Windows
Analysis Report
https://github.com/frankwick/t/raw/main/tinytask.exe
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
cmd.exe (PID: 7272 cmdline:
C:\Windows \system32\ cmd.exe /c wget -t 2 -v -T 60 -P "C:\Use rs\user\De sktop\down load" --no -check-cer tificate - -content-d isposition --user-ag ent="Mozil la/5.0 (Wi ndows NT 6 .1; WOW64; Trident/7 .0; AS; rv :11.0) lik e Gecko" " https://gi thub.com/f rankwick/t /raw/main/ tinytask.e xe" > cmdl ine.out 2> &1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) conhost.exe (PID: 7280 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) wget.exe (PID: 7324 cmdline:
wget -t 2 -v -T 60 - P "C:\User s\user\Des ktop\downl oad" --no- check-cert ificate -- content-di sposition --user-age nt="Mozill a/5.0 (Win dows NT 6. 1; WOW64; Trident/7. 0; AS; rv: 11.0) like Gecko" "h ttps://git hub.com/fr ankwick/t/ raw/main/t inytask.ex e" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
tinytask.exe (PID: 7528 cmdline:
C:\Users\u ser\Deskto p\download \tinytask. exe MD5: 8FD3551654F0F5281DDBD7E32CB73054)
- cleanup
- • AV Detection
- • Compliance
- • Spreading
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 3_2_00403B09 |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 3_2_00401489 | |
Source: | Code function: | 3_2_004034C6 |
Source: | Code function: | 3_2_00402148 |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Window detected: |
Source: | Code function: | 2_2_00ADA539 |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 3_2_00401000 | |
Source: | Code function: | 3_2_0040392F | |
Source: | Code function: | 3_2_00402D18 |
Source: | Last function: |
Source: | Code function: | 3_2_00403B09 |
Source: | API call chain: | graph_3-1178 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 3_2_0040424C |
Source: | Process created: |
Source: | Code function: | 3_2_004034C6 |
Source: | Code function: | 3_2_004034C6 |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 3_2_00401489 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Command and Scripting Interpreter | Path Interception | 1 Process Injection | 1 Masquerading | 21 Input Capture | 111 Security Software Discovery | Remote Services | 21 Input Capture | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 13 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 3 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs | |||
17% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
8% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
github.com | 192.30.255.113 | true | false | high | |
raw.githubusercontent.com | 185.199.110.133 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.30.255.113 | github.com | United States | 36459 | GITHUBUS | false | |
185.199.110.133 | raw.githubusercontent.com | Netherlands | 54113 | FASTLYUS | false |
Joe Sandbox Version: | 38.0.0 Ammolite |
Analysis ID: | 1322068 |
Start date and time: | 2023-10-09 11:27:17 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | urldownload.jbs |
Sample URL: | https://github.com/frankwick/t/raw/main/tinytask.exe |
Analysis system description: | Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.win@5/2@2/2 |
EGA Information: |
|
HCA Information: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, B ackgroundTransferHost.exe, WMI ADAP.exe, SIHClient.exe, backg roundTaskHost.exe, conhost.exe - Excluded domains from analysis
(whitelisted): ocsp.digicert. com, slscr.update.microsoft.co m, ctldl.windowsupdate.com, fe 3cr.delivery.mp.microsoft.com - Execution Graph export aborted
for target wget.exe, PID 7324 because there are no executed function - Not all processes where analyz
ed, report is missing behavior information
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1002 |
Entropy (8bit): | 5.1752700239413105 |
Encrypted: | false |
SSDEEP: | 24:k8to1xePnSMGhMovkOMGh9MGjMGYvMGjMGG6xePgD/IBbyij2KbyiEv:jSisOs+x6x562bHqKbHG |
MD5: | EE186579C7090E381A53BD3D95CC9568 |
SHA1: | 6D6A7A8EE9C90A74BB0E6629DF0A58D11B8013DA |
SHA-256: | E5BBACEA3108CE9AF13483D6BD682B4FBEED4587A6FA73A7045066DC43492D6B |
SHA-512: | 0AF712F72195EDEA679452C567B93F83D3C0ECD9767F4ED8E50D8E40CAFBFD3FB9AB672536883E3FDB49D61B63619F2FAD97AF0A9D2F1AB6315FE39CDDC006C6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\wget.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36352 |
Entropy (8bit): | 6.577308655111805 |
Encrypted: | false |
SSDEEP: | 768:sAzGzd0LnFjuwY6QlVwvHI1pSgNEl/MYoeAW:5zGzd0wXlVwv0SgNQXoeAW |
MD5: | 8FD3551654F0F5281DDBD7E32CB73054 |
SHA1: | 9B1C9722847CD57CD11E4DE80CD9E8197C3C34CD |
SHA-256: | 75E06AC5B7C1ADB01AB994633466685E3DCEF31D635EBA1734FE16C7893FFE12 |
SHA-512: | A716F535E363FC1225B1665E1C24693E768D13699EA37BDF57EFFE4FEA24B4B30A2181174F66C35E749B9C845B07F82EECBF282EE5972DE0426F847293D46B4B |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 23
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 9, 2023 11:28:02.295542002 CEST | 49738 | 443 | 192.168.2.4 | 192.30.255.113 |
Oct 9, 2023 11:28:02.295582056 CEST | 443 | 49738 | 192.30.255.113 | 192.168.2.4 |
Oct 9, 2023 11:28:02.295667887 CEST | 49738 | 443 | 192.168.2.4 | 192.30.255.113 |
Oct 9, 2023 11:28:02.303250074 CEST | 49738 | 443 | 192.168.2.4 | 192.30.255.113 |
Oct 9, 2023 11:28:02.303284883 CEST | 443 | 49738 | 192.30.255.113 | 192.168.2.4 |
Oct 9, 2023 11:28:02.714164019 CEST | 443 | 49738 | 192.30.255.113 | 192.168.2.4 |
Oct 9, 2023 11:28:02.714274883 CEST | 49738 | 443 | 192.168.2.4 | 192.30.255.113 |
Oct 9, 2023 11:28:02.716301918 CEST | 49738 | 443 | 192.168.2.4 | 192.30.255.113 |
Oct 9, 2023 11:28:02.716330051 CEST | 443 | 49738 | 192.30.255.113 | 192.168.2.4 |
Oct 9, 2023 11:28:02.716748953 CEST | 443 | 49738 | 192.30.255.113 | 192.168.2.4 |
Oct 9, 2023 11:28:02.717591047 CEST | 49738 | 443 | 192.168.2.4 | 192.30.255.113 |
Oct 9, 2023 11:28:02.758501053 CEST | 443 | 49738 | 192.30.255.113 | 192.168.2.4 |
Oct 9, 2023 11:28:03.226404905 CEST | 443 | 49738 | 192.30.255.113 | 192.168.2.4 |
Oct 9, 2023 11:28:03.226675034 CEST | 443 | 49738 | 192.30.255.113 | 192.168.2.4 |
Oct 9, 2023 11:28:03.226778984 CEST | 49738 | 443 | 192.168.2.4 | 192.30.255.113 |
Oct 9, 2023 11:28:03.226810932 CEST | 443 | 49738 | 192.30.255.113 | 192.168.2.4 |
Oct 9, 2023 11:28:03.226835012 CEST | 443 | 49738 | 192.30.255.113 | 192.168.2.4 |
Oct 9, 2023 11:28:03.226953030 CEST | 49738 | 443 | 192.168.2.4 | 192.30.255.113 |
Oct 9, 2023 11:28:03.233022928 CEST | 49738 | 443 | 192.168.2.4 | 192.30.255.113 |
Oct 9, 2023 11:28:03.233037949 CEST | 443 | 49738 | 192.30.255.113 | 192.168.2.4 |
Oct 9, 2023 11:28:03.406431913 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:03.406482935 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:03.406569958 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:03.408310890 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:03.408332109 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:03.753249884 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:03.753499031 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:03.754534960 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:03.754565954 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:03.754992962 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:03.755947113 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:03.802447081 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.295145988 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.295322895 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.295411110 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.295499086 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.295504093 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.295578003 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.295625925 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.300225019 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.300309896 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.300409079 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.300472975 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.300534010 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.305712938 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.311043024 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.311121941 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.311146975 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.316502094 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.316575050 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.316590071 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.321927071 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.322010040 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.322022915 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.327889919 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.327976942 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.328010082 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.333026886 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.333111048 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.333139896 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.338622093 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.338701010 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.338725090 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.349380970 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.349457026 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.349489927 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.354805946 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.354878902 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.354902029 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.360157013 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.360234022 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.360265970 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.363055944 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Oct 9, 2023 11:28:04.363133907 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.376337051 CEST | 49739 | 443 | 192.168.2.4 | 185.199.110.133 |
Oct 9, 2023 11:28:04.376378059 CEST | 443 | 49739 | 185.199.110.133 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 9, 2023 11:28:02.124610901 CEST | 63348 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 9, 2023 11:28:02.287672997 CEST | 53 | 63348 | 1.1.1.1 | 192.168.2.4 |
Oct 9, 2023 11:28:03.240005970 CEST | 51773 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 9, 2023 11:28:03.403170109 CEST | 53 | 51773 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 9, 2023 11:28:02.124610901 CEST | 192.168.2.4 | 1.1.1.1 | 0x90d6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 9, 2023 11:28:03.240005970 CEST | 192.168.2.4 | 1.1.1.1 | 0x6ab8 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 9, 2023 11:28:02.287672997 CEST | 1.1.1.1 | 192.168.2.4 | 0x90d6 | No error (0) | 192.30.255.113 | A (IP address) | IN (0x0001) | false | ||
Oct 9, 2023 11:28:03.403170109 CEST | 1.1.1.1 | 192.168.2.4 | 0x6ab8 | No error (0) | 185.199.110.133 | A (IP address) | IN (0x0001) | false | ||
Oct 9, 2023 11:28:03.403170109 CEST | 1.1.1.1 | 192.168.2.4 | 0x6ab8 | No error (0) | 185.199.108.133 | A (IP address) | IN (0x0001) | false | ||
Oct 9, 2023 11:28:03.403170109 CEST | 1.1.1.1 | 192.168.2.4 | 0x6ab8 | No error (0) | 185.199.111.133 | A (IP address) | IN (0x0001) | false | ||
Oct 9, 2023 11:28:03.403170109 CEST | 1.1.1.1 | 192.168.2.4 | 0x6ab8 | No error (0) | 185.199.109.133 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49738 | 192.30.255.113 | 443 | C:\Windows\SysWOW64\wget.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-09 09:28:02 UTC | 0 | OUT | |
2023-10-09 09:28:03 UTC | 0 | IN | |
2023-10-09 09:28:03 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49739 | 185.199.110.133 | 443 | C:\Windows\SysWOW64\wget.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-09 09:28:03 UTC | 3 | OUT | |
2023-10-09 09:28:04 UTC | 3 | IN | |
2023-10-09 09:28:04 UTC | 4 | IN | |
2023-10-09 09:28:04 UTC | 5 | IN | |
2023-10-09 09:28:04 UTC | 7 | IN | |
2023-10-09 09:28:04 UTC | 8 | IN | |
2023-10-09 09:28:04 UTC | 9 | IN | |
2023-10-09 09:28:04 UTC | 11 | IN | |
2023-10-09 09:28:04 UTC | 12 | IN | |
2023-10-09 09:28:04 UTC | 13 | IN | |
2023-10-09 09:28:04 UTC | 15 | IN | |
2023-10-09 09:28:04 UTC | 16 | IN | |
2023-10-09 09:28:04 UTC | 17 | IN | |
2023-10-09 09:28:04 UTC | 19 | IN | |
2023-10-09 09:28:04 UTC | 20 | IN | |
2023-10-09 09:28:04 UTC | 21 | IN | |
2023-10-09 09:28:04 UTC | 23 | IN | |
2023-10-09 09:28:04 UTC | 24 | IN | |
2023-10-09 09:28:04 UTC | 25 | IN | |
2023-10-09 09:28:04 UTC | 27 | IN | |
2023-10-09 09:28:04 UTC | 28 | IN | |
2023-10-09 09:28:04 UTC | 29 | IN | |
2023-10-09 09:28:04 UTC | 31 | IN | |
2023-10-09 09:28:04 UTC | 32 | IN | |
2023-10-09 09:28:04 UTC | 33 | IN | |
2023-10-09 09:28:04 UTC | 35 | IN | |
2023-10-09 09:28:04 UTC | 36 | IN | |
2023-10-09 09:28:04 UTC | 37 | IN | |
2023-10-09 09:28:04 UTC | 39 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:28:01 |
Start date: | 09/10/2023 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 11:28:01 |
Start date: | 09/10/2023 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 11:28:01 |
Start date: | 09/10/2023 |
Path: | C:\Windows\SysWOW64\wget.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3'895'184 bytes |
MD5 hash: | 3DADB6E2ECE9C4B3E1E322E617658B60 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 11:28:04 |
Start date: | 09/10/2023 |
Path: | C:\Users\user\Desktop\download\tinytask.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 36'352 bytes |
MD5 hash: | 8FD3551654F0F5281DDBD7E32CB73054 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage
Dynamic/Packed Code Coverage
Signature Coverage
Execution Coverage: | 16.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 55.2% |
Total number of Nodes: | 469 |
Total number of Limit Nodes: | 15 |
Graph
Callgraph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |