Windows
Analysis Report
bUPt.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- bUPt.exe (PID: 1308 cmdline:
"C:\Users\ user\Deskt op\bUPt.ex e" MD5: B0F3CA4450A2F669B927AE1517DAC1E7) - cmd.exe (PID: 2496 cmdline:
cmd.exe /C Y /N /D Y /T 1 & De l "C:\User s\user\Des ktop\bUPt. exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 1420 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- chrome.exe (PID: 6768 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://% 3cfnc1%3e( 79)/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7300 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2172 --fi eld-trial- handle=198 8,i,130260 4625463779 6549,15956 3227373016 5584,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
NjRAT | RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored. |
{"Host": "patria.duckdns.org", "Port": "1994", "Campaign ID": "NYAN CAT", "Network Seprator": "@!#&^%$", "Registry": "f179c84c13a"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Timestamp: | 05/03/24-20:09:02.028125 |
SID: | 2033132 |
Source Port: | 49735 |
Destination Port: | 1994 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/03/24-20:09:17.544251 |
SID: | 2825564 |
Source Port: | 49735 |
Destination Port: | 1994 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/03/24-20:09:02.415867 |
SID: | 2825563 |
Source Port: | 49735 |
Destination Port: | 1994 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_015D19F0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_052622AA | |
Source: | Code function: | 0_2_05262273 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: |
Source: | Code function: | 0_2_057D06E2 | |
Source: | Code function: | 0_2_057D05BA |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 Input Capture | 1 Security Software Discovery | Remote Services | 1 Input Capture | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 2 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Process Injection | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | 23 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 File Deletion | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
75% | Virustotal | Browse | ||
100% | Avira | TR/Dropper.Gen7 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
17% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
17% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 142.251.40.206 | true | false | high | |
www.google.com | 142.250.80.36 | true | false | high | |
patria.duckdns.org | 46.246.80.19 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.80.36 | www.google.com | United States | 15169 | GOOGLEUS | false | |
46.246.80.19 | patria.duckdns.org | Sweden | 42708 | PORTLANEwwwportlanecomSE | true | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.4 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436115 |
Start date and time: | 2024-05-03 20:08:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | bUPt.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@23/1@5/5 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.80.99, 142.250.72.110, 172.253.122.84, 34.104.35.123, 23.206.121.47, 192.229.211.108, 142.250.176.195, 142.250.80.78
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
patria.duckdns.org | Get hash | malicious | AsyncRAT, DcRat | Browse |
| |
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
google.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PORTLANEwwwportlanecomSE | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | WSHRat, AgentTesla | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | Njrat | Browse |
| ||
Get hash | malicious | AsyncRAT, PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Njrat | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Users\user\Desktop\bUPt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 907 |
Entropy (8bit): | 5.243019596074263 |
Encrypted: | false |
SSDEEP: | 24:MLF2CpI329Iz52VMzffup26KTnKoO2+b2hHAa/:MwQd9IzoaXuY6Ux+SF/ |
MD5: | 48A0572426885EBDE53CA62C7F2E194E |
SHA1: | 035628CDF6276367F6C83E9F4AA2172933850AA8 |
SHA-256: | 4C68E10691304CAC8DA65A05CF2580728EC0E294104F267840712AF1C46A6538 |
SHA-512: | DEFE728C2312918D94BD43C98908C08CCCA5EBFB77F873779DCA784F14C607B33A4E29AC5ECB798F2F741668B7692F72BCB60DEFD536EA86B296B64FA359C42D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 3.807256628078615 |
TrID: |
|
File name: | bUPt.exe |
File size: | 32'768 bytes |
MD5: | b0f3ca4450a2f669b927ae1517dac1e7 |
SHA1: | 7390d9dcd74c4c40f536c8f490f0ba1580523c77 |
SHA256: | 81c18c346ad57ff5c4dc07fe51b0e9411704cb9df362aefd6d6275f6f9660d47 |
SHA512: | de72099a2b301b683534a163a4b3c918a035d1f2f2e25c714e5133b3ad3a62b201b14a200b3459cfa19ae339ec9035eaedd26be27fd70fe1db5b11e84b7ca936 |
SSDEEP: | 384:O0bUe5XB4e0XvObfixBr/QdWTStTUFQqzFqObbm:fT9BumTifrYfkbm |
TLSH: | 41E2F84A7BB94125C6BD2AFC8CB313210772E3478532EB5F5CDC88CA4F676D04255AEA |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5f.................P... ......ng... ........@.. ....................................@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x40676e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66351AD6 [Fri May 3 17:11:50 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x671c | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8000 | 0x2b0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x4774 | 0x5000 | 6d2b3ed5c9408fe653eaedb82933da1c | False | 0.475439453125 | data | 5.298284360002511 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x8000 | 0x2b0 | 0x1000 | b5a4502eac901202af7dd46d217cb488 | False | 0.077880859375 | data | 0.6886353743137013 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xa000 | 0xc | 0x1000 | 34585954bedb30c5084980db7d41ad8f | False | 0.0087890625 | data | 0.013126943721219527 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x8058 | 0x254 | data | 0.46308724832214765 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/03/24-20:09:02.028125 | TCP | 2033132 | ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
05/03/24-20:09:17.544251 | TCP | 2825564 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
05/03/24-20:09:02.415867 | TCP | 2825563 | ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 3, 2024 20:08:48.399949074 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
May 3, 2024 20:08:50.165585041 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 3, 2024 20:08:59.776361942 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 3, 2024 20:09:01.679516077 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:01.926908970 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:01.926981926 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:02.028125048 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:02.415805101 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:02.415867090 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:02.714296103 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:03.401492119 CEST | 49738 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:09:03.401530981 CEST | 443 | 49738 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:09:03.401629925 CEST | 49738 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:09:03.401850939 CEST | 49738 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:09:03.401865959 CEST | 443 | 49738 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:09:03.605643034 CEST | 443 | 49738 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:09:03.606256962 CEST | 49738 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:09:03.606271029 CEST | 443 | 49738 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:09:03.607464075 CEST | 443 | 49738 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:09:03.607527971 CEST | 49738 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:09:03.608624935 CEST | 49738 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:09:03.608690023 CEST | 443 | 49738 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:09:03.649167061 CEST | 49738 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:09:03.649188995 CEST | 443 | 49738 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:09:03.696054935 CEST | 49738 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:09:05.843946934 CEST | 49739 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:05.843996048 CEST | 443 | 49739 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:05.844091892 CEST | 49739 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:05.876461983 CEST | 49739 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:05.876486063 CEST | 443 | 49739 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.069367886 CEST | 443 | 49739 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.069494963 CEST | 49739 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.072040081 CEST | 49739 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.072050095 CEST | 443 | 49739 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.072350979 CEST | 443 | 49739 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.114228010 CEST | 49739 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.160114050 CEST | 443 | 49739 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.245925903 CEST | 443 | 49739 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.246170044 CEST | 443 | 49739 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.246221066 CEST | 49739 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.246247053 CEST | 443 | 49739 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.246267080 CEST | 49739 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.246267080 CEST | 49739 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.246275902 CEST | 443 | 49739 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.246283054 CEST | 443 | 49739 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.321109056 CEST | 49740 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.321182966 CEST | 443 | 49740 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.321257114 CEST | 49740 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.321661949 CEST | 49740 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.321677923 CEST | 443 | 49740 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.504960060 CEST | 443 | 49740 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.505090952 CEST | 49740 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.506345034 CEST | 49740 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.506351948 CEST | 443 | 49740 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.506593943 CEST | 443 | 49740 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.507757902 CEST | 49740 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.552120924 CEST | 443 | 49740 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.683634043 CEST | 443 | 49740 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.683712006 CEST | 443 | 49740 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.683782101 CEST | 49740 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.684508085 CEST | 49740 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.684525967 CEST | 443 | 49740 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:06.684535980 CEST | 49740 | 443 | 192.168.2.4 | 23.51.58.94 |
May 3, 2024 20:09:06.684542894 CEST | 443 | 49740 | 23.51.58.94 | 192.168.2.4 |
May 3, 2024 20:09:08.527920008 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:08.818316936 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:08.850182056 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:08.905215025 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:09.108863115 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:09.416616917 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:11.500722885 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:11.500773907 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:11.500891924 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:11.501957893 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:11.501966953 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:11.812422991 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:11.812582970 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:11.815962076 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:11.815967083 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:11.816206932 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:11.867487907 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:13.509922028 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:13.552115917 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:13.584918976 CEST | 443 | 49738 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:09:13.584995031 CEST | 443 | 49738 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:09:13.585052013 CEST | 49738 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:09:13.671849966 CEST | 49738 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:09:13.671885967 CEST | 443 | 49738 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:09:13.707978010 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:13.708003998 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:13.708010912 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:13.708033085 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:13.708045959 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:13.708053112 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:13.708069086 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:13.708085060 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:13.708096981 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:13.708127022 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:13.708256960 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:13.708304882 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:13.708309889 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:13.708352089 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:13.708389997 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:14.052109003 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:14.052120924 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:17.544250965 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:17.919920921 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:24.667407990 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:24.679038048 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:25.129389048 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:30.303397894 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:30.351990938 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:30.522245884 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:30.832148075 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:33.339523077 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:33.385037899 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:33.965553999 CEST | 1994 | 49735 | 46.246.80.19 | 192.168.2.4 |
May 3, 2024 20:09:34.010073900 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:34.427508116 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:34.469377041 CEST | 49735 | 1994 | 192.168.2.4 | 46.246.80.19 |
May 3, 2024 20:09:50.929323912 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:50.929358959 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:50.929425955 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:50.930213928 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:50.930226088 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.237323999 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.237509966 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.241369009 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.241374969 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.241628885 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.250333071 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.292118073 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.533731937 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.533756971 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.533775091 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.533817053 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.533827066 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.533865929 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.533879995 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.535000086 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.535038948 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.535047054 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.535079002 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.535084009 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.535094976 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.535124063 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.535144091 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.542033911 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.542048931 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:09:51.542066097 CEST | 49747 | 443 | 192.168.2.4 | 20.12.23.50 |
May 3, 2024 20:09:51.542072058 CEST | 443 | 49747 | 20.12.23.50 | 192.168.2.4 |
May 3, 2024 20:10:03.363476992 CEST | 49749 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:10:03.363488913 CEST | 443 | 49749 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:10:03.363574028 CEST | 49749 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:10:03.363864899 CEST | 49749 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:10:03.363873959 CEST | 443 | 49749 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:10:03.553366899 CEST | 443 | 49749 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:10:03.569869995 CEST | 49749 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:10:03.569888115 CEST | 443 | 49749 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:10:03.570328951 CEST | 443 | 49749 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:10:03.583549023 CEST | 49749 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:10:03.583642960 CEST | 443 | 49749 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:10:03.640125990 CEST | 49749 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:10:13.544414043 CEST | 443 | 49749 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:10:13.544481993 CEST | 443 | 49749 | 142.250.80.36 | 192.168.2.4 |
May 3, 2024 20:10:13.544538021 CEST | 49749 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:10:13.603730917 CEST | 49749 | 443 | 192.168.2.4 | 142.250.80.36 |
May 3, 2024 20:10:13.603773117 CEST | 443 | 49749 | 142.250.80.36 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 3, 2024 20:08:59.007039070 CEST | 53 | 62188 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 20:08:59.027780056 CEST | 53 | 52484 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 20:08:59.143109083 CEST | 61434 | 53 | 192.168.2.4 | 8.8.8.8 |
May 3, 2024 20:08:59.143488884 CEST | 54793 | 53 | 192.168.2.4 | 1.1.1.1 |
May 3, 2024 20:08:59.231730938 CEST | 53 | 54793 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 20:08:59.233828068 CEST | 53 | 61434 | 8.8.8.8 | 192.168.2.4 |
May 3, 2024 20:08:59.618660927 CEST | 53 | 62298 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 20:09:01.474365950 CEST | 51639 | 53 | 192.168.2.4 | 1.1.1.1 |
May 3, 2024 20:09:01.578093052 CEST | 53 | 51639 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 20:09:03.306466103 CEST | 62975 | 53 | 192.168.2.4 | 1.1.1.1 |
May 3, 2024 20:09:03.306586981 CEST | 60085 | 53 | 192.168.2.4 | 1.1.1.1 |
May 3, 2024 20:09:03.399970055 CEST | 53 | 60085 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 20:09:03.400573969 CEST | 53 | 62975 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 20:09:17.848649979 CEST | 53 | 63021 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 20:09:18.922211885 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
May 3, 2024 20:09:38.541044950 CEST | 53 | 55750 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 20:09:58.584681988 CEST | 53 | 59987 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 20:10:00.927587986 CEST | 53 | 57919 | 1.1.1.1 | 192.168.2.4 |
May 3, 2024 20:10:27.129776955 CEST | 53 | 50994 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 3, 2024 20:08:59.143109083 CEST | 192.168.2.4 | 8.8.8.8 | 0x7819 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 3, 2024 20:08:59.143488884 CEST | 192.168.2.4 | 1.1.1.1 | 0x4010 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 3, 2024 20:09:01.474365950 CEST | 192.168.2.4 | 1.1.1.1 | 0xe055 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 3, 2024 20:09:03.306466103 CEST | 192.168.2.4 | 1.1.1.1 | 0x1114 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 3, 2024 20:09:03.306586981 CEST | 192.168.2.4 | 1.1.1.1 | 0xd0c0 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 3, 2024 20:08:59.231730938 CEST | 1.1.1.1 | 192.168.2.4 | 0x4010 | No error (0) | 142.251.40.206 | A (IP address) | IN (0x0001) | false | ||
May 3, 2024 20:08:59.233828068 CEST | 8.8.8.8 | 192.168.2.4 | 0x7819 | No error (0) | 172.217.4.46 | A (IP address) | IN (0x0001) | false | ||
May 3, 2024 20:09:01.578093052 CEST | 1.1.1.1 | 192.168.2.4 | 0xe055 | No error (0) | 46.246.80.19 | A (IP address) | IN (0x0001) | false | ||
May 3, 2024 20:09:03.399970055 CEST | 1.1.1.1 | 192.168.2.4 | 0xd0c0 | No error (0) | 65 | IN (0x0001) | false | |||
May 3, 2024 20:09:03.400573969 CEST | 1.1.1.1 | 192.168.2.4 | 0x1114 | No error (0) | 142.250.80.36 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49739 | 23.51.58.94 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 18:09:06 UTC | 161 | OUT | |
2024-05-03 18:09:06 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49740 | 23.51.58.94 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 18:09:06 UTC | 239 | OUT | |
2024-05-03 18:09:06 UTC | 456 | IN | |
2024-05-03 18:09:06 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49741 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 18:09:13 UTC | 306 | OUT | |
2024-05-03 18:09:13 UTC | 560 | IN | |
2024-05-03 18:09:13 UTC | 15824 | IN | |
2024-05-03 18:09:13 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49747 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 18:09:51 UTC | 306 | OUT | |
2024-05-03 18:09:51 UTC | 560 | IN | |
2024-05-03 18:09:51 UTC | 15824 | IN | |
2024-05-03 18:09:51 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:08:51 |
Start date: | 03/05/2024 |
Path: | C:\Users\user\Desktop\bUPt.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa20000 |
File size: | 32'768 bytes |
MD5 hash: | B0F3CA4450A2F669B927AE1517DAC1E7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 20:08:56 |
Start date: | 03/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 20:08:57 |
Start date: | 03/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 7 |
Start time: | 20:09:33 |
Start date: | 03/05/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 20:09:33 |
Start date: | 03/05/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 14.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 2.1% |
Total number of Nodes: | 145 |
Total number of Limit Nodes: | 8 |
Graph
Function 015D19F0 Relevance: 3.9, Strings: 2, Instructions: 1396COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05262273 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052622AA Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 015D03F8 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEB5DE Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 015D03E8 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0526099C Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260190 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260894 Relevance: 1.6, APIs: 1, Instructions: 88timeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052609BE Relevance: 1.6, APIs: 1, Instructions: 84COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260D10 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0526201D Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052623F5 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260346 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEBC3E Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052601B6 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052620EC Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEB61E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEB6F4 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052625C3 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052624DF Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEB9D6 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05261F57 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEA140 Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260366 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260B6E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEBC5E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEBD23 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260FD2 Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEA710 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05262E09 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052608D2 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05262502 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052625E6 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05263ADD Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05262426 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260006 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEAC03 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEB9F6 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05261F7A Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05263C55 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260FF2 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEA2AE Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05262056 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEAD9F Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0526212A Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEB736 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052639A8 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260B9E Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260D66 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05262E3A Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEAC2A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05260032 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEBD62 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEA74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05263C7A Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEA186 Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 052639CA Relevance: 1.5, APIs: 1, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEADCE Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05263B16 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEA2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0161075C Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057D1C60 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016107C4 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01610799 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FFADEC Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 016105DF Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01610880 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01610606 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FFAE3B Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057D1577 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 057D1CCB Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE23F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE23BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |