Windows Analysis Report
lustsorelfar.exe

Overview

General Information

Sample name: lustsorelfar.exe
Analysis ID: 1431560
MD5: 837a823641bc5ba36bc3f49f4e9e8f2d
SHA1: 386b3cbf6be3512ee05638cf79225650dd9361a4
SHA256: aba8b59281faa8c1c43a4ca7af075edd3e3516d3cef058a1f43b093177b8f83c
Infos:

Detection

Score: 68
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Uses dynamic DNS services
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: lustsorelfar.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: lustsorelfar.exe ReversingLabs: Detection: 42%
Source: lustsorelfar.exe Virustotal: Detection: 56% Perma Link
Uses 32bit PE files
Source: lustsorelfar.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: lustsorelfar.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: e:\lustsorelfar\lustsorelfar\obj\Debug\lustsorelfar.pdb source: lustsorelfar.exe
Source: Binary string: e:\lustsorelfar\lustsorelfar\obj\Debug\lustsorelfar.pdb< source: lustsorelfar.exe

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49716
Source: Traffic Snort IDS: 2035904 ET TROJAN MSIL/Crimson Receiving Command (ping) M1 45.14.194.253:5861 -> 192.168.2.5:49716
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49720
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49721
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49722
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49723
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49724
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49725
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49726
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49727
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49728
Source: Traffic Snort IDS: 2035904 ET TROJAN MSIL/Crimson Receiving Command (ping) M1 45.14.194.253:5861 -> 192.168.2.5:49728
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49729
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49730
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49731
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49732
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49733
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49734
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49735
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49736
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49737
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49738
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49739
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49740
Source: Traffic Snort IDS: 2035904 ET TROJAN MSIL/Crimson Receiving Command (ping) M1 45.14.194.253:5861 -> 192.168.2.5:49740
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49741
Source: Traffic Snort IDS: 2035903 ET TROJAN MSIL/Crimson CnC Server Command (info) M1 45.14.194.253:5861 -> 192.168.2.5:49742
Uses dynamic DNS services
Source: unknown DNS query: name: ur253.duckdns.org
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.5:49716 -> 45.14.194.253:5861
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: DEDIPATH-LLCUS DEDIPATH-LLCUS
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: ur253.duckdns.org
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\lustsorelfar.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\Desktop\lustsorelfar.exe Code function: 0_2_00007FF848F15066 0_2_00007FF848F15066
Source: C:\Users\user\Desktop\lustsorelfar.exe Code function: 0_2_00007FF848F12E1C 0_2_00007FF848F12E1C
Uses 32bit PE files
Source: lustsorelfar.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal68.troj.winEXE@1/0@3/1
Source: C:\Users\user\Desktop\lustsorelfar.exe Mutant created: NULL
Source: lustsorelfar.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: lustsorelfar.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\lustsorelfar.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: lustsorelfar.exe ReversingLabs: Detection: 42%
Source: lustsorelfar.exe Virustotal: Detection: 56%
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: lustsorelfar.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: lustsorelfar.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: lustsorelfar.exe Static file information: File size 20822528 > 1048576
Source: lustsorelfar.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x13b7800
Source: lustsorelfar.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: lustsorelfar.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: e:\lustsorelfar\lustsorelfar\obj\Debug\lustsorelfar.pdb source: lustsorelfar.exe
Source: Binary string: e:\lustsorelfar\lustsorelfar\obj\Debug\lustsorelfar.pdb< source: lustsorelfar.exe
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\lustsorelfar.exe Memory allocated: 1B6A8620000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Memory allocated: 1B6C2110000 memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\lustsorelfar.exe Window / User API: threadDelayed 8233 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Window / User API: threadDelayed 1620 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -27670116110564310s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -45000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -44891s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -44781s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -44672s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -44562s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -44453s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -44344s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -44219s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -44109s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -44000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -43891s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -43781s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -43672s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -43562s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -43453s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -43344s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -43219s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -43108s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -43000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -42891s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -42781s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -42672s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -42563s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -42438s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -42313s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -42203s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -42094s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -41969s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -41831s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -41702s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -41594s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -41484s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -41375s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -41266s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -41156s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -41047s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -40937s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -40828s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -40719s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -40609s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -40500s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -40391s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -40266s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -40141s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -40031s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -39922s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -39812s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -39703s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -39594s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe TID: 4672 Thread sleep time: -39484s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 45000 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 44891 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 44781 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 44672 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 44562 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 44453 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 44344 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 44219 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 44109 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 44000 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 43891 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 43781 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 43672 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 43562 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 43453 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 43344 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 43219 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 43108 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 43000 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 42891 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 42781 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 42672 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 42563 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 42438 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 42313 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 42203 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 42094 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 41969 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 41831 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 41702 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 41594 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 41484 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 41375 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 41266 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 41156 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 41047 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 40937 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 40828 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 40719 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 40609 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 40500 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 40391 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 40266 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 40141 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 40031 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 39922 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 39812 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 39703 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 39594 Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Thread delayed: delay time: 39484 Jump to behavior
Source: lustsorelfar.exe, 00000000.00000002.4488797219.000001B6C5820000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll'
Source: C:\Users\user\Desktop\lustsorelfar.exe Process information queried: ProcessInformation Jump to behavior
Enables debug privileges
Source: C:\Users\user\Desktop\lustsorelfar.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\lustsorelfar.exe Queries volume information: C:\Users\user\Desktop\lustsorelfar.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\lustsorelfar.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431560 Sample: lustsorelfar.exe Startdate: 25/04/2024 Architecture: WINDOWS Score: 68 9 ur253.duckdns.org 2->9 13 Snort IDS alert for network traffic 2->13 15 Antivirus / Scanner detection for submitted sample 2->15 17 Multi AV Scanner detection for submitted file 2->17 6 lustsorelfar.exe 2 2->6         started        signatures3 19 Uses dynamic DNS services 9->19 process4 dnsIp5 11 ur253.duckdns.org 45.14.194.253, 49716, 49720, 49721 DEDIPATH-LLCUS Germany 6->11
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
45.14.194.253
 ur253.duckdns.org Germany
35913 DEDIPATH-LLCUS true

Contacted Domains

Name IP Active
ur253.duckdns.org 45.14.194.253 true