172.67.189.66 | 443 | 6796 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 05:22:31 UTC | 289 | OUT | |
2024-04-19 05:22:31 UTC | 12841 | OUT | |
2024-04-19 05:22:32 UTC | 810 | IN | |
2024-04-19 05:22:32 UTC | 20 | IN | |
2024-04-19 05:22:32 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.8 | 49710 | 172.67.189.66 | 443 | 6796 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 05:22:32 UTC | 289 | OUT | |
2024-04-19 05:22:32 UTC | 15070 | OUT | |
2024-04-19 05:22:32 UTC | 810 | IN | |
2024-04-19 05:22:32 UTC | 20 | IN | |
2024-04-19 05:22:32 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.8 | 49711 | 172.67.189.66 | 443 | 6796 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 05:22:33 UTC | 289 | OUT | |
2024-04-19 05:22:33 UTC | 15331 | OUT | |
2024-04-19 05:22:33 UTC | 4906 | OUT | |
2024-04-19 05:22:33 UTC | 826 | IN | |
2024-04-19 05:22:33 UTC | 20 | IN | |
2024-04-19 05:22:33 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.8 | 49712 | 172.67.189.66 | 443 | 6796 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 05:22:33 UTC | 288 | OUT | |
2024-04-19 05:22:33 UTC | 5437 | OUT | |
2024-04-19 05:22:34 UTC | 808 | IN | |
2024-04-19 05:22:34 UTC | 20 | IN | |
2024-04-19 05:22:34 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.8 | 49713 | 172.67.189.66 | 443 | 6796 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 05:22:34 UTC | 288 | OUT | |
2024-04-19 05:22:34 UTC | 1338 | OUT | |
2024-04-19 05:22:35 UTC | 816 | IN | |
2024-04-19 05:22:35 UTC | 20 | IN | |
2024-04-19 05:22:35 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.8 | 49714 | 172.67.189.66 | 443 | 6796 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 05:22:36 UTC | 290 | OUT | |
2024-04-19 05:22:36 UTC | 15331 | OUT | |
2024-04-19 05:22:36 UTC | 15331 | OUT | |
2024-04-19 05:22:36 UTC | 15331 | OUT | |
2024-04-19 05:22:36 UTC | 15331 | OUT | |
2024-04-19 05:22:36 UTC | 15331 | OUT | |
2024-04-19 05:22:36 UTC | 15331 | OUT | |
2024-04-19 05:22:36 UTC | 15331 | OUT | |
2024-04-19 05:22:36 UTC | 15331 | OUT | |
2024-04-19 05:22:36 UTC | 15331 | OUT | |
2024-04-19 05:22:36 UTC | 15331 | OUT | |
2024-04-19 05:22:37 UTC | 818 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:22:28 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Steam.37210.2413.24955.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3e0000 |
File size: | 315'904 bytes |
MD5 hash: | C60F5FA3A579BCA2C8C377F7E15B2221 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 07:22:28 |
Start date: | 19/04/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa30000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 41.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 28.3% |
Total number of Nodes: | 46 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Function 02772565 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D80A31 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 483memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D804F4 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 15.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 14.9% |
Total number of Nodes: | 335 |
Total number of Limit Nodes: | 24 |
Graph
Function 00421670 Relevance: 10.5, Strings: 8, Instructions: 515COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004216CE Relevance: 10.5, Strings: 8, Instructions: 462COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409D20 Relevance: 6.7, Strings: 5, Instructions: 468COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421F80 Relevance: 2.9, Strings: 2, Instructions: 369COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004212B0 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435ACB Relevance: 1.5, APIs: 1, Instructions: 41memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435B70 Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043AE30 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B800 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415390 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417239 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A936 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A245 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 83memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043890C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004383AD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004391C0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004359F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DE10 Relevance: 3.2, APIs: 2, Instructions: 187COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004154A0 Relevance: 3.2, APIs: 2, Instructions: 162COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E6AB Relevance: 3.1, APIs: 2, Instructions: 63COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00438312 Relevance: 1.5, APIs: 1, Instructions: 36libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043914C Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042DDE0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 153clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EF19 Relevance: 15.5, Strings: 12, Instructions: 473COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FBB5 Relevance: 15.5, Strings: 12, Instructions: 465COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F7CD Relevance: 13.8, Strings: 11, Instructions: 100COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424240 Relevance: 9.0, Strings: 7, Instructions: 223COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D128 Relevance: 8.0, Strings: 6, Instructions: 493COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B470 Relevance: 4.1, Strings: 3, Instructions: 313COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416E69 Relevance: 4.0, Strings: 3, Instructions: 266COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411739 Relevance: 3.5, APIs: 2, Instructions: 509COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B930 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B2A0 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410C5B Relevance: 1.5, Strings: 1, Instructions: 234COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004176E1 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417A78 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413722 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041347E Relevance: 1.3, Strings: 1, Instructions: 69COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422B70 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422B54 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041403B Relevance: 1.3, Strings: 1, Instructions: 26COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417BF5 Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410F4D Relevance: .2, Instructions: 249COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416A62 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414F10 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415216 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043822F Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004025E0 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432140 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043799B Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A0D9 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D2C0 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FED9 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416582 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439461 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |