Windows
Analysis Report
o7b91j8vnJ.exe
Overview
General Information
Sample name: | o7b91j8vnJ.exerenamed because original name is a hash value |
Original sample name: | 7b3e62bcbeed62a180220669f6a0c548.exe |
Analysis ID: | 1431408 |
MD5: | 7b3e62bcbeed62a180220669f6a0c548 |
SHA1: | 3d12e7bf87ce03fe4c59c5127e225dfd37b7a530 |
SHA256: | 32cad0a627c9f3bf1172d0fc11a5492b2ff20e3e5509f53e0ac83e87d15f2a5d |
Tags: | 32exetrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- o7b91j8vnJ.exe (PID: 6856 cmdline:
"C:\Users\ user\Deskt op\o7b91j8 vnJ.exe" MD5: 7B3E62BCBEED62A180220669F6A0C548) - WerFault.exe (PID: 7128 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 856 -s 151 6 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["demonstationfukewko.shop", "liabilitynighstjsko.shop", "alcojoldwograpciw.shop", "incredibleextedwj.shop", "shortsvelventysjo.shop", "shatterbreathepsw.shop", "tolerateilusidjukl.shop", "productivelookewr.shop", "strollheavengwu.shop"], "Build id": "P6Mk0M--superstar"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
Click to see the 1 entries |
Timestamp: | 04/25/24-01:59:52.426039 |
SID: | 2052229 |
Source Port: | 56700 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-01:59:52.576860 |
SID: | 2052230 |
Source Port: | 49730 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-01:59:56.147948 |
SID: | 2052230 |
Source Port: | 49734 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-01:59:57.117668 |
SID: | 2052230 |
Source Port: | 49735 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-01:59:53.349065 |
SID: | 2052230 |
Source Port: | 49731 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-01:59:59.483318 |
SID: | 2052230 |
Source Port: | 49737 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-01:59:54.263019 |
SID: | 2052230 |
Source Port: | 49732 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-01:59:58.166541 |
SID: | 2052230 |
Source Port: | 49736 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-01:59:55.123309 |
SID: | 2052230 |
Source Port: | 49733 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 0_2_00415999 |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Source: | Code function: | 0_2_00422458 | |
Source: | Code function: | 0_2_0041C540 | |
Source: | Code function: | 0_2_004357CA | |
Source: | Code function: | 0_2_004359E2 | |
Source: | Code function: | 0_2_00414C49 | |
Source: | Code function: | 0_2_00433D10 | |
Source: | Code function: | 0_2_00433D10 | |
Source: | Code function: | 0_2_00424087 | |
Source: | Code function: | 0_2_00424084 | |
Source: | Code function: | 0_2_0040D140 | |
Source: | Code function: | 0_2_00403260 | |
Source: | Code function: | 0_2_00423943 | |
Source: | Code function: | 0_2_0041F234 | |
Source: | Code function: | 0_2_004142F0 | |
Source: | Code function: | 0_2_0041E451 | |
Source: | Code function: | 0_2_0041A420 | |
Source: | Code function: | 0_2_0041A420 | |
Source: | Code function: | 0_2_00414596 | |
Source: | Code function: | 0_2_0041F640 | |
Source: | Code function: | 0_2_004146E6 | |
Source: | Code function: | 0_2_0042271D | |
Source: | Code function: | 0_2_004137C9 | |
Source: | Code function: | 0_2_0041F828 | |
Source: | Code function: | 0_2_0041A8C0 | |
Source: | Code function: | 0_2_0042F890 | |
Source: | Code function: | 0_2_0042594F | |
Source: | Code function: | 0_2_004259CD | |
Source: | Code function: | 0_2_004259D2 | |
Source: | Code function: | 0_2_00411A44 | |
Source: | Code function: | 0_2_0040FA49 | |
Source: | Code function: | 0_2_00431A70 | |
Source: | Code function: | 0_2_0041CAEC | |
Source: | Code function: | 0_2_00437C47 | |
Source: | Code function: | 0_2_00437C45 | |
Source: | Code function: | 0_2_00413C46 | |
Source: | Code function: | 0_2_00421CC7 | |
Source: | Code function: | 0_2_00424CB0 | |
Source: | Code function: | 0_2_00415D7D | |
Source: | Code function: | 0_2_00413E4A | |
Source: | Code function: | 0_2_041EF49B | |
Source: | Code function: | 0_2_041E7494 | |
Source: | Code function: | 0_2_041F3BAA | |
Source: | Code function: | 0_2_041D34C7 | |
Source: | Code function: | 0_2_041E4557 | |
Source: | Code function: | 0_2_041EA687 | |
Source: | Code function: | 0_2_041EA687 | |
Source: | Code function: | 0_2_041F26BF | |
Source: | Code function: | 0_2_041EE6B8 | |
Source: | Code function: | 0_2_041EC7A7 | |
Source: | Code function: | 0_2_041E47FD | |
Source: | Code function: | 0_2_041E40B1 | |
Source: | Code function: | 0_2_041F42EE | |
Source: | Code function: | 0_2_041F42EB | |
Source: | Code function: | 0_2_041ED377 | |
Source: | Code function: | 0_2_041DD3A7 | |
Source: | Code function: | 0_2_041F5C39 | |
Source: | Code function: | 0_2_041F5C34 | |
Source: | Code function: | 0_2_04205C49 | |
Source: | Code function: | 0_2_041DFCB0 | |
Source: | Code function: | 0_2_041E1CAB | |
Source: | Code function: | 0_2_04201CD7 | |
Source: | Code function: | 0_2_04207EAC | |
Source: | Code function: | 0_2_04207EAE | |
Source: | Code function: | 0_2_041E4EB0 | |
Source: | Code function: | 0_2_041E3EAD | |
Source: | Code function: | 0_2_041F4F17 | |
Source: | Code function: | 0_2_041F1F2E | |
Source: | Code function: | 0_2_04203F77 | |
Source: | Code function: | 0_2_04203F77 | |
Source: | Code function: | 0_2_041E5FE4 | |
Source: | Code function: | 0_2_041EF8A7 | |
Source: | Code function: | 0_2_041E494D | |
Source: | Code function: | 0_2_041F2984 | |
Source: | Code function: | 0_2_04205A31 | |
Source: | Code function: | 0_2_041E3A30 | |
Source: | Code function: | 0_2_041EFA8F | |
Source: | Code function: | 0_2_041FFAF7 | |
Source: | Code function: | 0_2_041EAB27 | |
Source: | Code function: | 0_2_041F5BB6 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0042C500 |
Source: | Code function: | 0_2_0042C500 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00432010 | |
Source: | Code function: | 0_2_004204B7 | |
Source: | Code function: | 0_2_00404740 | |
Source: | Code function: | 0_2_00420CA0 | |
Source: | Code function: | 0_2_00406030 | |
Source: | Code function: | 0_2_00403260 | |
Source: | Code function: | 0_2_004052F0 | |
Source: | Code function: | 0_2_004065F0 | |
Source: | Code function: | 0_2_004345F0 | |
Source: | Code function: | 0_2_0040F690 | |
Source: | Code function: | 0_2_004397D0 | |
Source: | Code function: | 0_2_0042594F | |
Source: | Code function: | 0_2_004259D2 | |
Source: | Code function: | 0_2_00431A70 | |
Source: | Code function: | 0_2_0041CAEC | |
Source: | Code function: | 0_2_00439AF0 | |
Source: | Code function: | 0_2_00407CB0 | |
Source: | Code function: | 0_2_00403D70 | |
Source: | Code function: | 0_2_00402E70 | |
Source: | Code function: | 0_2_041D34C7 | |
Source: | Code function: | 0_2_041D55DB | |
Source: | Code function: | 0_2_041D30D7 | |
Source: | Code function: | 0_2_041D1267 | |
Source: | Code function: | 0_2_041D6297 | |
Source: | Code function: | 0_2_041F5C39 | |
Source: | Code function: | 0_2_04201CD7 | |
Source: | Code function: | 0_2_04209D57 | |
Source: | Code function: | 0_2_041D7F17 | |
Source: | Code function: | 0_2_041F0F07 | |
Source: | Code function: | 0_2_041D3FD7 | |
Source: | Code function: | 0_2_041DF824 | |
Source: | Code function: | 0_2_04204857 | |
Source: | Code function: | 0_2_041DF8F7 | |
Source: | Code function: | 0_2_041D49A7 | |
Source: | Code function: | 0_2_04209A37 | |
Source: | Code function: | 0_2_041F5BB6 |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_04265BD6 |
Source: | Code function: | 0_2_00429597 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_0043FBE8 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00433CC0 |
Source: | Code function: | 0_2_041D0D90 | |
Source: | Code function: | 0_2_041D092B | |
Source: | Code function: | 0_2_042654B3 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 31 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
43% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1312652 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
14% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
16% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
11% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
5% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
16% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
17% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
10% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
17% | Virustotal | Browse | ||
10% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
14% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
17% | Virustotal | Browse | ||
1% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
strollheavengwu.shop | 172.67.163.209 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | unknown | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.163.209 | strollheavengwu.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431408 |
Start date and time: | 2024-04-25 01:59:04 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | o7b91j8vnJ.exerenamed because original name is a hash value |
Original Sample Name: | 7b3e62bcbeed62a180220669f6a0c548.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@2/5@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.73.29
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
01:59:52 | API Interceptor | |
02:00:12 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.163.209 | Get hash | malicious | LummaC | Browse | ||
Get hash | malicious | LummaC | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
strollheavengwu.shop | Get hash | malicious | BitRAT, HTMLPhisher | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | HTMLPhisher, TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher, TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Remcos, DBatLoader | Browse |
| |
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_o7b91j8vnJ.exe_dfc5acfeaf57144235ca737a897d40b288f6a0b4_c3f06f9e_887bb615-5d50-4f8c-b092-fcd390f7cce2\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9934271082223628 |
Encrypted: | false |
SSDEEP: | 96:e4UX7ElusHhqPxF7qPcfAQXIDcQF8c6icE1cw3CPQ+HbHg/wWGTf3hOycISWLTvw:wAluB6s078m/MjsKFPzuiFTZ24IO83 |
MD5: | 09766CAD2C8252329B0C0E6A261576E3 |
SHA1: | D44ACD4CE846308E24626D2F15AF3138B0187745 |
SHA-256: | 4B92D03D72B18F6F94B41E9B4D913E63DCAD6EB5ABEBB2132203847739E8F3A1 |
SHA-512: | 90FC458D14D5F1A85CB468FF8728D9F7402058963E431B1EBE07D466AEE229E41D435295577C50064653444DDD1929D5222999BDBBDBF60F8528B5682A69E54D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 52446 |
Entropy (8bit): | 2.8165147753445083 |
Encrypted: | false |
SSDEEP: | 192:3wsX4UDvycwqOcO7BKdrRZa8MwkV/iUkgomcc3E413zwKA7gDnN:glKv1y7BKbw7B/xkgzu4tzhA7gR |
MD5: | A81AF11FDFEAAD7BB87F6E9109731741 |
SHA1: | FAA640E4F1A8D3446EA9E72A2973C6269DBDCE2D |
SHA-256: | 7B6CF8032FBC0359C65F0E2DA438E0FA2BD4A6CC603897A53FBAD8C13AF27775 |
SHA-512: | A225E97E14B458BA47C2D1570E9FF774B4F85800D2643CFAEEAD30D067F4AC34CD85B73CF91B5AA763CCEFFD1FBC997B8441F785F2353622C1A7C1E6E9586A24 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8328 |
Entropy (8bit): | 3.700687069618279 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJml6W6Y9/SU9/qsKgmf7NWWpDG89b1psffnm:R6lXJk6W6Y1SU9yhgmf7NWk1Cfu |
MD5: | 6FCE49AF3704AC1CC785D82A04014867 |
SHA1: | 0038071B439E7D05B6C90BEB60A5B7F35372C321 |
SHA-256: | 46A6DB5EBB541F357C1AFB9F1E4E7A3A440D8A17E7E9A1801004636656D5759B |
SHA-512: | 138B77F5FF98348D89DBF56907782FA8A670E680B1C712A5939D7C3C2E25A386555367C4893BEF407F0EE741D78E13B8A15ABD150A33E5342EDD8DCB2AC8E63A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4579 |
Entropy (8bit): | 4.4601599494161555 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zscuJg77aI9/EWpW8VYIYm8M4J19F1z+q8KnYdPrkd:uIjfDI7Nd7VEJbnYFrkd |
MD5: | B892C93A6E619EF4D62C8618317AF652 |
SHA1: | DE149DAC8EB92F0B7AC6E9CB6168CFCC56986D20 |
SHA-256: | 556D43615A49FD9BFC3ED902838B108E0356F80F1813A42CFE618AD6C8CB3893 |
SHA-512: | 5845814C362C1CC78B5A9BC47D55856A671A5B927F3C46494E250D1A36CD97858D1B473F1D1947A564B0D8A310C82FC40F49515DBD4B8A66719292BB1182C23E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.4654601505258285 |
Encrypted: | false |
SSDEEP: | 6144:cIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN+dwBCswSbB:hXD94+WlLZMM6YFHw+B |
MD5: | 3D4D4217710C749D6E4D2323B104242F |
SHA1: | E931F9E41EEA0C9A81A8C3A024EDE256E0A3D70B |
SHA-256: | 004F9FDF8727A998FEF89CA68D4D01E2830963B106066925A8630BF30EDC3738 |
SHA-512: | 88C984B4AAE0DC3E65D2780CBF712C472C13D5068AC46364DCB916A577155AAF2458379C139882F7D1E870E5F622837CDF10DC81A6EF220B716631EF20045427 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.142245208908651 |
TrID: |
|
File name: | o7b91j8vnJ.exe |
File size: | 360'960 bytes |
MD5: | 7b3e62bcbeed62a180220669f6a0c548 |
SHA1: | 3d12e7bf87ce03fe4c59c5127e225dfd37b7a530 |
SHA256: | 32cad0a627c9f3bf1172d0fc11a5492b2ff20e3e5509f53e0ac83e87d15f2a5d |
SHA512: | fe3456aecbfa5609623e616eaaaa8eec07b69ab5447f91358afa274e5c197e4e6784dce97822e7d4f3d5e695902fc25ceebb83d988da0afe552597d8821fce7f |
SSDEEP: | 6144:NFWphCWXvIcpTGjr9wOgl3Oi3uBa0RwR9ZW2GCEdEL4tRDs:vWphFfANFgl3Pt0+R91cdELuRDs |
TLSH: | 0974F01972D1C0B1E473DA361979ABA1062FFCB299718E57334C364E0D315D0AB3ABA7 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.................O.......p.v.....q.$...............e....su.......K......sN.....Rich....................PE..L...?U.c........... |
Icon Hash: | 4b255149654d410d |
Entrypoint: | 0x40416c |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x63B0553F [Sat Dec 31 15:29:03 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 7dd08063ba15d7295e29dcfabb5e9889 |
Instruction |
---|
call 00007FF264D41EDFh |
jmp 00007FF264D3CAE5h |
push 00000014h |
push 00417038h |
call 00007FF264D3EF43h |
call 00007FF264D420B0h |
movzx esi, ax |
push 00000002h |
call 00007FF264D41E72h |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [00400000h], ax |
je 00007FF264D3CAE6h |
xor ebx, ebx |
jmp 00007FF264D3CB15h |
mov eax, dword ptr [0040003Ch] |
cmp dword ptr [eax+00400000h], 00004550h |
jne 00007FF264D3CACDh |
mov ecx, 0000010Bh |
cmp word ptr [eax+00400018h], cx |
jne 00007FF264D3CABFh |
xor ebx, ebx |
cmp dword ptr [eax+00400074h], 0Eh |
jbe 00007FF264D3CAEBh |
cmp dword ptr [eax+004000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007FF264D3E178h |
test eax, eax |
jne 00007FF264D3CAEAh |
push 0000001Ch |
call 00007FF264D3CBC1h |
pop ecx |
call 00007FF264D41A70h |
test eax, eax |
jne 00007FF264D3CAEAh |
push 00000010h |
call 00007FF264D3CBB0h |
pop ecx |
call 00007FF264D41EEBh |
and dword ptr [ebp-04h], 00000000h |
call 00007FF264D3FF84h |
test eax, eax |
jns 00007FF264D3CAEAh |
push 0000001Bh |
call 00007FF264D3CB96h |
pop ecx |
call dword ptr [004110B0h] |
mov dword ptr [04037EC4h], eax |
call 00007FF264D41F06h |
mov dword ptr [0044A42Ch], eax |
call 00007FF264D41AC3h |
test eax, eax |
jns 00007FF264D3CAEAh |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x17444 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3c38000 | 0xd7b8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3c46000 | 0x1360 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x111f0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x16968 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x11000 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xfd95 | 0xfe00 | 365546d68981e366f6b9cf5485563051 | False | 0.6054995078740157 | data | 6.708569599816657 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x11000 | 0x6cd6 | 0x6e00 | 26624ee46364d168c3e5277e233a1467 | False | 0.389453125 | data | 4.7388444549239 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x18000 | 0x3c1fec8 | 0x32600 | 5ed17408e1eeab96febd5e93f53c97e6 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x3c38000 | 0xd7b8 | 0xd800 | 902e0d7792120bfbda96c4d0c7972c65 | False | 0.5134186921296297 | data | 5.461355913258432 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x3c46000 | 0x1360 | 0x1400 | a0c45b25d29a60da6243876bf6dbab61 | False | 0.76640625 | data | 6.489757211193242 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
AFX_DIALOG_LAYOUT | 0x3c44e38 | 0xe | data | 1.5714285714285714 | ||
RT_ICON | 0x3c384a0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Romanian | Romania | 0.5660980810234542 |
RT_ICON | 0x3c39348 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Romanian | Romania | 0.5505415162454874 |
RT_ICON | 0x3c39bf0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Romanian | Romania | 0.6192196531791907 |
RT_ICON | 0x3c3a158 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.462448132780083 |
RT_ICON | 0x3c3c700 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Romanian | Romania | 0.4861632270168856 |
RT_ICON | 0x3c3d7a8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Romanian | Romania | 0.4971311475409836 |
RT_ICON | 0x3c3e130 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.4530141843971631 |
RT_ICON | 0x3c3e600 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Romanian | Romania | 0.42217484008528783 |
RT_ICON | 0x3c3f4a8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Romanian | Romania | 0.47879061371841153 |
RT_ICON | 0x3c3fd50 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.5806451612903226 |
RT_ICON | 0x3c40418 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Romanian | Romania | 0.48627167630057805 |
RT_ICON | 0x3c40980 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.46939834024896265 |
RT_ICON | 0x3c42f28 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Romanian | Romania | 0.4842870544090056 |
RT_ICON | 0x3c43fd0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Romanian | Romania | 0.5016393442622951 |
RT_ICON | 0x3c44958 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.5531914893617021 |
RT_STRING | 0x3c45080 | 0x49a | data | Romanian | Romania | 0.45161290322580644 |
RT_STRING | 0x3c45520 | 0x292 | data | Romanian | Romania | 0.49240121580547114 |
RT_GROUP_ICON | 0x3c3e598 | 0x68 | data | Romanian | Romania | 0.6923076923076923 |
RT_GROUP_ICON | 0x3c44dc0 | 0x76 | data | Romanian | Romania | 0.6779661016949152 |
RT_VERSION | 0x3c44e48 | 0x238 | data | 0.5299295774647887 |
DLL | Import |
---|---|
KERNEL32.dll | GetSystemDefaultLangID, GlobalMemoryStatus, GetLocaleInfoA, FindResourceExW, LocalCompact, InterlockedDecrement, GetComputerNameW, CreateHardLinkA, BackupSeek, GetTickCount, GetConsoleAliasesA, GetWindowsDirectoryA, EnumTimeFormatsW, GetUserDefaultLangID, SetCommState, GlobalAlloc, LoadLibraryW, ReadConsoleInputA, WriteConsoleW, GetModuleFileNameW, MultiByteToWideChar, GetLastError, ChangeTimerQueueTimer, SetLastError, GetThreadLocale, GetProcAddress, RemoveDirectoryA, SetFileAttributesA, BuildCommDCBW, LoadLibraryA, GetExitCodeThread, AddAtomW, GlobalFindAtomW, GetOEMCP, LoadLibraryExA, VirtualProtect, SetCalendarInfoA, GetConsoleProcessList, GetTempPathA, GetVolumeInformationW, HeapAlloc, EncodePointer, DecodePointer, IsProcessorFeaturePresent, GetCommandLineA, RaiseException, RtlUnwind, IsDebuggerPresent, HeapFree, ExitProcess, GetModuleHandleExW, WideCharToMultiByte, GetStdHandle, WriteFile, GetProcessHeap, EnterCriticalSection, LeaveCriticalSection, FlushFileBuffers, GetConsoleCP, GetConsoleMode, DeleteCriticalSection, HeapSize, GetFileType, GetStartupInfoW, CloseHandle, GetCurrentThreadId, GetModuleFileNameA, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, LoadLibraryExW, IsValidCodePage, GetACP, GetCPInfo, OutputDebugStringW, SetStdHandle, SetFilePointerEx, HeapReAlloc, LCMapStringW, GetStringTypeW, CreateFileW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Romanian | Romania |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/25/24-01:59:52.426039 | UDP | 2052229 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (strollheavengwu .shop) | 56700 | 53 | 192.168.2.4 | 1.1.1.1 |
04/25/24-01:59:52.576860 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
04/25/24-01:59:56.147948 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
04/25/24-01:59:57.117668 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
04/25/24-01:59:53.349065 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
04/25/24-01:59:59.483318 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
04/25/24-01:59:54.263019 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
04/25/24-01:59:58.166541 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
04/25/24-01:59:55.123309 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 01:59:52.572989941 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:52.573046923 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:52.573153973 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:52.576859951 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:52.576878071 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:52.816279888 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:52.816553116 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:52.819520950 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:52.819533110 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:52.819885015 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:52.860140085 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:52.900993109 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:52.901043892 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:52.901201963 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:53.340559959 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:53.340780973 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:53.340861082 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:53.343178034 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:53.343203068 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:53.348597050 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:53.348692894 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:53.348786116 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:53.349065065 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:53.349100113 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:53.581455946 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:53.581588030 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:53.652034044 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:53.652128935 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:53.652484894 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:53.653745890 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:53.653791904 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:53.653857946 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.118079901 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.118146896 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.118191957 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.118232012 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.118246078 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.118282080 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.118299961 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.118324995 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.118361950 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.118369102 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.118490934 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.118527889 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.118535042 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.118578911 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.118613005 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.118618965 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.119164944 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.119200945 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.119208097 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.119277954 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.119318008 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.119379044 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.119395971 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.119410038 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.119415998 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.262543917 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.262598991 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.262675047 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.263019085 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.263034105 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.489768982 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.489856005 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.491581917 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.491614103 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.491851091 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.493168116 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.493335009 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.493380070 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:54.493453026 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:54.493467093 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.020482063 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.020596027 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.020656109 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:55.020768881 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:55.020831108 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.122878075 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:55.122920990 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.123001099 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:55.123308897 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:55.123318911 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.350574017 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.350784063 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:55.352168083 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:55.352176905 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.352377892 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.353674889 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:55.353801012 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:55.353827000 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.865180969 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.865273952 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:55.865330935 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:55.865459919 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:55.865473032 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:56.147443056 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:56.147492886 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:56.147686005 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:56.147948027 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:56.147969007 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:56.378156900 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:56.378254890 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:56.379575014 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:56.379587889 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:56.379796982 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:56.381138086 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:56.381289959 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:56.381321907 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:56.381405115 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:56.381416082 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:56.948148966 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:56.948262930 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:56.948322058 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:56.948460102 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:56.948481083 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:57.109133959 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:57.109210968 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:57.109707117 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:57.117667913 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:57.117707968 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:57.345380068 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:57.345483065 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:57.346775055 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:57.346807003 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:57.347023964 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:57.348160982 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:57.348295927 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:57.348331928 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:57.869036913 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:57.869142056 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:57.869204998 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:57.869374037 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:57.869398117 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:58.165934086 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:58.166039944 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:58.166143894 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:58.166541100 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:58.166575909 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:58.397083044 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:58.397293091 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:58.398644924 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:58.398674011 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:58.399130106 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:58.400417089 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:58.400517941 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:58.400536060 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:58.892728090 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:58.892904997 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:58.892973900 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:58.893078089 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:58.893120050 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.482790947 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.482896090 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.483002901 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.483318090 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.483355045 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.713880062 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.713987112 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.715706110 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.715739012 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.716116905 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.717437983 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.718386889 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.718436956 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.718548059 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.718597889 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.718733072 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.718777895 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.718936920 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.718971968 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.719155073 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.719192028 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.719382048 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.719422102 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.719446898 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.719562054 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.719609022 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.764120102 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.764328003 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.764409065 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.764435053 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.812119961 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.812279940 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.812331915 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.812360048 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.860115051 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 01:59:59.860294104 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 01:59:59.904160023 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 02:00:00.049961090 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 02:00:01.298826933 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 02:00:01.298960924 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Apr 25, 2024 02:00:01.299026966 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 02:00:01.299232006 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
Apr 25, 2024 02:00:01.299252987 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 01:59:52.426038980 CEST | 56700 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 25, 2024 01:59:52.562253952 CEST | 53 | 56700 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 25, 2024 01:59:52.426038980 CEST | 192.168.2.4 | 1.1.1.1 | 0x27f0 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 25, 2024 01:59:52.562253952 CEST | 1.1.1.1 | 192.168.2.4 | 0x27f0 | No error (0) | 172.67.163.209 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:59:52.562253952 CEST | 1.1.1.1 | 192.168.2.4 | 0x27f0 | No error (0) | 104.21.15.198 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 172.67.163.209 | 443 | 6856 | C:\Users\user\Desktop\o7b91j8vnJ.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:59:52 UTC | 267 | OUT | |
2024-04-24 23:59:52 UTC | 8 | OUT | |
2024-04-24 23:59:53 UTC | 810 | IN | |
2024-04-24 23:59:53 UTC | 7 | IN | |
2024-04-24 23:59:53 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49731 | 172.67.163.209 | 443 | 6856 | C:\Users\user\Desktop\o7b91j8vnJ.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:59:53 UTC | 268 | OUT | |
2024-04-24 23:59:53 UTC | 58 | OUT | |
2024-04-24 23:59:54 UTC | 814 | IN | |
2024-04-24 23:59:54 UTC | 555 | IN | |
2024-04-24 23:59:54 UTC | 1369 | IN | |
2024-04-24 23:59:54 UTC | 1369 | IN | |
2024-04-24 23:59:54 UTC | 1369 | IN | |
2024-04-24 23:59:54 UTC | 1369 | IN | |
2024-04-24 23:59:54 UTC | 1369 | IN | |
2024-04-24 23:59:54 UTC | 1369 | IN | |
2024-04-24 23:59:54 UTC | 1369 | IN | |
2024-04-24 23:59:54 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49732 | 172.67.163.209 | 443 | 6856 | C:\Users\user\Desktop\o7b91j8vnJ.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:59:54 UTC | 286 | OUT | |
2024-04-24 23:59:54 UTC | 15331 | OUT | |
2024-04-24 23:59:54 UTC | 2836 | OUT | |
2024-04-24 23:59:55 UTC | 812 | IN | |
2024-04-24 23:59:55 UTC | 23 | IN | |
2024-04-24 23:59:55 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49733 | 172.67.163.209 | 443 | 6856 | C:\Users\user\Desktop\o7b91j8vnJ.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:59:55 UTC | 285 | OUT | |
2024-04-24 23:59:55 UTC | 8788 | OUT | |
2024-04-24 23:59:55 UTC | 808 | IN | |
2024-04-24 23:59:55 UTC | 23 | IN | |
2024-04-24 23:59:55 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49734 | 172.67.163.209 | 443 | 6856 | C:\Users\user\Desktop\o7b91j8vnJ.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:59:56 UTC | 286 | OUT | |
2024-04-24 23:59:56 UTC | 15331 | OUT | |
2024-04-24 23:59:56 UTC | 5110 | OUT | |
2024-04-24 23:59:56 UTC | 812 | IN | |
2024-04-24 23:59:56 UTC | 23 | IN | |
2024-04-24 23:59:56 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49735 | 172.67.163.209 | 443 | 6856 | C:\Users\user\Desktop\o7b91j8vnJ.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:59:57 UTC | 285 | OUT | |
2024-04-24 23:59:57 UTC | 5438 | OUT | |
2024-04-24 23:59:57 UTC | 802 | IN | |
2024-04-24 23:59:57 UTC | 23 | IN | |
2024-04-24 23:59:57 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49736 | 172.67.163.209 | 443 | 6856 | C:\Users\user\Desktop\o7b91j8vnJ.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:59:58 UTC | 285 | OUT | |
2024-04-24 23:59:58 UTC | 1412 | OUT | |
2024-04-24 23:59:58 UTC | 806 | IN | |
2024-04-24 23:59:58 UTC | 23 | IN | |
2024-04-24 23:59:58 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49737 | 172.67.163.209 | 443 | 6856 | C:\Users\user\Desktop\o7b91j8vnJ.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:59:59 UTC | 287 | OUT | |
2024-04-24 23:59:59 UTC | 15331 | OUT | |
2024-04-24 23:59:59 UTC | 15331 | OUT | |
2024-04-24 23:59:59 UTC | 15331 | OUT | |
2024-04-24 23:59:59 UTC | 15331 | OUT | |
2024-04-24 23:59:59 UTC | 15331 | OUT | |
2024-04-24 23:59:59 UTC | 15331 | OUT | |
2024-04-24 23:59:59 UTC | 15331 | OUT | |
2024-04-24 23:59:59 UTC | 15331 | OUT | |
2024-04-24 23:59:59 UTC | 15331 | OUT | |
2024-04-24 23:59:59 UTC | 15331 | OUT | |
2024-04-25 00:00:01 UTC | 808 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:59:50 |
Start date: | 25/04/2024 |
Path: | C:\Users\user\Desktop\o7b91j8vnJ.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 360'960 bytes |
MD5 hash: | 7B3E62BCBEED62A180220669F6A0C548 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 02:00:00 |
Start date: | 25/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x880000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.3% |
Dynamic/Decrypted Code Coverage: | 8.2% |
Signature Coverage: | 25.8% |
Total number of Nodes: | 376 |
Total number of Limit Nodes: | 19 |
Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404740 Relevance: 5.5, Strings: 4, Instructions: 501COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04265BD6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414C49 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C540 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433CC0 Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004137C9 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004204B7 Relevance: .4, Instructions: 438COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420CA0 Relevance: .4, Instructions: 371COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432010 Relevance: .3, Instructions: 300COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433D10 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422458 Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004357CA Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004359E2 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429597 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436041 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 92libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D608 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417810 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427F5A Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427F84 Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436209 Relevance: 1.6, APIs: 1, Instructions: 87libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435F1F Relevance: 1.6, APIs: 1, Instructions: 68libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433B50 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004375CD Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437663 Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433C2A Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04265895 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C500 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D49A7 Relevance: 5.5, Strings: 4, Instructions: 501COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052F0 Relevance: 3.4, Strings: 2, Instructions: 851COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D55DB Relevance: 3.3, Strings: 2, Instructions: 809COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041F3BAA Relevance: 3.1, Strings: 2, Instructions: 643COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D1267 Relevance: 3.0, Strings: 2, Instructions: 518COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04209D57 Relevance: 2.8, Strings: 2, Instructions: 310COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439AF0 Relevance: 2.8, Strings: 2, Instructions: 310COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041E40B1 Relevance: 2.6, Strings: 2, Instructions: 146COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413E4A Relevance: 2.6, Strings: 2, Instructions: 146COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041E4EB0 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041F42EB Relevance: 1.9, Strings: 1, Instructions: 676COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041F42EE Relevance: 1.9, Strings: 1, Instructions: 650COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041EC7A7 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041EAB27 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A8C0 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041EA687 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A420 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004065F0 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041E3EAD Relevance: 1.4, Strings: 1, Instructions: 106COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413C46 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041EF49B Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041E3A30 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F234 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041F2984 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042271D Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041EE6B8 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E451 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D7F17 Relevance: .9, Instructions: 863COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407CB0 Relevance: .9, Instructions: 863COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D34C7 Relevance: .7, Instructions: 739COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403260 Relevance: .7, Instructions: 739COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04204857 Relevance: .7, Instructions: 654COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004345F0 Relevance: .7, Instructions: 654COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D3FD7 Relevance: .6, Instructions: 606COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403D70 Relevance: .6, Instructions: 606COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D6297 Relevance: .5, Instructions: 506COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406030 Relevance: .5, Instructions: 506COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041F5BB6 Relevance: .4, Instructions: 439COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042594F Relevance: .4, Instructions: 439COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041F5C39 Relevance: .4, Instructions: 438COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004259D2 Relevance: .4, Instructions: 438COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041F5C34 Relevance: .4, Instructions: 388COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004259CD Relevance: .4, Instructions: 388COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041F0F07 Relevance: .4, Instructions: 371COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04209A37 Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004397D0 Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041DF824 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04203F77 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04201CD7 Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431A70 Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041F26BF Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041E4557 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004142F0 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041E5FE4 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041DF8F7 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F690 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415D7D Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041E494D Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04205A31 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004146E6 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D30D7 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E70 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041EFA8F Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F828 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041EF8A7 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F640 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04205C49 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041F4F17 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424CB0 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041FFAF7 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F890 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041ED377 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 042654B3 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041E1CAB Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411A44 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041F1F2E Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421CC7 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041D0D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041DFCB0 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FA49 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041DD3A7 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D140 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041E7494 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041E47FD Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04207EAC Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04207EAE Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414596 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437C47 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437C45 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041FC767 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |