Windows
Analysis Report
xuI8pQHlxExL.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- xuI8pQHlxExL.exe (PID: 7096 cmdline:
"C:\Users\ user\Deskt op\xuI8pQH lxExL.exe" MD5: ED064734A0BF02C905E63D64A495364B) - cmd.exe (PID: 4488 cmdline:
cmd.exe /C Y /N /D Y /T 1 & De l "C:\User s\user\Des ktop\xuI8p QHlxExL.ex e" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 5296 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
NjRAT | RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored. |
{"Host": "resilencia2023.duckdns.org", "Port": "2009", "Campaign ID": "NYAN CAT", "Network Seprator": "@!#&^%$", "Registry": "8abd92e56969"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Timestamp: | 04/22/24-19:06:15.002589 |
SID: | 2825565 |
Source Port: | 49730 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:06:09.223118 |
SID: | 2825564 |
Source Port: | 49730 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:06:05.495111 |
SID: | 2825563 |
Source Port: | 49730 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:06:05.253890 |
SID: | 2033132 |
Source Port: | 49730 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:07:00.449324 |
SID: | 2825565 |
Source Port: | 49737 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:06:56.900357 |
SID: | 2825564 |
Source Port: | 49737 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:06:34.186569 |
SID: | 2825563 |
Source Port: | 49737 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:06:33.952521 |
SID: | 2033132 |
Source Port: | 49737 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:07:07.929032 |
SID: | 2033132 |
Source Port: | 49739 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:06:30.056799 |
SID: | 2825565 |
Source Port: | 49736 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:06:25.711913 |
SID: | 2825564 |
Source Port: | 49736 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:06:22.749074 |
SID: | 2825563 |
Source Port: | 49736 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:06:22.528207 |
SID: | 2033132 |
Source Port: | 49736 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-19:07:17.873841 |
SID: | 2825564 |
Source Port: | 49739 |
Destination Port: | 2009 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_05171930 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_052C339E | |
Source: | Code function: | 0_2_052C3367 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: |
Source: | Code function: | 0_2_05770782 | |
Source: | Code function: | 0_2_057709CE | |
Source: | Code function: | 0_2_057708A6 |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 Input Capture | 1 Security Software Discovery | Remote Services | 1 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 2 Process Injection | 2 Virtualization/Sandbox Evasion | LSASS Memory | 2 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Disable or Modify Tools | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 21 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Process Injection | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 File Deletion | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Dropper.Gen7 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
resilencia2023.duckdns.org | 179.14.8.182 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | low |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
179.14.8.182 | resilencia2023.duckdns.org | Colombia | 27831 | ColombiaMovilCO | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1429847 |
Start date and time: | 2024-04-22 19:05:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 24s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | xuI8pQHlxExL.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/1@3/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: xuI8pQHlxExL.exe
Time | Type | Description |
---|---|---|
19:06:33 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
179.14.8.182 | Get hash | malicious | Njrat | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
resilencia2023.duckdns.org | Get hash | malicious | Njrat | Browse |
| |
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ColombiaMovilCO | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Users\user\Desktop\xuI8pQHlxExL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 907 |
Entropy (8bit): | 5.243019596074263 |
Encrypted: | false |
SSDEEP: | 24:MLF2CpI329Iz52VMzffup26KTnKoO2+b2hHAa/:MwQd9IzoaXuY6Ux+SF/ |
MD5: | 48A0572426885EBDE53CA62C7F2E194E |
SHA1: | 035628CDF6276367F6C83E9F4AA2172933850AA8 |
SHA-256: | 4C68E10691304CAC8DA65A05CF2580728EC0E294104F267840712AF1C46A6538 |
SHA-512: | DEFE728C2312918D94BD43C98908C08CCCA5EBFB77F873779DCA784F14C607B33A4E29AC5ECB798F2F741668B7692F72BCB60DEFD536EA86B296B64FA359C42D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 3.8035401193939826 |
TrID: |
|
File name: | xuI8pQHlxExL.exe |
File size: | 32'768 bytes |
MD5: | ed064734a0bf02c905e63d64a495364b |
SHA1: | b5c8e93ccd6aa3457f9727ed319384ba97c9ac71 |
SHA256: | 544a4d7177ed4b85a9c9807fa396e07e3243e2e6c4ce2b0fe0f908d6ee37bdc9 |
SHA512: | ea54436dec688d075b3d095fb3ea79cce1cd4bb2cb4c7d243517d819a46f8b51b812f16bf982af1db9eeb5816e8ed8578c70e1c3aabcdf50818fe8aedff8776f |
SSDEEP: | 384:f0bUe5XB4e0XeOhJggUBZIGlWT1tTUFQqzFVkObbR:UT9Bu9zggUBZI567bR |
TLSH: | AAE2080A7BA58215C6BC5AFC8CB313200772E3478532EB6F5CDC88CA4B676D44645EED |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.&f.................P... ......~g... ........@.. ....................................@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x40677e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66268F23 [Mon Apr 22 16:24:03 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x6728 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8000 | 0x2a8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x4784 | 0x5000 | 4fa3424137a466c469de4a76d0bd8119 | False | 0.47548828125 | data | 5.293800246831452 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x8000 | 0x2a8 | 0x1000 | 06f784705978c77c74b103740d210ee3 | False | 0.07763671875 | data | 0.6775791141051085 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xa000 | 0xc | 0x1000 | 6c4dd48bf3226f24c0a279b97a87449d | False | 0.008544921875 | data | 0.013126943721219527 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x8058 | 0x24c | data | 0.46598639455782315 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/22/24-19:06:15.002589 | TCP | 2825565 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity Sending Screenshot (CAP) | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:06:09.223118 | TCP | 2825564 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:06:05.495111 | TCP | 2825563 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:06:05.253890 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:07:00.449324 | TCP | 2825565 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity Sending Screenshot (CAP) | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:06:56.900357 | TCP | 2825564 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:06:34.186569 | TCP | 2825563 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:06:33.952521 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:07:07.929032 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:06:30.056799 | TCP | 2825565 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity Sending Screenshot (CAP) | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:06:25.711913 | TCP | 2825564 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:06:22.749074 | TCP | 2825563 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:06:22.528207 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
04/22/24-19:07:17.873841 | TCP | 2825564 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 22, 2024 19:06:04.930475950 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:05.118997097 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:05.119340897 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:05.253890038 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:05.494960070 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:05.495110989 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:05.731220007 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:05.873019934 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:05.914608002 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:05.975680113 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:06.206933975 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:08.906900883 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:08.961483955 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:08.991170883 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:09.222949982 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:09.223118067 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:09.457201004 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:11.318907022 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:11.319550037 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:11.553014994 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:11.928942919 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:11.977241039 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:12.580398083 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:12.813113928 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:14.964776993 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:15.002588987 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:15.248832941 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:20.334891081 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:20.334959030 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:22.338447094 CEST | 49730 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:22.340182066 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:22.518731117 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:22.518815041 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:22.526794910 CEST | 2009 | 49730 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:22.528207064 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:22.748879910 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:22.749073982 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:22.964945078 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:23.040847063 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:23.102132082 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:23.103790998 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:23.318680048 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:25.711913109 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:25.936713934 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:26.066813946 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:26.117809057 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:26.128598928 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:26.342717886 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:28.864710093 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:28.914730072 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:29.094758034 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:29.149101973 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:29.838649988 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:30.056720018 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:30.056798935 CEST | 49736 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:30.278786898 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:31.728713036 CEST | 2009 | 49736 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:33.745614052 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:33.938525915 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:33.938854933 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:33.952521086 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:34.186455965 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:34.186568975 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:34.424490929 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:35.146462917 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:35.195990086 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:35.250015020 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:35.480408907 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:38.184808969 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:38.217813969 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:38.444734097 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:40.124571085 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:40.125027895 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:40.358587027 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:50.290874958 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:50.336694956 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:50.368941069 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:50.600929022 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:54.334129095 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:54.383471012 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:54.427655935 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:54.666773081 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:54.666922092 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:54.898799896 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:56.900357008 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:57.130390882 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:57.362998009 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:57.414819956 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:57.418292046 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:57.656879902 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:58.162764072 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:06:58.163341999 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:06:58.400791883 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:00.397083044 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:00.445964098 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:00.449323893 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:00.686681032 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:04.170533895 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:04.170777082 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:07.088913918 CEST | 49737 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:07.282749891 CEST | 2009 | 49737 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:07.730252981 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:07.909965992 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:07.910068035 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:07.929032087 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:08.121830940 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:08.155158997 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:08.155226946 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:08.299022913 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:08.299235106 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:08.373229980 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:08.373317957 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:08.523318052 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:08.523479939 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:08.597162008 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:08.597291946 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:08.753245115 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:08.753968000 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:08.817195892 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:08.817971945 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:08.969130993 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:08.969862938 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:09.048351049 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:09.049843073 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:09.187309980 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:09.187436104 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:09.281486988 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:09.281877041 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:09.405311108 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:09.405857086 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:09.499126911 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:09.501851082 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:09.625135899 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:09.625860929 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:09.718982935 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:09.719131947 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:09.843153954 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:09.843246937 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:09.933238983 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:09.933350086 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:10.065447092 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:10.065834999 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:10.159194946 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:10.159288883 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:10.285259962 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:10.285378933 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:10.381061077 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:10.381210089 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:10.507205009 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:10.507442951 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:10.607229948 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:10.607439041 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:10.731347084 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:10.731451988 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:10.821281910 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:10.821397066 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:10.977164984 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:10.977289915 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:11.047120094 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:11.047224998 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:11.205178976 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:11.205296040 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:11.267106056 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:11.267170906 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:11.441165924 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:11.441278934 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:11.489109039 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:11.489295959 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:11.663216114 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:11.663378000 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:11.707333088 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:11.707406044 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:11.883141041 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:11.883244038 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:12.107413054 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:12.107534885 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:12.319303036 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:12.329436064 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:12.485876083 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:12.485972881 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:12.499030113 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:12.499124050 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:12.583023071 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:12.671241999 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:12.673858881 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:12.763142109 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:12.765913010 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:12.907166958 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:12.907272100 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:12.985209942 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:12.985927105 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:13.123110056 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:13.123209953 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:13.201251030 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:13.203433037 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:13.367394924 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:13.369940042 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:13.421154022 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:13.421864986 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:13.595048904 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:13.595175982 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:13.656960964 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:13.657052040 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:13.817409992 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:13.817523956 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:13.891113043 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:13.891289949 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:14.033111095 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:14.033560038 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:14.096941948 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:14.097184896 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:14.252976894 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:14.253278971 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:14.314949036 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:14.315191984 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:14.471004009 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:14.471132040 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:14.533665895 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:14.533852100 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:14.688909054 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:14.691795111 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:14.752909899 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:14.753869057 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:14.867292881 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:14.868005991 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:14.969120979 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:14.969284058 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:15.085042953 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:15.085165024 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:15.195019007 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:15.195111990 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:15.301193953 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:15.305629969 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:15.422296047 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:15.425878048 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:15.525186062 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:15.525310040 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:15.653078079 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:15.653176069 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:15.745018959 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:15.745106936 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:15.869168997 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:15.869342089 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:15.960994959 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:15.961287022 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:16.087131977 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:16.087404966 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:16.182760000 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:16.182873011 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:16.305005074 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:16.305226088 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:16.400881052 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:16.401082993 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:16.536844969 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:16.536995888 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:16.620942116 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:16.621202946 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:16.758898973 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:16.759104013 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:16.843013048 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:16.843251944 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:16.984941959 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:16.985025883 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:17.060892105 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:17.061038017 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:17.205131054 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:17.205249071 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:17.282845020 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:17.282933950 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:17.422972918 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:17.423091888 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:17.500941992 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:17.501050949 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:17.645083904 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:17.645462036 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:17.720989943 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:17.721875906 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:17.862916946 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:17.865988970 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:17.872910976 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:17.873841047 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:17.910923958 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:17.912424088 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:17.930804014 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Apr 22, 2024 19:07:18.048923969 CEST | 2009 | 49739 | 179.14.8.182 | 192.168.2.4 |
Apr 22, 2024 19:07:18.048994064 CEST | 49739 | 2009 | 192.168.2.4 | 179.14.8.182 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 22, 2024 19:06:03.066065073 CEST | 51961 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 22, 2024 19:06:04.102905989 CEST | 51961 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 22, 2024 19:06:04.926836014 CEST | 53 | 51961 | 1.1.1.1 | 192.168.2.4 |
Apr 22, 2024 19:06:04.926897049 CEST | 53 | 51961 | 1.1.1.1 | 192.168.2.4 |
Apr 22, 2024 19:07:07.090286970 CEST | 57871 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 22, 2024 19:07:07.729243994 CEST | 53 | 57871 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 22, 2024 19:06:03.066065073 CEST | 192.168.2.4 | 1.1.1.1 | 0x8d95 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 22, 2024 19:06:04.102905989 CEST | 192.168.2.4 | 1.1.1.1 | 0x8d95 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 22, 2024 19:07:07.090286970 CEST | 192.168.2.4 | 1.1.1.1 | 0x1434 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 22, 2024 19:06:04.926836014 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d95 | No error (0) | 179.14.8.182 | A (IP address) | IN (0x0001) | false | ||
Apr 22, 2024 19:06:04.926897049 CEST | 1.1.1.1 | 192.168.2.4 | 0x8d95 | No error (0) | 179.14.8.182 | A (IP address) | IN (0x0001) | false | ||
Apr 22, 2024 19:07:07.729243994 CEST | 1.1.1.1 | 192.168.2.4 | 0x1434 | No error (0) | 179.14.8.182 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 19:05:54 |
Start date: | 22/04/2024 |
Path: | C:\Users\user\Desktop\xuI8pQHlxExL.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9c0000 |
File size: | 32'768 bytes |
MD5 hash: | ED064734A0BF02C905E63D64A495364B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 5 |
Start time: | 19:07:17 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 19:07:17 |
Start date: | 22/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 17% |
Dynamic/Decrypted Code Coverage: | 85.4% |
Signature Coverage: | 2% |
Total number of Nodes: | 151 |
Total number of Limit Nodes: | 8 |
Graph
Function 05171930 Relevance: 3.9, Strings: 2, Instructions: 1396COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C3367 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C339E Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051703F8 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BB5DE Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051703E8 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C099C Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0190 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0894 Relevance: 1.6, APIs: 1, Instructions: 88timeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C09BE Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0FC0 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C22CD Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C34E9 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BBC3E Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0346 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BB61E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C01B6 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BB6F4 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C36B7 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C35D3 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C05DD Relevance: 1.6, APIs: 1, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BB9D6 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BA140 Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C2207 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BBD23 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BBC5E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0366 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C31F6 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BA710 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C1282 Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C2869 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C08D2 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0006 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C3BA9 Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C35F6 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C36DA Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BAC03 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C351A Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BB9F6 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0E2C Relevance: 1.6, APIs: 1, Instructions: 60networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C222A Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C060A Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BA2AE Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C3FA9 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C12A2 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C2306 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BAD9F Relevance: 1.6, APIs: 1, Instructions: 54comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C321E Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BB736 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0E4E Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C3E5C Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C1016 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C289A Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BAC2A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BA74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BBD62 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C0032 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BA186 Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C3FCE Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BADCE Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C3BE2 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010BA2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052C3E7E Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0143075C Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05771F4C Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014307C4 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05771DF0 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010CB0A4 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014305E0 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01430880 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01430606 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05771863 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05771E3F Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05771FB7 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010CB0F3 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010B23F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010B23BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |