Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 6244 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 0D86DDF0C76911FC888C0450F90C6F29) - WerFault.exe (PID: 6712 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 244 -s 146 8 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6896 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 244 -s 168 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["demonstationfukewko.shop", "liabilitynighstjsko.shop", "alcojoldwograpciw.shop", "incredibleextedwj.shop", "shortsvelventysjo.shop", "shatterbreathepsw.shop", "tolerateilusidjukl.shop", "productivelookewr.shop", "strollheavengwu.shop"], "Build id": "P6Mk0M--key"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 0_2_004162D6 |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Source: | Code function: | 0_2_0043B3B0 | |
Source: | Code function: | 0_2_00410565 | |
Source: | Code function: | 0_2_004156B6 | |
Source: | Code function: | 0_2_004156B6 | |
Source: | Code function: | 0_2_00438879 | |
Source: | Code function: | 0_2_00437998 | |
Source: | Code function: | 0_2_00437998 | |
Source: | Code function: | 0_2_00435B8B | |
Source: | Code function: | 0_2_0041CC60 | |
Source: | Code function: | 0_2_0041CC60 | |
Source: | Code function: | 0_2_0043AE80 | |
Source: | Code function: | 0_2_00414FC0 | |
Source: | Code function: | 0_2_0041AFE0 | |
Source: | Code function: | 0_2_0041AFE0 | |
Source: | Code function: | 0_2_0043B060 | |
Source: | Code function: | 0_2_00426097 | |
Source: | Code function: | 0_2_00426097 | |
Source: | Code function: | 0_2_0040D160 | |
Source: | Code function: | 0_2_0041210C | |
Source: | Code function: | 0_2_0041B1E0 | |
Source: | Code function: | 0_2_0043A182 | |
Source: | Code function: | 0_2_0043A190 | |
Source: | Code function: | 0_2_004222E7 | |
Source: | Code function: | 0_2_004222ED | |
Source: | Code function: | 0_2_00439389 | |
Source: | Code function: | 0_2_00422422 | |
Source: | Code function: | 0_2_004134B2 | |
Source: | Code function: | 0_2_0043A5D0 | |
Source: | Code function: | 0_2_004245D4 | |
Source: | Code function: | 0_2_00410565 | |
Source: | Code function: | 0_2_00424678 | |
Source: | Code function: | 0_2_004245A8 | |
Source: | Code function: | 0_2_0043B6A0 | |
Source: | Code function: | 0_2_004088F0 | |
Source: | Code function: | 0_2_0043B9D0 | |
Source: | Code function: | 0_2_0043B9D0 | |
Source: | Code function: | 0_2_004069B4 | |
Source: | Code function: | 0_2_00417A65 | |
Source: | Code function: | 0_2_00417A1A | |
Source: | Code function: | 0_2_0041DB22 | |
Source: | Code function: | 0_2_00407C70 | |
Source: | Code function: | 0_2_00407C70 | |
Source: | Code function: | 0_2_00437D40 | |
Source: | Code function: | 0_2_0043AD70 | |
Source: | Code function: | 0_2_00410D77 | |
Source: | Code function: | 0_2_00410D77 | |
Source: | Code function: | 0_2_00402D10 | |
Source: | Code function: | 0_2_00412E93 | |
Source: | Code function: | 0_2_00438F6A | |
Source: | Code function: | 0_2_00431F80 | |
Source: | Code function: | 0_2_03692373 | |
Source: | Code function: | 0_2_036BA3E9 | |
Source: | Code function: | 0_2_036BA3F7 | |
Source: | Code function: | 0_2_0368D3C7 | |
Source: | Code function: | 0_2_0369B247 | |
Source: | Code function: | 0_2_0369B247 | |
Source: | Code function: | 0_2_03695227 | |
Source: | Code function: | 0_2_036A62FE | |
Source: | Code function: | 0_2_036A62FE | |
Source: | Code function: | 0_2_036BB2C7 | |
Source: | Code function: | 0_2_036B21E7 | |
Source: | Code function: | 0_2_036B91D1 | |
Source: | Code function: | 0_2_036BB0E7 | |
Source: | Code function: | 0_2_036930FA | |
Source: | Code function: | 0_2_03693719 | |
Source: | Code function: | 0_2_036907CC | |
Source: | Code function: | 0_2_036BB617 | |
Source: | Code function: | 0_2_036A2689 | |
Source: | Code function: | 0_2_036A254E | |
Source: | Code function: | 0_2_036A2554 | |
Source: | Code function: | 0_2_036B95F0 | |
Source: | Code function: | 0_2_0369B447 | |
Source: | Code function: | 0_2_03688B57 | |
Source: | Code function: | 0_2_036B7BFF | |
Source: | Code function: | 0_2_036B7BFF | |
Source: | Code function: | 0_2_0369DA12 | |
Source: | Code function: | 0_2_036B8AE0 | |
Source: | Code function: | 0_2_036A480F | |
Source: | Code function: | 0_2_036BB907 | |
Source: | Code function: | 0_2_0369591D | |
Source: | Code function: | 0_2_0369591D | |
Source: | Code function: | 0_2_0369B917 | |
Source: | Code function: | 0_2_036A483B | |
Source: | Code function: | 0_2_036BA837 | |
Source: | Code function: | 0_2_036A48DF | |
Source: | Code function: | 0_2_03682F77 | |
Source: | Code function: | 0_2_03690FDE | |
Source: | Code function: | 0_2_03690FDE | |
Source: | Code function: | 0_2_036BAFD7 | |
Source: | Code function: | 0_2_036B7FA7 | |
Source: | Code function: | 0_2_0369CEC7 | |
Source: | Code function: | 0_2_0369CEC7 | |
Source: | Code function: | 0_2_03687ED7 | |
Source: | Code function: | 0_2_03687ED7 | |
Source: | Code function: | 0_2_036B5DF2 | |
Source: | Code function: | 0_2_036BBC37 | |
Source: | Code function: | 0_2_036BBC37 | |
Source: | Code function: | 0_2_03697CCC | |
Source: | Code function: | 0_2_03697C81 |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0042D8F0 |
Source: | Code function: | 0_2_0042D8F0 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00421370 | |
Source: | Code function: | 0_2_004046D0 | |
Source: | Code function: | 0_2_00420C42 | |
Source: | Code function: | 0_2_00406030 | |
Source: | Code function: | 0_2_00421090 | |
Source: | Code function: | 0_2_00426097 | |
Source: | Code function: | 0_2_00410140 | |
Source: | Code function: | 0_2_00426148 | |
Source: | Code function: | 0_2_004261C3 | |
Source: | Code function: | 0_2_004261D5 | |
Source: | Code function: | 0_2_00403492 | |
Source: | Code function: | 0_2_00405567 | |
Source: | Code function: | 0_2_004365C0 | |
Source: | Code function: | 0_2_004065F0 | |
Source: | Code function: | 0_2_00403670 | |
Source: | Code function: | 0_2_0043B6A0 | |
Source: | Code function: | 0_2_0040581F | |
Source: | Code function: | 0_2_00433950 | |
Source: | Code function: | 0_2_0043B9D0 | |
Source: | Code function: | 0_2_004069B4 | |
Source: | Code function: | 0_2_00405B18 | |
Source: | Code function: | 0_2_0041DB22 | |
Source: | Code function: | 0_2_00407C70 | |
Source: | Code function: | 0_2_00403CEF | |
Source: | Code function: | 0_2_00402EC0 | |
Source: | Code function: | 0_2_036A63AF | |
Source: | Code function: | 0_2_036903A7 | |
Source: | Code function: | 0_2_036A62FE | |
Source: | Code function: | 0_2_03686297 | |
Source: | Code function: | 0_2_03683127 | |
Source: | Code function: | 0_2_03683517 | |
Source: | Code function: | 0_2_036855DB | |
Source: | Code function: | 0_2_036A15D7 | |
Source: | Code function: | 0_2_036A642A | |
Source: | Code function: | 0_2_036A643C | |
Source: | Code function: | 0_2_036B3BB7 | |
Source: | Code function: | 0_2_03684937 | |
Source: | Code function: | 0_2_036BB907 | |
Source: | Code function: | 0_2_036B6827 | |
Source: | Code function: | 0_2_03683F47 | |
Source: | Code function: | 0_2_03687ED7 | |
Source: | Code function: | 0_2_036BBC37 |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_01CBF71E |
Source: | Code function: | 0_2_004286B8 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_01CC524C | |
Source: | Code function: | 0_2_01CC5245 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00435C40 |
Source: | Code function: | 0_2_01CBEFFB | |
Source: | Code function: | 0_2_0368092B | |
Source: | Code function: | 0_2_03680D90 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 31 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
45% | ReversingLabs | Win32.Trojan.Generic | ||
46% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
14% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
11% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
strollheavengwu.shop | 172.67.163.209 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | unknown | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false | high | |||
false | unknown | |||
false | high | |||
false | high | |||
false | high | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.163.209 | strollheavengwu.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1429197 |
Start date and time: | 2024-04-21 08:40:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/9@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.73.29
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
08:40:54 | API Interceptor | |
08:41:13 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
strollheavengwu.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, DarkTortilla, LummaC Stealer, PureLog Stealer, RedLine, zgRAT | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_5c35b761e7b2886414fdd9b14cedcc55e7ebf4_79a0e859_5203bd44-6de2-4e4f-aad8-78095cede41a\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9834834943638945 |
Encrypted: | false |
SSDEEP: | 192:9MDln3FUvdP7hTb0U7v+I3jtdFPzuiFlZ24IO8kVB:qcdjVoU7vlj9zuiFlY4IO8a |
MD5: | 40473486B976C01155551B0891E404CF |
SHA1: | E0ACDE6ECFFEBCCBE621BA5BEF6A2D866E7116B8 |
SHA-256: | 6B8A8881180A958C909567CB34D2FB57CF252631278970C11C173E14771130A4 |
SHA-512: | A0656FADC4E5942B4385F00803FDAB68584BB8C408B5C4959E684B1EEBD782D88ACD9C05A7760A9F3BAFE29B9185B31F8DE8DC5C17C6307B5E3E64CC8D6DE3AE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_8ec75631d1328d44a8219509d535bd4f6799dd4_79a0e859_3912fa46-8569-4c49-a3ef-ca2a8cc690e1\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9941410813387069 |
Encrypted: | false |
SSDEEP: | 192:LJn3FUvBP7Ai04DmIwsyI3jtdFPzuiFlZ24IO8kVB:NcBjAp4Dm9sRj9zuiFlY4IO8a |
MD5: | 9456D42B8EA6AEE8832ABB6F1011DFF3 |
SHA1: | 7221F0508C695E04B220D1B4C449E2F637347B8B |
SHA-256: | B84CBE447D52099293840D12A0D84CEE30B8BA39AE06C2B60227194D94EFA99F |
SHA-512: | 7063B354B690F93B3FAFF6F9BEA6027EA27D7216CB29FB13B6DF40DB818D81517A64A42AB17F9AD819A866B4D1181882F3A0779C492BD751170B09209FE83EBA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54826 |
Entropy (8bit): | 2.593342834750703 |
Encrypted: | false |
SSDEEP: | 384:Z8CHR1TphjBbK4c2nYl6zlQ98/ZYB5X6+:TzhjBY2n3YkZV+ |
MD5: | 561B4FE9C1DDB6F10F85F711FB77B709 |
SHA1: | DF214738B0C125C85F2AE14DD0CFCA25847C6977 |
SHA-256: | 651020730B3AAEE4AEC080AD6216F1D1118AB2EB079B1D0292A4D80A3B718700 |
SHA-512: | BB00F7D74A0590FF6FFA46B73E1F85F2227F72700BB7168D7E1CD83D6B08445B90DEA777A3CCBD26DA49A0237DAF4FA48EE4B79926BCD844C958702E6DA6DFA4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8372 |
Entropy (8bit): | 3.681835128611137 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJUC36b6Y9nSU9Jb8eugmf6B6xpNC89bgX1fVD9gm:R6lXJb6b6YNSU9FNugmf5RglfB |
MD5: | 79C259C87FDE278775E2855A91B46BD4 |
SHA1: | 07E0B627950FA378C532294B2621902727503E4A |
SHA-256: | D2CF83E46377EE72E3905C76748AC9451D2490E7B954091CDECF5292BFF86559 |
SHA-512: | 15CDB6ADE0E7163A9988622D114C1855185A9B84206B94ABF8A283F1D875AE7FA36B065FAEE957934F7436898ABB323051C20BD810F22FCD746D93BE6091945E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4642 |
Entropy (8bit): | 4.41299798087096 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsdJg77aI99KWpW8VYaTeYm8M4JiNFCFj+q8vjNF+yjuD0Md:uIjf3I7zr7VFJirQKjrhG0Md |
MD5: | 8CB24EE4CD215ED7A942195480452D87 |
SHA1: | 72B4FB71785B733D561F192A9396A01EADF6E32E |
SHA-256: | B1686B1439BDCD5EAA27217F49E5555FB35B75C459BD30FB9514B919C7C9ED38 |
SHA-512: | 61818774A12C9F83598C11B4FBB127C1BC581B0453C737B148D4CBC1A7DD9E1F36F6D71EA341E641D9E3F22C80C58737EBA2F5C51A75E18F43592211283CE125 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1086218 |
Entropy (8bit): | 1.0668474837505464 |
Encrypted: | false |
SSDEEP: | 768:Bz6jBMpr8Dq7Uyszu/DL7JAfDOjAr2lmvW2r5avzcAl1vMjnsejNHKiP0i2PQjIl:BzmaAfDOjVz8avzaFGFXNf312Js3Vkq |
MD5: | 954BDE84C976EF7438EDBDDFA6D3599B |
SHA1: | 7FA22C3BDA9026383E8651E805730773480DEA6C |
SHA-256: | 709763D708409AEDAD6B90F50AD2EB7F7670066A4F417F8378CAF4DEDACBE97E |
SHA-512: | C7F49EEFE4BA40114DE0A65B794DBA7974DE1459EE99ACC2556C4BA4F50B67528B235BC75E7CB577E5836006C690DEEEC0A358396EEC652900945797ECD96828 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8414 |
Entropy (8bit): | 3.690098547270439 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJUCq6u6Y9LSU9Jb8eugmf6g56cIypDa89b2vsfiSm:R6lXJW6u6YBSU9FNugmfp56cp2Uf+ |
MD5: | 0E7A6B607DD2A2552091A526E1592C0D |
SHA1: | 4D3B3FD074C66653D73C3D827386050DBF7D3A2E |
SHA-256: | 50A553AC9EA39AAB94D158727E1581D62ECB278F2574576928BFD2E17C39E5E5 |
SHA-512: | BEF23DFC32B478422AF84D23F16722E3691798BF0A5C00CDEE49B4F45F44CF7EE8EE4EAF4A34AC1920F3B08929A92E93131D61FD57252A5ED1A8C4E4EDEC65A8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4696 |
Entropy (8bit): | 4.453004243693197 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsdJg77aI99KWpW8VYYYm8M4JiNO0O3FMd+q8vjNO0OByjuD0td:uIjf3I7zr7VMJi/RdKj/PG0td |
MD5: | 809A682CE6E345AE4961419142C07B74 |
SHA1: | F6CB9134BCEB9C9821494B4B4EEAAC520ACA18D4 |
SHA-256: | 0FFF88CBE40B8E119639AB9F4189A7A215EC0DE91C7288BF4F301B19254E525D |
SHA-512: | EF8F1AE8B055FE52AC72B0E07C60EE780350B305B35F9DFC94B1F0DA1D4D4B3D3D668967FC0C98C158DF232134A367652357B2B4266B3EF94CFDF65570C7DC58 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465276674006023 |
Encrypted: | false |
SSDEEP: | 6144:7IXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSb1:cXD94+WlLZMM6YFH1+1 |
MD5: | 48CF9BD8336AF9D2438ABAE7596E79BA |
SHA1: | 17343E75A1E59EDCA940718ACA7BA844CA3DF63C |
SHA-256: | 8962545434ED8B7EEFC6692419BD4F1AD95EC8279F472A65D760C9A8B23ECDB6 |
SHA-512: | 1BAE4BA825F92CA7884AA2EA48D504A9A380D79411E43F9CD1979193EDA2C9A73178F39AF628059272B3195E16F2C112668058AB0BFAE3106F95D6B7FD0D079C |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.722526954299209 |
TrID: |
|
File name: | file.exe |
File size: | 431'104 bytes |
MD5: | 0d86ddf0c76911fc888c0450f90c6f29 |
SHA1: | e074480d945cce752a586df7cca1dfea5baff533 |
SHA256: | 07f56f9d4a21eb65c788a9a423af9205b01d2792563d6965ff8cb814be822524 |
SHA512: | bc998356b3dbbdb99019f9779f9d5862f103e5664060895aded835322cf12aefef341adee5ff24d4a576f68add05ed33df15b51048e92354f805e127907d0d89 |
SSDEEP: | 6144:PcDrb47lkR5hQvqegHMPZgFz2L0CDnpHsYCTx:PSX47lsh0qLsRQz2HD5Sx |
TLSH: | F0946C03B3E17D98E6264B329E1EC6E8761DF9509E493B76321E9F1F02B5072D263B11 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................./.......]..............w+..............w......Rich............PE..L....Gqd................... |
Icon Hash: | 63716de961436e0f |
Entrypoint: | 0x403b9f |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x647147D7 [Fri May 26 23:59:19 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | c6a29c2b2571c33a0a23fd650053529b |
Instruction |
---|
call 00007F5868809080h |
jmp 00007F58688025A5h |
push 00000014h |
push 00416DF0h |
call 00007F58688062D0h |
call 00007F5868809251h |
movzx esi, ax |
push 00000002h |
call 00007F5868809013h |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [00400000h], ax |
je 00007F58688025A6h |
xor ebx, ebx |
jmp 00007F58688025D5h |
mov eax, dword ptr [0040003Ch] |
cmp dword ptr [eax+00400000h], 00004550h |
jne 00007F586880258Dh |
mov ecx, 0000010Bh |
cmp word ptr [eax+00400018h], cx |
jne 00007F586880257Fh |
xor ebx, ebx |
cmp dword ptr [eax+00400074h], 0Eh |
jbe 00007F58688025ABh |
cmp dword ptr [eax+004000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007F5868805E44h |
test eax, eax |
jne 00007F58688025AAh |
push 0000001Ch |
call 00007F5868802681h |
pop ecx |
call 00007F5868805B80h |
test eax, eax |
jne 00007F58688025AAh |
push 00000010h |
call 00007F5868802670h |
pop ecx |
call 00007F586880908Ch |
and dword ptr [ebp-04h], 00000000h |
call 00007F586880810Ah |
test eax, eax |
jns 00007F58688025AAh |
push 0000001Bh |
call 00007F5868802656h |
pop ecx |
call dword ptr [004110C0h] |
mov dword ptr [01A13D1Ch], eax |
call 00007F58688090A7h |
mov dword ptr [0044BC6Ch], eax |
call 00007F5868808A4Ah |
test eax, eax |
jns 00007F58688025AAh |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x17244 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1614000 | 0x1f078 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x11200 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x16780 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x11000 | 0x194 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xf305 | 0xf400 | 16b09e909e0fb3a79ea70acb1a57cf85 | False | 0.6044761782786885 | data | 6.68121811830811 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x11000 | 0x6b98 | 0x6c00 | b925d984c450ca16dc63999acb7a12c5 | False | 0.3947120949074074 | data | 4.776140278687859 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x18000 | 0x15fbd20 | 0x33e00 | 723ffe5b9f0ffa7b94dae012f74ba41a | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x1614000 | 0x1f078 | 0x1f200 | 7bf2e4fd9c8ed1974374cf152acbdc2b | False | 0.3004047439759036 | data | 4.167703955462114 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x162dbd0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.26439232409381663 | ||
RT_CURSOR | 0x162ea78 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.3686823104693141 | ||
RT_CURSOR | 0x162f320 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.49060693641618497 | ||
RT_CURSOR | 0x162f8b8 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.4375 | ||
RT_CURSOR | 0x162f9e8 | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 0 | 0.44886363636363635 | ||
RT_CURSOR | 0x162fac0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.27238805970149255 | ||
RT_CURSOR | 0x1630968 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.375 | ||
RT_CURSOR | 0x1631210 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5057803468208093 | ||
RT_ICON | 0x1614ab0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.5339861751152074 |
RT_ICON | 0x1615178 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.41244813278008297 |
RT_ICON | 0x1617720 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.449468085106383 |
RT_ICON | 0x1617bb8 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.5339861751152074 |
RT_ICON | 0x1618280 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.41244813278008297 |
RT_ICON | 0x161a828 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.449468085106383 |
RT_ICON | 0x161acc0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Romanian | Romania | 0.3694029850746269 |
RT_ICON | 0x161bb68 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Romanian | Romania | 0.4499097472924188 |
RT_ICON | 0x161c410 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.4596774193548387 |
RT_ICON | 0x161cad8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Romanian | Romania | 0.45375722543352603 |
RT_ICON | 0x161d040 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.2687759336099585 |
RT_ICON | 0x161f5e8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Romanian | Romania | 0.30651969981238275 |
RT_ICON | 0x1620690 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.35726950354609927 |
RT_ICON | 0x1620b60 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Romanian | Romania | 0.5170575692963753 |
RT_ICON | 0x1621a08 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Romanian | Romania | 0.5045126353790613 |
RT_ICON | 0x16222b0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Romanian | Romania | 0.45910138248847926 |
RT_ICON | 0x1622978 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Romanian | Romania | 0.47832369942196534 |
RT_ICON | 0x1622ee0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Romanian | Romania | 0.2794605809128631 |
RT_ICON | 0x1625488 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Romanian | Romania | 0.30816135084427765 |
RT_ICON | 0x1626530 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Romanian | Romania | 0.3389344262295082 |
RT_ICON | 0x1626eb8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Romanian | Romania | 0.36879432624113473 |
RT_ICON | 0x1627398 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Romanian | Romania | 0.27878464818763327 |
RT_ICON | 0x1628240 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Romanian | Romania | 0.36913357400722024 |
RT_ICON | 0x1628ae8 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.3951612903225806 |
RT_ICON | 0x16291b0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Romanian | Romania | 0.3901734104046243 |
RT_ICON | 0x1629718 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.2744813278008299 |
RT_ICON | 0x162bcc0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Romanian | Romania | 0.3027673545966229 |
RT_ICON | 0x162cd68 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Romanian | Romania | 0.3221311475409836 |
RT_ICON | 0x162d6f0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.35106382978723405 |
RT_DIALOG | 0x1631998 | 0x52 | data | 0.8780487804878049 | ||
RT_STRING | 0x16319f0 | 0x432 | data | Romanian | Romania | 0.45251396648044695 |
RT_STRING | 0x1631e28 | 0x4d4 | data | Romanian | Romania | 0.44660194174757284 |
RT_STRING | 0x1632300 | 0x13a | data | Romanian | Romania | 0.5286624203821656 |
RT_STRING | 0x1632440 | 0x30a | data | Romanian | Romania | 0.47429305912596403 |
RT_STRING | 0x1632750 | 0x638 | data | Romanian | Romania | 0.43027638190954776 |
RT_STRING | 0x1632d88 | 0x2ec | data | Romanian | Romania | 0.47058823529411764 |
RT_GROUP_CURSOR | 0x162f888 | 0x30 | data | 0.9375 | ||
RT_GROUP_CURSOR | 0x162fa98 | 0x22 | data | 1.0588235294117647 | ||
RT_GROUP_CURSOR | 0x1631778 | 0x30 | data | 0.9375 | ||
RT_GROUP_ICON | 0x1617b88 | 0x30 | data | Romanian | Romania | 0.9375 |
RT_GROUP_ICON | 0x1620af8 | 0x68 | data | Romanian | Romania | 0.7115384615384616 |
RT_GROUP_ICON | 0x161ac90 | 0x30 | data | Romanian | Romania | 1.0 |
RT_GROUP_ICON | 0x1627320 | 0x76 | data | Romanian | Romania | 0.6779661016949152 |
RT_GROUP_ICON | 0x162db58 | 0x76 | data | Romanian | Romania | 0.6864406779661016 |
RT_VERSION | 0x16317a8 | 0x1ec | data | 0.5386178861788617 |
DLL | Import |
---|---|
KERNEL32.dll | LocalCompact, GetUserDefaultLCID, AddConsoleAliasW, CreateHardLinkA, GetTickCount, EnumTimeFormatsW, FindResourceExA, GetVolumeInformationA, LoadLibraryW, CopyFileW, WriteConsoleW, GetCompressedFileSizeA, GetTempPathW, SetThreadLocale, GetLastError, SetLastError, GetProcAddress, GetLocaleInfoA, SetStdHandle, SetFileAttributesA, WriteConsoleA, InterlockedExchangeAdd, LocalAlloc, SetCalendarInfoW, GetExitCodeThread, RemoveDirectoryW, AddAtomA, GlobalFindAtomW, GetModuleFileNameA, GetOEMCP, GlobalUnWire, LoadLibraryExA, ReadConsoleInputW, GetWindowsDirectoryW, AddConsoleAliasA, GetComputerNameA, FindFirstChangeNotificationW, CreateTimerQueueTimer, GetSystemDefaultLangID, OutputDebugStringW, HeapFree, EncodePointer, DecodePointer, IsProcessorFeaturePresent, GetCommandLineA, RaiseException, RtlUnwind, IsValidCodePage, GetACP, GetCPInfo, GetCurrentThreadId, IsDebuggerPresent, GetProcessHeap, ExitProcess, GetModuleHandleExW, MultiByteToWideChar, WideCharToMultiByte, HeapSize, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, GetFileType, DeleteCriticalSection, GetStartupInfoW, CloseHandle, HeapAlloc, WriteFile, GetModuleFileNameW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, GetStringTypeW, LoadLibraryExW, HeapReAlloc, ReadFile, SetFilePointerEx, LCMapStringW, GetConsoleCP, GetConsoleMode, FlushFileBuffers, CreateFileW |
GDI32.dll | GetCharacterPlacementW |
ADVAPI32.dll | DeregisterEventSource |
WINHTTP.dll | WinHttpConnect |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Romanian | Romania |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 21, 2024 08:40:54.730875969 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:54.730957031 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:54.731077909 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:54.734648943 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:54.734678984 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:54.972932100 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:54.973031044 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:54.975605965 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:54.975625992 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:54.976042986 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:55.018754005 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.028594971 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.028635979 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.028789043 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:55.505143881 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:55.505354881 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:55.505569935 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.507550955 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.507592916 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:55.533015966 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.533098936 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:55.533212900 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.533492088 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.533520937 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:55.760785103 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:55.761236906 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.762660980 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.762691021 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:55.763751030 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:55.765429974 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.765430927 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:55.765532970 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302128077 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302189112 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302234888 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302253008 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.302270889 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302285910 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302334070 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.302354097 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302400112 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302402020 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.302413940 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302473068 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.302478075 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302488089 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302525997 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.302540064 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302573919 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.302620888 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.302629948 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.303096056 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.303152084 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.303301096 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.303320885 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.303333044 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.303339005 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.451040983 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.451071978 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.451168060 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.451586962 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.451600075 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.680138111 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.680392027 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.682257891 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.682275057 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.683294058 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.684576988 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.684815884 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.684860945 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:56.685048103 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:56.685059071 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:57.259744883 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:57.260042906 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:57.260127068 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:57.265261889 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:57.265280008 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:57.366952896 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:57.367031097 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:57.367161036 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:57.367533922 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:57.367571115 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:57.592240095 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:57.592360973 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:57.594927073 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:57.594958067 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:57.595371008 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:57.597120047 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:57.597244978 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:57.597290993 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:58.113697052 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:58.113995075 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:58.114200115 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:58.114200115 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:58.425010920 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:58.425054073 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:58.468126059 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:58.468188047 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:58.468395948 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:58.468919992 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:58.468954086 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:58.693725109 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:58.693864107 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:58.696031094 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:58.696060896 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:58.696512938 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:58.698195934 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:58.698376894 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:58.698422909 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:58.698513985 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:58.698529959 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:59.270539045 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:59.270771980 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:59.270853043 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:59.270948887 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:59.270988941 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:59.454746008 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:59.454777002 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:59.454854965 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:59.455377102 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:59.455393076 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:59.685863972 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:59.686084986 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:59.687382936 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:59.687398911 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:59.687896967 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:40:59.689340115 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:59.689340115 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:40:59.689388990 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:00.197623014 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:00.197900057 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:00.197997093 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:00.197997093 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:00.272962093 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:00.273014069 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:00.273092031 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:00.273508072 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:00.273525953 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:00.500636101 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:00.500929117 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:00.513854980 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:00.513880968 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:00.514739990 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:00.516256094 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:00.516361952 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:00.516379118 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.026119947 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.026381969 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.549020052 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.549099922 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.549218893 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.549576998 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.549658060 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.775405884 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.775649071 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.777261019 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.777290106 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.777710915 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.778959036 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.780168056 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.780253887 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.780389071 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.780445099 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.780627966 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.780693054 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.780890942 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.780956030 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.781157017 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.781208992 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.781464100 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.781507015 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.781526089 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.781555891 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.781733036 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.781778097 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.781826019 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.781857967 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.781898022 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.782016993 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.828248978 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.828775883 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.828852892 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.828923941 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.828975916 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.829015017 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.829034090 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:01.829133034 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:01.829157114 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:03.322901964 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:03.323225975 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 21, 2024 08:41:03.323317051 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 21, 2024 08:41:03.323318005 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 21, 2024 08:40:54.590507984 CEST | 58095 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 21, 2024 08:40:54.725392103 CEST | 53 | 58095 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 21, 2024 08:40:54.590507984 CEST | 192.168.2.4 | 1.1.1.1 | 0x6666 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 21, 2024 08:40:54.725392103 CEST | 1.1.1.1 | 192.168.2.4 | 0x6666 | No error (0) | 172.67.163.209 | A (IP address) | IN (0x0001) | false | ||
Apr 21, 2024 08:40:54.725392103 CEST | 1.1.1.1 | 192.168.2.4 | 0x6666 | No error (0) | 104.21.15.198 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 172.67.163.209 | 443 | 6244 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-21 06:40:55 UTC | 267 | OUT | |
2024-04-21 06:40:55 UTC | 8 | OUT | |
2024-04-21 06:40:55 UTC | 810 | IN | |
2024-04-21 06:40:55 UTC | 7 | IN | |
2024-04-21 06:40:55 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49731 | 172.67.163.209 | 443 | 6244 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-21 06:40:55 UTC | 268 | OUT | |
2024-04-21 06:40:55 UTC | 52 | OUT | |
2024-04-21 06:40:56 UTC | 808 | IN | |
2024-04-21 06:40:56 UTC | 561 | IN | |
2024-04-21 06:40:56 UTC | 1369 | IN | |
2024-04-21 06:40:56 UTC | 1369 | IN | |
2024-04-21 06:40:56 UTC | 1369 | IN | |
2024-04-21 06:40:56 UTC | 1369 | IN | |
2024-04-21 06:40:56 UTC | 1369 | IN | |
2024-04-21 06:40:56 UTC | 1369 | IN | |
2024-04-21 06:40:56 UTC | 1369 | IN | |
2024-04-21 06:40:56 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49732 | 172.67.163.209 | 443 | 6244 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-21 06:40:56 UTC | 286 | OUT | |
2024-04-21 06:40:56 UTC | 15331 | OUT | |
2024-04-21 06:40:56 UTC | 2830 | OUT | |
2024-04-21 06:40:57 UTC | 812 | IN | |
2024-04-21 06:40:57 UTC | 20 | IN | |
2024-04-21 06:40:57 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49733 | 172.67.163.209 | 443 | 6244 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-21 06:40:57 UTC | 285 | OUT | |
2024-04-21 06:40:57 UTC | 8782 | OUT | |
2024-04-21 06:40:58 UTC | 804 | IN | |
2024-04-21 06:40:58 UTC | 20 | IN | |
2024-04-21 06:40:58 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49734 | 172.67.163.209 | 443 | 6244 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-21 06:40:58 UTC | 286 | OUT | |
2024-04-21 06:40:58 UTC | 15331 | OUT | |
2024-04-21 06:40:58 UTC | 5104 | OUT | |
2024-04-21 06:40:59 UTC | 812 | IN | |
2024-04-21 06:40:59 UTC | 20 | IN | |
2024-04-21 06:40:59 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49735 | 172.67.163.209 | 443 | 6244 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-21 06:40:59 UTC | 285 | OUT | |
2024-04-21 06:40:59 UTC | 5438 | OUT | |
2024-04-21 06:41:00 UTC | 814 | IN | |
2024-04-21 06:41:00 UTC | 20 | IN | |
2024-04-21 06:41:00 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49736 | 172.67.163.209 | 443 | 6244 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-21 06:41:00 UTC | 285 | OUT | |
2024-04-21 06:41:00 UTC | 1390 | OUT | |
2024-04-21 06:41:01 UTC | 804 | IN | |
2024-04-21 06:41:01 UTC | 20 | IN | |
2024-04-21 06:41:01 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49737 | 172.67.163.209 | 443 | 6244 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-21 06:41:01 UTC | 287 | OUT | |
2024-04-21 06:41:01 UTC | 15331 | OUT | |
2024-04-21 06:41:01 UTC | 15331 | OUT | |
2024-04-21 06:41:01 UTC | 15331 | OUT | |
2024-04-21 06:41:01 UTC | 15331 | OUT | |
2024-04-21 06:41:01 UTC | 15331 | OUT | |
2024-04-21 06:41:01 UTC | 15331 | OUT | |
2024-04-21 06:41:01 UTC | 15331 | OUT | |
2024-04-21 06:41:01 UTC | 15331 | OUT | |
2024-04-21 06:41:01 UTC | 15331 | OUT | |
2024-04-21 06:41:01 UTC | 15331 | OUT | |
2024-04-21 06:41:03 UTC | 820 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:40:52 |
Start date: | 21/04/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 431'104 bytes |
MD5 hash: | 0D86DDF0C76911FC888C0450F90C6F29 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 08:41:02 |
Start date: | 21/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaf0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 08:41:02 |
Start date: | 21/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaf0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.3% |
Dynamic/Decrypted Code Coverage: | 8% |
Signature Coverage: | 28.7% |
Total number of Nodes: | 348 |
Total number of Limit Nodes: | 18 |
Graph
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004046D0 Relevance: 5.5, Strings: 4, Instructions: 506COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CC60 Relevance: 4.1, Strings: 3, Instructions: 328COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DB22 Relevance: 3.6, APIs: 2, Instructions: 615COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01CBF71E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AFE0 Relevance: 2.6, Strings: 2, Instructions: 130COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004162D6 Relevance: 1.7, APIs: 1, Instructions: 218COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435B8B Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435C40 Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420C42 Relevance: .4, Instructions: 431COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421370 Relevance: .4, Instructions: 381COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421090 Relevance: .4, Instructions: 373COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B3B0 Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043AE80 Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414FC0 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00438879 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437998 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041210C Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410565 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004286B8 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427C0B Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 72memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437E48 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004241EB Relevance: 3.6, APIs: 2, Instructions: 582COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435AA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DE00 Relevance: 3.2, APIs: 2, Instructions: 215COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042DFB8 Relevance: 3.1, APIs: 2, Instructions: 123COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03680E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004394EC Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041860C Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01CBF3DD Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D8F0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 155clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426097 Relevance: 7.1, Strings: 5, Instructions: 837COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A62FE Relevance: 7.1, Strings: 5, Instructions: 837COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03684937 Relevance: 5.5, Strings: 4, Instructions: 506COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369CEC7 Relevance: 4.1, Strings: 3, Instructions: 328COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036855DB Relevance: 3.3, Strings: 2, Instructions: 800COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405567 Relevance: 3.0, Strings: 2, Instructions: 510COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B9D0 Relevance: 2.9, Strings: 2, Instructions: 360COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036BBC37 Relevance: 2.9, Strings: 2, Instructions: 360COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040581F Relevance: 2.8, Strings: 2, Instructions: 267COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405B18 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369B247 Relevance: 2.6, Strings: 2, Instructions: 130COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004365C0 Relevance: 2.0, Strings: 1, Instructions: 700COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036B6827 Relevance: 2.0, Strings: 1, Instructions: 700COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004261D5 Relevance: 1.7, Strings: 1, Instructions: 432COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A643C Relevance: 1.7, Strings: 1, Instructions: 432COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426148 Relevance: 1.7, Strings: 1, Instructions: 429COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A63AF Relevance: 1.7, Strings: 1, Instructions: 429COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004261C3 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A642A Relevance: 1.6, Strings: 1, Instructions: 388COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417A65 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03697CCC Relevance: 1.6, Strings: 1, Instructions: 357COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004065F0 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004245D4 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A483B Relevance: 1.4, Strings: 1, Instructions: 188COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424678 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A48DF Relevance: 1.4, Strings: 1, Instructions: 169COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004245A8 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A480F Relevance: 1.4, Strings: 1, Instructions: 126COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004134B2 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03693719 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437D40 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036B7FA7 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407C70 Relevance: .9, Instructions: 864COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03687ED7 Relevance: .9, Instructions: 864COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03683517 Relevance: .7, Instructions: 698COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03683F47 Relevance: .6, Instructions: 632COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406030 Relevance: .5, Instructions: 497COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03686297 Relevance: .5, Instructions: 497COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A15D7 Relevance: .4, Instructions: 381COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004069B4 Relevance: .4, Instructions: 379COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004088F0 Relevance: .4, Instructions: 373COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03688B57 Relevance: .4, Instructions: 373COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403670 Relevance: .3, Instructions: 336COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403CEF Relevance: .3, Instructions: 325COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B1E0 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369B447 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369B917 Relevance: .3, Instructions: 291COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B6A0 Relevance: .3, Instructions: 290COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036BB907 Relevance: .3, Instructions: 290COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036BB617 Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410D77 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03690FDE Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403492 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433950 Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036B3BB7 Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B060 Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036BB2C7 Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036BB0E7 Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402D10 Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03682F77 Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03695227 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036B7BFF Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036B8AE0 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412E93 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036930FA Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410140 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036903A7 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03692373 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402EC0 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03683127 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043AD70 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036BAFD7 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00438F6A Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036B91D1 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369DA12 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431F80 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036B21E7 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01CBEFFB Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004222ED Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A2554 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A5D0 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036BA837 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03680D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036B5DF2 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004222E7 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A254E Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036907CC Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439389 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036B95F0 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D160 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368D3C7 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417A1A Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03697C81 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A182 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036BA3E9 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422422 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A2689 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A190 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036BA3F7 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036ADB57 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 155clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |