Windows
Analysis Report
6RVmzn1DzL.exe
Overview
General Information
Sample name: | 6RVmzn1DzL.exerenamed because original name is a hash value |
Original sample name: | 4d73427dc0b9f3dc4b846ace0ddc2deb.exe |
Analysis ID: | 1465909 |
MD5: | 4d73427dc0b9f3dc4b846ace0ddc2deb |
SHA1: | 43b8ffa09826c21676d759c0f3dc2088c4df4efe |
SHA256: | 0d7b87b394b0620f352a3dd9391b202ff85c2659a007b74caf11799fc51e1e09 |
Tags: | 32exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
6RVmzn1DzL.exe (PID: 3276 cmdline:
"C:\Users\ user\Deskt op\6RVmzn1 DzL.exe" MD5: 4D73427DC0B9F3DC4B846ACE0DDC2DEB) WerFault.exe (PID: 6608 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 276 -s 172 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["pedestriankodwu.xyz", "towerxxuytwi.xyz", "ellaboratepwsz.xyz", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "pedestriankodwu.xyz", "towerxxuytwi.xyz", "ellaboratepwsz.xyz", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "pedestriankodwu.xyz", "towerxxuytwi.xyz", "ellaboratepwsz.xyz", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop"], "Build id": "S1ZrlH--"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 29 entries |
Timestamp: | 07/02/24-08:32:58.581071 |
SID: | 2054181 |
Source Port: | 49712 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-08:32:52.825231 |
SID: | 2054181 |
Source Port: | 49708 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-08:33:01.124383 |
SID: | 2054181 |
Source Port: | 49719 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-08:33:03.978479 |
SID: | 2054181 |
Source Port: | 49724 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-08:32:51.867332 |
SID: | 2054180 |
Source Port: | 62670 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-08:32:55.875122 |
SID: | 2054181 |
Source Port: | 49710 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-08:32:54.529233 |
SID: | 2054181 |
Source Port: | 49709 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-08:32:51.904360 |
SID: | 2054181 |
Source Port: | 49707 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-08:32:56.961593 |
SID: | 2054181 |
Source Port: | 49711 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/02/24-08:32:59.582392 |
SID: | 2054181 |
Source Port: | 49714 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 0_2_031E6FD2 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_006410FF |
Source: | Code function: | 0_2_02DC92B3 | |
Source: | Code function: | 0_2_02DB13F3 | |
Source: | Code function: | 0_2_02DB935C | |
Source: | Code function: | 0_2_02D95343 | |
Source: | Code function: | 0_2_02DA1369 | |
Source: | Code function: | 0_2_02DB533B | |
Source: | Code function: | 0_2_02DB1320 | |
Source: | Code function: | 0_2_02DA40F1 | |
Source: | Code function: | 0_2_02DA617D | |
Source: | Code function: | 0_2_02D9B163 | |
Source: | Code function: | 0_2_02D9A693 | |
Source: | Code function: | 0_2_02DA861B | |
Source: | Code function: | 0_2_02DA3618 | |
Source: | Code function: | 0_2_02DB65A3 | |
Source: | Code function: | 0_2_02DA87D3 | |
Source: | Code function: | 0_2_02DA4720 | |
Source: | Code function: | 0_2_02DB74D3 | |
Source: | Code function: | 0_2_02DB74D3 | |
Source: | Code function: | 0_2_02DB24D6 | |
Source: | Code function: | 0_2_02DA84CF | |
Source: | Code function: | 0_2_02DB65A3 | |
Source: | Code function: | 0_2_02DB454F | |
Source: | Code function: | 0_2_02DA7523 | |
Source: | Code function: | 0_2_02DAFAF3 | |
Source: | Code function: | 0_2_02DA9A91 | |
Source: | Code function: | 0_2_02DA9A91 | |
Source: | Code function: | 0_2_02DA7A55 | |
Source: | Code function: | 0_2_02DCBB8D | |
Source: | Code function: | 0_2_02DA7B53 | |
Source: | Code function: | 0_2_02DCCB13 | |
Source: | Code function: | 0_2_02DC7895 | |
Source: | Code function: | 0_2_02DB388B | |
Source: | Code function: | 0_2_02DC28B3 | |
Source: | Code function: | 0_2_02DB6853 | |
Source: | Code function: | 0_2_02DB1816 | |
Source: | Code function: | 0_2_02DC99F8 | |
Source: | Code function: | 0_2_02DC59B2 | |
Source: | Code function: | 0_2_02DA49A4 | |
Source: | Code function: | 0_2_02DCC953 | |
Source: | Code function: | 0_2_02DA293D | |
Source: | Code function: | 0_2_02DA293D | |
Source: | Code function: | 0_2_02D9AEC3 | |
Source: | Code function: | 0_2_02DCAEB9 | |
Source: | Code function: | 0_2_02DA7E65 | |
Source: | Code function: | 0_2_02D94FF3 | |
Source: | Code function: | 0_2_02DA2F03 | |
Source: | Code function: | 0_2_02DA5CF2 | |
Source: | Code function: | 0_2_02DC8DD8 | |
Source: | Code function: | 0_2_0320B1A0 | |
Source: | Code function: | 0_2_031E61E0 | |
Source: | Code function: | 0_2_031E3031 | |
Source: | Code function: | 0_2_03208085 | |
Source: | Code function: | 0_2_031E60E2 | |
Source: | Code function: | 0_2_031E64F3 | |
Source: | Code function: | 0_2_031DF9F6 | |
Source: | Code function: | 0_2_03205F22 | |
Source: | Code function: | 0_2_0320AFE0 | |
Source: | Code function: | 0_2_031E0FCA | |
Source: | Code function: | 0_2_031E0FCA | |
Source: | Code function: | 0_2_031E6E60 | |
Source: | Code function: | 0_2_031E6CA8 | |
Source: | Code function: | 0_2_031E437F | |
Source: | Code function: | 0_2_0320A21A | |
Source: | Code function: | 0_2_031E811E | |
Source: | Code function: | 0_2_031E811E | |
Source: | Code function: | 0_2_031EE180 | |
Source: | Code function: | 0_2_0320403F | |
Source: | Code function: | 0_2_031E277E | |
Source: | Code function: | 0_2_031D97F0 | |
Source: | Code function: | 0_2_031D3680 | |
Source: | Code function: | 0_2_031D9550 | |
Source: | Code function: | 0_2_03209546 | |
Source: | Code function: | 0_2_031E1590 | |
Source: | Code function: | 0_2_03207465 | |
Source: | Code function: | 0_2_031F6449 | |
Source: | Code function: | 0_2_031F6446 | |
Source: | Code function: | 0_2_031E6B5C | |
Source: | Code function: | 0_2_031F0B63 | |
Source: | Code function: | 0_2_031F5B60 | |
Source: | Code function: | 0_2_031F5B60 | |
Source: | Code function: | 0_2_031E5BB0 | |
Source: | Code function: | 0_2_031F2BDC | |
Source: | Code function: | 0_2_031EFA80 | |
Source: | Code function: | 0_2_03207940 | |
Source: | Code function: | 0_2_031EF9AD | |
Source: | Code function: | 0_2_031D39D0 | |
Source: | Code function: | 0_2_031F39C8 | |
Source: | Code function: | 0_2_031F79E9 | |
Source: | Code function: | 0_2_031E480A | |
Source: | Code function: | 0_2_031F1F18 | |
Source: | Code function: | 0_2_03200F40 | |
Source: | Code function: | 0_2_031D1EA1 | |
Source: | Code function: | 0_2_031EFEA3 | |
Source: | Code function: | 0_2_031F4EE0 | |
Source: | Code function: | 0_2_031D8D20 | |
Source: | Code function: | 0_2_031E2DAD | |
Source: | Code function: | 0_2_031F4C30 | |
Source: | Code function: | 0_2_031F4C30 | |
Source: | Code function: | 0_2_031E1CA5 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_031FE780 |
Source: | Code function: | 0_2_031FE780 |
System Summary |
---|
Source: | Matched rule: |
Source: | Code function: | 0_2_02DE0CB6 |
Source: | Code function: | 0_2_00623E41 | |
Source: | Code function: | 0_2_00623869 | |
Source: | Code function: | 0_2_006240F9 | |
Source: | Code function: | 0_2_006230B5 | |
Source: | Code function: | 0_2_0062388D | |
Source: | Code function: | 0_2_0062616B | |
Source: | Code function: | 0_2_0062B936 | |
Source: | Code function: | 0_2_0063E1F6 | |
Source: | Code function: | 0_2_006231AA | |
Source: | Code function: | 0_2_00623222 | |
Source: | Code function: | 0_2_006232F0 | |
Source: | Code function: | 0_2_006402D6 | |
Source: | Code function: | 0_2_00623291 | |
Source: | Code function: | 0_2_00624B77 | |
Source: | Code function: | 0_2_00623B5D | |
Source: | Code function: | 0_2_0062D332 | |
Source: | Code function: | 0_2_00623304 | |
Source: | Code function: | 0_2_00623B16 | |
Source: | Code function: | 0_2_00623CA3 | |
Source: | Code function: | 0_2_0063DC84 | |
Source: | Code function: | 0_2_00632C9C | |
Source: | Code function: | 0_2_00623570 | |
Source: | Code function: | 0_2_00623547 | |
Source: | Code function: | 0_2_00623D2B | |
Source: | Code function: | 0_2_00623506 | |
Source: | Code function: | 0_2_00623599 | |
Source: | Code function: | 0_2_00626645 | |
Source: | Code function: | 0_2_00623611 | |
Source: | Code function: | 0_2_006326D4 | |
Source: | Code function: | 0_2_0062CF66 | |
Source: | Code function: | 0_2_0063E768 | |
Source: | Code function: | 0_2_00639F7E | |
Source: | Code function: | 0_2_0063EF10 | |
Source: | Code function: | 0_2_0062D71C | |
Source: | Code function: | 0_2_00622F93 | |
Source: | Code function: | 0_2_02D904C7 | |
Source: | Code function: | 0_2_02DE0CB6 | |
Source: | Code function: | 0_2_02DB935C | |
Source: | Code function: | 0_2_02D95343 | |
Source: | Code function: | 0_2_02D90000 | |
Source: | Code function: | 0_2_02DC8193 | |
Source: | Code function: | 0_2_02DA11B3 | |
Source: | Code function: | 0_2_02D971B3 | |
Source: | Code function: | 0_2_02D9A693 | |
Source: | Code function: | 0_2_02D966A3 | |
Source: | Code function: | 0_2_02D98403 | |
Source: | Code function: | 0_2_02DCD593 | |
Source: | Code function: | 0_2_02D99A63 | |
Source: | Code function: | 0_2_02DCD8B3 | |
Source: | Code function: | 0_2_02DB6853 | |
Source: | Code function: | 0_2_02DB2993 | |
Source: | Code function: | 0_2_02D97EE3 | |
Source: | Code function: | 0_2_02DC4F53 | |
Source: | Code function: | 0_2_031F1020 | |
Source: | Code function: | 0_2_031D4D30 | |
Source: | Code function: | 0_2_031D80F0 | |
Source: | Code function: | 0_2_031D6570 | |
Source: | Code function: | 0_2_032035E0 | |
Source: | Code function: | 0_2_031D6A90 | |
Source: | Code function: | 0_2_031D39D0 | |
Source: | Code function: | 0_2_031F79E9 | |
Source: | Code function: | 0_2_03206820 | |
Source: | Code function: | 0_2_031D5840 | |
Source: | Code function: | 0_2_031DF840 | |
Source: | Code function: | 0_2_0320BF40 | |
Source: | Code function: | 0_2_031F4EE0 | |
Source: | Code function: | 0_2_031D8D20 | |
Source: | Code function: | 0_2_0320BC20 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_02D90BD7 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00633048 | |
Source: | Code function: | 0_2_006315FB |
Source: | Code function: | 0_2_00621DB1 |
Source: | Code function: | 0_2_006220BD | |
Source: | Code function: | 0_2_006229E6 | |
Source: | Code function: | 0_2_00622775 |
Source: | Code function: | 0_2_00632C9C |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_006410FF |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-39585 |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_03208120 |
Source: | Code function: | 0_2_0063B365 |
Source: | Code function: | 0_2_0063B365 |
Source: | Code function: | 0_2_02D904C7 | |
Source: | Code function: | 0_2_02D90A87 | |
Source: | Code function: | 0_2_02D910D7 | |
Source: | Code function: | 0_2_02D910D6 | |
Source: | Code function: | 0_2_02D90E37 |
Source: | Code function: | 0_2_00633A58 |
Source: | Code function: | 0_2_00633576 | |
Source: | Code function: | 0_2_0063359E |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_006342BA |
Source: | Code function: | 0_2_00638694 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 12 Virtualization/Sandbox Evasion | 2 OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | 41 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 161 Security Software Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 12 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 Process Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 11 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 13 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | ReversingLabs | |||
19% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
contintnetksows.shop | 172.67.141.234 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.141.234 | contintnetksows.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1465909 |
Start date and time: | 2024-07-02 08:31:53 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 6RVmzn1DzL.exerenamed because original name is a hash value |
Original Sample Name: | 4d73427dc0b9f3dc4b846ace0ddc2deb.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@2/5@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.208.16.94
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ocsps.ssl.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Time | Type | Description |
---|---|---|
02:32:51 | API Interceptor | |
02:33:19 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Python Stealer, CStealer, Xmrig | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | DBatLoader, Neshta | Browse |
| |
Get hash | malicious | AsyncRAT, Neshta, XWorm | Browse |
| ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | Arc Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Bazar Loader, BruteRatel, Latrodectus | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_6RVmzn1DzL.exe_7bfb277fee81bf1a20749b653394791c3aa9112c_462bbcf1_b313c709-504a-4fb8-84c2-c4704d4cf20e\Report.wer ![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1MURGMTcxMEUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1MURGMTcxMUUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzBFRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzBGRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ndzG2gAAA2JJREFUeNq0VVtIlEEU/nZXaTc1txbLMkrFxAuolA+Z3dQgqIdE0dSy1gclezJt1VWrh9TSBzUqKCorMs1L0ENJqV0helBMxTCSykUSzby77pKX7czorr/r6mLggcPMf/453zdz5pwzIoPBgNUUMVZZRJaM0evlUTRUrRArpmpouNIqAYFLaeggdV0hgYbUm0h01kJ0zhK4o9NGwdzJEsF20tRl74B270xDltC2RiZDpEqFTa7bTbbNHh6ISEvj/8xETRhbljtBPqm90JBV8xTa4WF8a2w02b5++oSJ0VGoq2vMCezmMBYTEPNOGpTmHjIHBwz09CyKB7OtXbfOUqhOEVagpROULJVVTCS2tjiafJYrm1vJzBIi4Vg2grTct5THjl2BiM5UQz8xwb8PxsXhc339ciTBDJa0UjyXloWWVsns7XmIjqWk8H29vH0Lz2/eoLmI29g/pktIAWHLJL4yqYo+IheckQAOxMZCVV4BhYuLKU19gvfCOygILp6eszcqlyPk5AmMDQ5C095uTiAn1TECVrGmbbj6+UFVVoag8HA8K7mGvzodnN3dIRaLURgXi8baFzxEM9PTNK9F3b27iL14CbvDj+FHSwuG+/qEJL4iOoZamFqn869AameHJ7mXMdLfj/tdGlxPSsSeiEhMjIxgemoKDooNeFv2GOdpIwlUHyyUx7NzwBrnwyy1kCCHZVExaZfRohsbw920VA5uFL1Wi5E//TicmIgjyckY6u0lsBnTf934OB5dyOG1YdY6iiRf9PopChNLdJZJ3PG3RjMPTs5JxSWccJu3z2wN/OrhlVyZl4vvzc3cZpiZYc7o7+42up6hvtQiEhTaB5aqIoo1XywQB4UCUekZ/ARMXt25g+rCAowNDCwsgHnfjwyLCAwS023IpK00JNEuRHaOjvwS2WIGHpOdjdD4eNSVlqKzqQmHlErYr5fzOUsCiY0NmA+bs8OwrCTwnkXtmk5RSkMCq9SQuBPw3b8P/qFh+NnaigfqTHR3dPB1W728kHDlKtwCAtD65jXa33/Au4pyTE9Ost8PCVxp8T2Y66adxobHct/N3w8tDQ0WKykgjMjb2oQJoSX1NO5+qQdHbd4RVyA5BJ5n7cFZkLYrfNGKrD76tAM9Den/QZBh/lwy+SfAAK5qO2iUYLhmAAAAAElFTkSuQmCC)
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0425415904336832 |
Encrypted: | false |
SSDEEP: | 192://NtB5+s0BU/gjZ/exMzuiFizZ24IO8+U0N:3NtB5+nBU/gjTzuiFizY4IO8+U |
MD5: | 30CCF4BCB2EBB9C9A662D363FAD114A5 |
SHA1: | 0705B0DEF6D3BA7A4A96D5F2AE9E6A639A82689D |
SHA-256: | 9364B4194B3A69386A69D7837B70DEB925681EC03653A72E0C4E281FB8C2AC61 |
SHA-512: | 6794BF729363514B42E01720381057E26369FEF9980AE050F636AC3783F2ACE419600B8D396742608F654888DBC9E9DB98DD426828880E25DEF87C94933302F5 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 125340 |
Entropy (8bit): | 1.9963464189301523 |
Encrypted: | false |
SSDEEP: | 768:3ViXRpG8BTkqQ2QE0NWmQZ/48wnmphSkIrX:F07QNBE0NW9/on4grX |
MD5: | A7F395E348CB55E695CE5F3CC20D7AC0 |
SHA1: | D6FB083102C88A6038918B172B1B2D920842B4F6 |
SHA-256: | BF1F1C9D92FEA8734B2D002E91B7CC5DBA7A633BE3A4BC0985D12D92BBF0E3BE |
SHA-512: | 1537E4BE3473944AC87F805B9CCE21392A806703078205108053CDC1C17E6421EF9D841F59CB35F0E787421B7A9BAC3605EBB52F42433FE9469F86B356C87D0E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8378 |
Entropy (8bit): | 3.706154048719564 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ5r6IR1i6YEIHSU9o2hgmfp4HHrpry89bx6sf07m:R6lXJF6I26YE4SU9o2hgmfp4H9xZf1 |
MD5: | 76B8BD5C5FD9182337B1C11D0A5581F1 |
SHA1: | 505A29EC3E640D4C389B931A6FB9D91438D28833 |
SHA-256: | BA14A88F2487F811799AFC4864DB80D8E23F79B360B839410F4286A4C31614CC |
SHA-512: | 458A5A895E736E1D337DA43079E4669E9DB177D1AC055F292282910BACDDF30E4B126ABAF8594E7B9E51E60EDE8A32D36E46D0FDDB91254626F7EAA442A6E8FB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4688 |
Entropy (8bit): | 4.509997748119072 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs3Jg77aI9iVWpW8VYmYm8M4JeltgF7+q8Hr7E8aeSrSud:uIjfZI7Qk7VGJF0cRWud |
MD5: | 1BF3B3B1A4BA7FCD9FCE3ED87D6407CE |
SHA1: | B010154566EDA41C07748ED9A44939BE3078B62A |
SHA-256: | 0F7BF3F3987DA820FF8E1B9CD43EB2B0DE24D3DEF16763EBD902056E070D022C |
SHA-512: | 97907145C9A8F53187D94C0E2E572B400E0CFB2A9A134619E9DABB89A52EDE8C51B89152486E23CA45D0BE907D8DFC8424E79219FD1FD98FDA61E460B525D436 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.42177513978557 |
Encrypted: | false |
SSDEEP: | 6144:lSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNc0uhiTw:svloTMW+EZMM6DFyG03w |
MD5: | E97F9E0CFB511850F2BE57E438CB8E99 |
SHA1: | 6C56D60BA4B10F83F73A4A7CA1090C4DB6B3F84D |
SHA-256: | DDFCB9F302309B0CF8344E4D2FA7DD6D74271448FF5A01E61363D23B8BD17CCD |
SHA-512: | FF8C28186D74BCAD6481458A9973A0C02D9DE079386538777A72575B92D9E151323224D20570B0928A80716BEE33D5D7F1E195BDEA6E328014253DC12D36824D |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.568469104991779 |
TrID: |
|
File name: | 6RVmzn1DzL.exe |
File size: | 587'168 bytes |
MD5: | 4d73427dc0b9f3dc4b846ace0ddc2deb |
SHA1: | 43b8ffa09826c21676d759c0f3dc2088c4df4efe |
SHA256: | 0d7b87b394b0620f352a3dd9391b202ff85c2659a007b74caf11799fc51e1e09 |
SHA512: | b66b5b2beeec4174ff9f644b105c10e757e18211a55b7c5b5d9ed9745c0cdc191f7c427d00518cab63427d92d9122922de92db3d448a6ef347f5c5e778d5067f |
SSDEEP: | 12288:GGbKDjKEJZALcCAgqW++rNWq3nmK6JqpJjAsE:G1K8Z4cCPqW+kAqrjjjAx |
TLSH: | 3EC4D059B6D0C4F1D5F70233ACF3872D6AA6BCA2CF34904E239677492C316528A26777 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?.F`Q.F`Q.F`Q.....R`Q......`Q.K2..O`Q.K2..E`Q.K2..S`Q.O...G`Q......`Q.O...U`Q.F`P..`Q.....@`Q.K2..G`Q.....G`Q.RichF`Q........ |
Icon Hash: | 221266d6b2b692b6 |
Entrypoint: | 0x40f4c2 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x667209E7 [Tue Jun 18 22:27:51 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | aff40d5954acc9dc8618ed5e4332d20d |
Signature Valid: | false |
Signature Issuer: | CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | AC766C00A8E56B85549080A0FF03B1C6 |
Thumbprint SHA-1: | 0EBC26DC13DA9132A1E41632E63373C093094565 |
Thumbprint SHA-256: | 1CA87CE957E83D323EEE91CD0B2624A0B7C2578EAA410CDA17E6DCA46CAA0774 |
Serial: | 1397F7A664D0A258D2FCD6A646AD1A52 |
Instruction |
---|
call 00007F220C6E9E58h |
jmp 00007F220C6E5065h |
push 00000010h |
push 0042C5D8h |
call 00007F220C6E8B7Dh |
call 00007F220C6E8DE3h |
movzx esi, ax |
push 00000002h |
call 00007F220C6E9DF2h |
pop ecx |
call 00007F220C6E95D0h |
test eax, eax |
jne 00007F220C6E506Ah |
push 0000001Ch |
call 00007F220C6E511Bh |
pop ecx |
call 00007F220C6E952Ch |
test eax, eax |
jne 00007F220C6E506Ah |
push 00000010h |
call 00007F220C6E510Ah |
pop ecx |
call 00007F220C6E9EACh |
and dword ptr [ebp-04h], 00000000h |
call 00007F220C6E95BAh |
test eax, eax |
jns 00007F220C6E506Ah |
push 0000001Bh |
call 00007F220C6E50F0h |
pop ecx |
call dword ptr [00422158h] |
mov dword ptr [0043271Ch], eax |
call 00007F220C6E9EC7h |
mov dword ptr [004308B0h], eax |
call 00007F220C6E983Fh |
test eax, eax |
jns 00007F220C6E506Ah |
push 00000008h |
call 00007F220C6E870Ch |
pop ecx |
call 00007F220C6E9A6Eh |
test eax, eax |
jns 00007F220C6E506Ah |
push 00000009h |
call 00007F220C6E86FBh |
pop ecx |
push 00000001h |
call 00007F220C6E870Dh |
pop ecx |
test eax, eax |
je 00007F220C6E5069h |
push eax |
call 00007F220C6E86E8h |
pop ecx |
call 00007F220C6E9F0Dh |
push esi |
push eax |
push 00000000h |
push 00400000h |
call 00007F220C6D8697h |
mov dword ptr [ebp-20h], eax |
push eax |
call 00007F220C6E8946h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2cc98 | 0xc8 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x33000 | 0x9ee8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x8d800 | 0x1da0 | .reloc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3d000 | 0x20e4 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x222e0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2afc0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x22000 | 0x28c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x20da0 | 0x20e00 | 578213f60df04180efec215a7f0a35bb | False | 0.6177519011406845 | data | 6.7963959121372595 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x22000 | 0xbaf4 | 0xbc00 | cdc1c6b92591f123cc534d42e4305cbc | False | 0.3902094414893617 | data | 4.720654860732534 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2e000 | 0x4720 | 0x2600 | 7aa2770dfdc5d1f3b73ac58c354bf6b0 | False | 0.5197368421052632 | data | 5.33376168230909 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x33000 | 0x9ee8 | 0xa000 | 51f1c315bc5d47d692e1309577fd4585 | False | 0.233837890625 | data | 4.58267390896661 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x3d000 | 0x54400 | 0x54400 | 53d87bacae729e1865703aa3b113122f | False | 0.9501518453264095 | data | 7.994080139780744 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_BITMAP | 0x3b448 | 0x1428 | Device independent bitmap graphic, 80 x 16 x 32, image size 5120, resolution 3779 x 3779 px/m | English | United States | 0.4238372093023256 |
RT_ICON | 0x33728 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 0 | English | United States | 0.15729806329711857 |
RT_ICON | 0x37950 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.1928423236514523 |
RT_ICON | 0x39ef8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.2621951219512195 |
RT_ICON | 0x3afa0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.4725177304964539 |
RT_DIALOG | 0x3c870 | 0x266 | data | English | United States | 0.46742671009771986 |
RT_DIALOG | 0x3cad8 | 0x134 | data | English | United States | 0.5064935064935064 |
RT_GROUP_ICON | 0x3b408 | 0x3e | data | English | United States | 0.8225806451612904 |
RT_VERSION | 0x3cc10 | 0x2d8 | data | English | United States | 0.48214285714285715 |
RT_MANIFEST | 0x33280 | 0x4a8 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.49580536912751677 |
DLL | Import |
---|---|
KERNEL32.dll | GetFileSizeEx, GetProcAddress, GetModuleHandleW, GetPrivateProfileStringW, GetPrivateProfileIntW, SetEnvironmentVariableA, SetEndOfFile, WriteConsoleW, SetFilePointerEx, FlushFileBuffers, SetStdHandle, LCMapStringW, CompareStringW, GetStringTypeW, OutputDebugStringW, LoadLibraryExW, WritePrivateProfileStringW, MultiByteToWideChar, GetLastError, CreateMutexW, LocalFree, GetCurrentDirectoryW, LocalAlloc, GetCommandLineW, GlobalFree, CloseHandle, MulDiv, lstrcatW, GetFullPathNameW, lstrcpyW, lstrlenW, GetModuleFileNameW, GetUserDefaultLangID, GetConsoleCP, GetTimeZoneInformation, ReadConsoleW, GetConsoleMode, LeaveCriticalSection, EnterCriticalSection, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetCurrentProcessId, GetStdHandle, HeapAlloc, GetProcessHeap, GetCurrentProcess, WaitForSingleObject, WriteFile, ReadFile, CreateProcessW, CreateFileW, GetVersionExW, FindClose, GetModuleFileNameA, CreateDirectoryW, GetFileAttributesW, FindFirstFileW, FindNextFileW, HeapReAlloc, HeapFree, lstrcmpW, WideCharToMultiByte, IsDebuggerPresent, IsProcessorFeaturePresent, GetCommandLineA, GetSystemTimeAsFileTime, RaiseException, RtlUnwind, InterlockedDecrement, ExitProcess, GetModuleHandleExW, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount, Sleep, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, InterlockedIncrement, GetCurrentThreadId, DeleteCriticalSection, GetFileType, CreateThread |
USER32.dll | SetWindowPos, LoadImageW, EnumWindows, GetWindowTextW, EndDialog, SetForegroundWindow, PostMessageW, KillTimer, SetTimer, SetWindowLongW, GetDlgItemTextW, ShowWindow, IsIconic, wsprintfW, EnableWindow, GetMenu, GetSubMenu, MessageBoxW, DialogBoxParamW, DestroyMenu, TrackPopupMenu, GetWindowLongW, InsertMenuItemW, CheckMenuRadioItem, InsertMenuW, CreatePopupMenu, GetMessagePos, LoadIconW, SetWindowTextW, SendMessageW, GetDlgItem, SetDlgItemTextW |
GDI32.dll | DeleteObject, CreateFontIndirectW, GetObjectW, SetBkMode |
COMDLG32.dll | GetSaveFileNameW |
COMCTL32.dll | ImageList_LoadImageW, ImageList_Draw |
ADVAPI32.dll | RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegOpenKeyExW, RegCloseKey, RegOpenKeyW |
SHELL32.dll | SHGetFolderPathW, DragQueryFileW, DragFinish, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteW, CommandLineToArgvW, DragAcceptFiles |
ole32.dll | CoUninitialize, CoCreateInstance, CoInitialize, CoTaskMemFree |
SHLWAPI.dll | PathCanonicalizeW, PathCombineW, PathIsRelativeW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/02/24-08:32:58.581071 | TCP | 2054181 | ET TROJAN Observed Lumma Stealer Related Domain (contintnetksows .shop in TLS SNI) | 49712 | 443 | 192.168.2.5 | 172.67.141.234 |
07/02/24-08:32:52.825231 | TCP | 2054181 | ET TROJAN Observed Lumma Stealer Related Domain (contintnetksows .shop in TLS SNI) | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
07/02/24-08:33:01.124383 | TCP | 2054181 | ET TROJAN Observed Lumma Stealer Related Domain (contintnetksows .shop in TLS SNI) | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
07/02/24-08:33:03.978479 | TCP | 2054181 | ET TROJAN Observed Lumma Stealer Related Domain (contintnetksows .shop in TLS SNI) | 49724 | 443 | 192.168.2.5 | 172.67.141.234 |
07/02/24-08:32:51.867332 | UDP | 2054180 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (contintnetksows .shop) | 62670 | 53 | 192.168.2.5 | 1.1.1.1 |
07/02/24-08:32:55.875122 | TCP | 2054181 | ET TROJAN Observed Lumma Stealer Related Domain (contintnetksows .shop in TLS SNI) | 49710 | 443 | 192.168.2.5 | 172.67.141.234 |
07/02/24-08:32:54.529233 | TCP | 2054181 | ET TROJAN Observed Lumma Stealer Related Domain (contintnetksows .shop in TLS SNI) | 49709 | 443 | 192.168.2.5 | 172.67.141.234 |
07/02/24-08:32:51.904360 | TCP | 2054181 | ET TROJAN Observed Lumma Stealer Related Domain (contintnetksows .shop in TLS SNI) | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
07/02/24-08:32:56.961593 | TCP | 2054181 | ET TROJAN Observed Lumma Stealer Related Domain (contintnetksows .shop in TLS SNI) | 49711 | 443 | 192.168.2.5 | 172.67.141.234 |
07/02/24-08:32:59.582392 | TCP | 2054181 | ET TROJAN Observed Lumma Stealer Related Domain (contintnetksows .shop in TLS SNI) | 49714 | 443 | 192.168.2.5 | 172.67.141.234 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 08:32:51.902865887 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:51.902915955 CEST | 443 | 49707 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:51.902996063 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:51.904360056 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:51.904393911 CEST | 443 | 49707 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:52.386466980 CEST | 443 | 49707 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:52.386542082 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:52.392328978 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:52.392342091 CEST | 443 | 49707 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:52.392667055 CEST | 443 | 49707 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:52.448009968 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:52.448585987 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:52.448602915 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:52.448755980 CEST | 443 | 49707 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:52.816215992 CEST | 443 | 49707 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:52.816312075 CEST | 443 | 49707 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:52.816400051 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:52.818577051 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:52.818599939 CEST | 443 | 49707 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:52.818613052 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:52.818619013 CEST | 443 | 49707 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:52.824717999 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:52.824765921 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:52.824906111 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:52.825231075 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:52.825247049 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.301256895 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.301407099 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:53.302980900 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:53.302988052 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.303219080 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.304645061 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:53.304658890 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:53.304708004 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.989396095 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.989476919 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.989506960 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.989550114 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:53.989561081 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.989572048 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.989630938 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.989665985 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:53.989665985 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:53.989681959 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.989837885 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.989948034 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:53.989955902 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.990312099 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.990437031 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:53.990446091 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.994128942 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:53.994189978 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:53.994201899 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:54.041719913 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:54.265539885 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:54.265618086 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:54.265649080 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:54.265733004 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:54.265747070 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:54.265799999 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:54.383409023 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:54.383433104 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:54.383486032 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:54.383492947 CEST | 443 | 49708 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:54.528671980 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:54.528717041 CEST | 443 | 49709 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:54.528812885 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:54.529232979 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:54.529247046 CEST | 443 | 49709 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:55.012471914 CEST | 443 | 49709 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:55.012542009 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:55.013901949 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:55.013916969 CEST | 443 | 49709 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:55.014153004 CEST | 443 | 49709 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:55.015654087 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:55.015800953 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:55.015820980 CEST | 443 | 49709 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:55.698261976 CEST | 443 | 49709 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:55.698365927 CEST | 443 | 49709 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:55.698426008 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:55.698544979 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:55.698565006 CEST | 443 | 49709 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:55.874569893 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:55.874609947 CEST | 443 | 49710 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:55.874736071 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:55.875122070 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:55.875133991 CEST | 443 | 49710 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:56.346931934 CEST | 443 | 49710 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:56.347047091 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:56.348676920 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:56.348697901 CEST | 443 | 49710 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:56.348925114 CEST | 443 | 49710 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:56.350251913 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:56.350393057 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:56.350413084 CEST | 443 | 49710 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:56.350464106 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:56.350472927 CEST | 443 | 49710 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:56.757782936 CEST | 443 | 49710 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:56.757894993 CEST | 443 | 49710 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:56.758058071 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:56.758308887 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:56.758333921 CEST | 443 | 49710 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:56.961066961 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:56.961106062 CEST | 443 | 49711 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:56.961178064 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:56.961592913 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:56.961606026 CEST | 443 | 49711 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:57.430356979 CEST | 443 | 49711 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:57.430433989 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:57.432579041 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:57.432590961 CEST | 443 | 49711 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:57.432832003 CEST | 443 | 49711 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:57.434371948 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:57.434415102 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:57.434441090 CEST | 443 | 49711 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:57.434509993 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:57.434520960 CEST | 443 | 49711 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:57.961129904 CEST | 443 | 49711 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:57.961229086 CEST | 443 | 49711 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:57.961390018 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:57.961669922 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:57.961687088 CEST | 443 | 49711 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:58.580569983 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:58.580609083 CEST | 443 | 49712 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:58.580724955 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:58.581070900 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:58.581087112 CEST | 443 | 49712 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:59.059777975 CEST | 443 | 49712 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:59.059926987 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:59.061441898 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:59.061456919 CEST | 443 | 49712 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:59.061744928 CEST | 443 | 49712 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:59.063007116 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:59.063111067 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:59.063159943 CEST | 443 | 49712 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:59.468933105 CEST | 443 | 49712 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:59.469038010 CEST | 443 | 49712 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:59.469127893 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:59.481806993 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:59.481834888 CEST | 443 | 49712 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:59.581898928 CEST | 49714 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:59.581950903 CEST | 443 | 49714 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:32:59.582032919 CEST | 49714 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:59.582391977 CEST | 49714 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:32:59.582406044 CEST | 443 | 49714 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:00.076350927 CEST | 443 | 49714 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:00.076463938 CEST | 49714 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:00.077837944 CEST | 49714 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:00.077856064 CEST | 443 | 49714 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:00.078145981 CEST | 443 | 49714 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:00.079432011 CEST | 49714 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:00.079566956 CEST | 49714 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:00.079576969 CEST | 443 | 49714 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:00.451354027 CEST | 443 | 49714 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:00.451452017 CEST | 443 | 49714 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:00.451508999 CEST | 49714 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:00.451680899 CEST | 49714 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:00.451704025 CEST | 443 | 49714 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.123756886 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.123825073 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.123900890 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.124382973 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.124397993 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.590842962 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.591789007 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.592406034 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.592426062 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.592677116 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.594969034 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.594969034 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.595012903 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.595408916 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.595484972 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.595635891 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.595674992 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.595794916 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.595820904 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.596003056 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.596040964 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.596199036 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.596218109 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.596230984 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.596241951 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.596369982 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.596395969 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.596419096 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.596770048 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.596807003 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.605206966 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.605448008 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.605472088 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:01.605494022 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.605518103 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.605587959 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:01.610184908 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:03.898973942 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:03.899059057 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:03.899106979 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:03.899801016 CEST | 49719 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:03.899821043 CEST | 443 | 49719 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:03.977654934 CEST | 49724 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:03.977701902 CEST | 443 | 49724 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:03.977834940 CEST | 49724 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:03.978478909 CEST | 49724 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:03.978496075 CEST | 443 | 49724 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:04.445877075 CEST | 443 | 49724 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:04.446024895 CEST | 49724 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:04.447602034 CEST | 49724 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:04.447634935 CEST | 443 | 49724 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:04.447909117 CEST | 443 | 49724 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:04.458805084 CEST | 49724 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:04.458880901 CEST | 49724 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:04.458924055 CEST | 443 | 49724 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:04.834367037 CEST | 443 | 49724 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:04.834479094 CEST | 443 | 49724 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:04.834557056 CEST | 49724 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:04.834808111 CEST | 49724 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:04.834840059 CEST | 443 | 49724 | 172.67.141.234 | 192.168.2.5 |
Jul 2, 2024 08:33:04.834850073 CEST | 49724 | 443 | 192.168.2.5 | 172.67.141.234 |
Jul 2, 2024 08:33:04.834856033 CEST | 443 | 49724 | 172.67.141.234 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 08:32:51.867331982 CEST | 62670 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 2, 2024 08:32:51.881201982 CEST | 53 | 62670 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 2, 2024 08:32:51.867331982 CEST | 192.168.2.5 | 1.1.1.1 | 0xd818 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 2, 2024 08:32:51.881201982 CEST | 1.1.1.1 | 192.168.2.5 | 0xd818 | No error (0) | 172.67.141.234 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 08:32:51.881201982 CEST | 1.1.1.1 | 192.168.2.5 | 0xd818 | No error (0) | 104.21.79.40 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49707 | 172.67.141.234 | 443 | 3276 | C:\Users\user\Desktop\6RVmzn1DzL.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 06:32:52 UTC | 267 | OUT | |
2024-07-02 06:32:52 UTC | 8 | OUT | |
2024-07-02 06:32:52 UTC | 818 | IN | |
2024-07-02 06:32:52 UTC | 7 | IN | |
2024-07-02 06:32:52 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49708 | 172.67.141.234 | 443 | 3276 | C:\Users\user\Desktop\6RVmzn1DzL.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 06:32:53 UTC | 268 | OUT | |
2024-07-02 06:32:53 UTC | 42 | OUT | |
2024-07-02 06:32:53 UTC | 814 | IN | |
2024-07-02 06:32:53 UTC | 555 | IN | |
2024-07-02 06:32:53 UTC | 1369 | IN | |
2024-07-02 06:32:53 UTC | 1369 | IN | |
2024-07-02 06:32:53 UTC | 30 | IN | |
2024-07-02 06:32:53 UTC | 1369 | IN | |
2024-07-02 06:32:53 UTC | 1369 | IN | |
2024-07-02 06:32:53 UTC | 1369 | IN | |
2024-07-02 06:32:53 UTC | 1369 | IN | |
2024-07-02 06:32:53 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49709 | 172.67.141.234 | 443 | 3276 | C:\Users\user\Desktop\6RVmzn1DzL.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 06:32:55 UTC | 286 | OUT | |
2024-07-02 06:32:55 UTC | 12830 | OUT | |
2024-07-02 06:32:55 UTC | 806 | IN | |
2024-07-02 06:32:55 UTC | 19 | IN | |
2024-07-02 06:32:55 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49710 | 172.67.141.234 | 443 | 3276 | C:\Users\user\Desktop\6RVmzn1DzL.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 06:32:56 UTC | 286 | OUT | |
2024-07-02 06:32:56 UTC | 15072 | OUT | |
2024-07-02 06:32:56 UTC | 806 | IN | |
2024-07-02 06:32:56 UTC | 19 | IN | |
2024-07-02 06:32:56 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49711 | 172.67.141.234 | 443 | 3276 | C:\Users\user\Desktop\6RVmzn1DzL.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 06:32:57 UTC | 286 | OUT | |
2024-07-02 06:32:57 UTC | 15331 | OUT | |
2024-07-02 06:32:57 UTC | 5231 | OUT | |
2024-07-02 06:32:57 UTC | 810 | IN | |
2024-07-02 06:32:57 UTC | 19 | IN | |
2024-07-02 06:32:57 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49712 | 172.67.141.234 | 443 | 3276 | C:\Users\user\Desktop\6RVmzn1DzL.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 06:32:59 UTC | 285 | OUT | |
2024-07-02 06:32:59 UTC | 7081 | OUT | |
2024-07-02 06:32:59 UTC | 806 | IN | |
2024-07-02 06:32:59 UTC | 19 | IN | |
2024-07-02 06:32:59 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49714 | 172.67.141.234 | 443 | 3276 | C:\Users\user\Desktop\6RVmzn1DzL.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 06:33:00 UTC | 285 | OUT | |
2024-07-02 06:33:00 UTC | 1261 | OUT | |
2024-07-02 06:33:00 UTC | 812 | IN | |
2024-07-02 06:33:00 UTC | 19 | IN | |
2024-07-02 06:33:00 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49719 | 172.67.141.234 | 443 | 3276 | C:\Users\user\Desktop\6RVmzn1DzL.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 06:33:01 UTC | 287 | OUT | |
2024-07-02 06:33:01 UTC | 15331 | OUT | |
2024-07-02 06:33:01 UTC | 15331 | OUT | |
2024-07-02 06:33:01 UTC | 15331 | OUT | |
2024-07-02 06:33:01 UTC | 15331 | OUT | |
2024-07-02 06:33:01 UTC | 15331 | OUT | |
2024-07-02 06:33:01 UTC | 15331 | OUT | |
2024-07-02 06:33:01 UTC | 15331 | OUT | |
2024-07-02 06:33:01 UTC | 15331 | OUT | |
2024-07-02 06:33:01 UTC | 15331 | OUT | |
2024-07-02 06:33:01 UTC | 15331 | OUT | |
2024-07-02 06:33:03 UTC | 804 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49724 | 172.67.141.234 | 443 | 3276 | C:\Users\user\Desktop\6RVmzn1DzL.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 06:33:04 UTC | 268 | OUT | |
2024-07-02 06:33:04 UTC | 77 | OUT | |
2024-07-02 06:33:04 UTC | 812 | IN | |
2024-07-02 06:33:04 UTC | 54 | IN | |
2024-07-02 06:33:04 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 02:32:40 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\Desktop\6RVmzn1DzL.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x620000 |
File size: | 587'168 bytes |
MD5 hash: | 4D73427DC0B9F3DC4B846ACE0DDC2DEB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 5 |
Start time: | 02:33:03 |
Start date: | 02/07/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 6.7% |
Dynamic/Decrypted Code Coverage: | 68.1% |
Signature Coverage: | 20.7% |
Total number of Nodes: | 511 |
Total number of Limit Nodes: | 37 |
Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00623599 Relevance: 8.7, APIs: 3, Strings: 1, Instructions: 1726librarymemoryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00623E41 Relevance: 6.3, APIs: 2, Strings: 1, Instructions: 1025librarymemoryloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006240F9 Relevance: 6.2, APIs: 2, Strings: 1, Instructions: 994librarymemoryloaderCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031DF9F6 Relevance: 4.5, Strings: 3, Instructions: 738COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031E0FCA Relevance: 4.1, Strings: 3, Instructions: 347COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D90A87 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031D4D30 Relevance: 2.9, Strings: 2, Instructions: 415COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D904C7 Relevance: 1.9, APIs: 1, Instructions: 399threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031F1020 Relevance: 1.6, Strings: 1, Instructions: 374COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03208085 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03205F22 Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03208120 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0320B1A0 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0320AFE0 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00624B77 Relevance: .3, Instructions: 262COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031E6CA8 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031E61E0 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031E64F3 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031E60E2 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031E6E60 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031E3031 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031DA320 Relevance: 74.3, APIs: 2, Strings: 40, Instructions: 842libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00622BB3 Relevance: 4.5, APIs: 3, Instructions: 20COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DE1934 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031F8967 Relevance: 1.9, APIs: 1, Instructions: 414COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DE0586 Relevance: 1.6, APIs: 1, Instructions: 325memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 03207B2C Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03203D8F Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03207BE5 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031FB05F Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03206022 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031FE780 Relevance: 31.7, APIs: 6, Strings: 12, Instructions: 180clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0063B365 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 167libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031D97F0 Relevance: 16.6, Strings: 13, Instructions: 310COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D9B163 Relevance: 16.6, Strings: 13, Instructions: 310COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006229E6 Relevance: 16.6, APIs: 11, Instructions: 54stringwindowmemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00621DB1 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 31stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031F39C8 Relevance: 9.0, Strings: 7, Instructions: 204COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB533B Relevance: 9.0, Strings: 7, Instructions: 204COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031E811E Relevance: 8.8, Strings: 7, Instructions: 80COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00638694 Relevance: 7.8, APIs: 5, Instructions: 288timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DA9A91 Relevance: 7.6, Strings: 6, Instructions: 80COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031D5840 Relevance: 3.3, Strings: 2, Instructions: 830COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D971B3 Relevance: 3.3, Strings: 2, Instructions: 830COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DA1369 Relevance: 3.2, Strings: 2, Instructions: 738COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031F79E9 Relevance: 3.2, Strings: 2, Instructions: 728COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB935C Relevance: 3.2, Strings: 2, Instructions: 728COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 03206820 Relevance: 3.2, Strings: 2, Instructions: 701COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DC8193 Relevance: 3.2, Strings: 2, Instructions: 701COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031F4EE0 Relevance: 3.1, Strings: 2, Instructions: 568COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB6853 Relevance: 3.1, Strings: 2, Instructions: 568COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D966A3 Relevance: 2.9, Strings: 2, Instructions: 415COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D9A693 Relevance: 2.9, Strings: 2, Instructions: 387COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DA293D Relevance: 2.8, Strings: 2, Instructions: 347COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031F6446 Relevance: 2.8, Strings: 2, Instructions: 305COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031F6449 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031D8D20 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB2993 Relevance: 1.6, Strings: 1, Instructions: 374COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0062CF66 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006410FF Relevance: 1.6, APIs: 1, Instructions: 73fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031F5B60 Relevance: 1.6, Strings: 1, Instructions: 317COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB74D3 Relevance: 1.6, Strings: 1, Instructions: 317COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031D6A90 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D98403 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00633576 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031D9550 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D9AEC3 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00623B5D Relevance: 1.4, Strings: 1, Instructions: 177COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DCCB13 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DCC953 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031F0B63 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB24D6 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031EE180 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DAFAF3 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031EFEA3 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB1816 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031E1590 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DA2F03 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00633A58 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031D80F0 Relevance: .8, Instructions: 802COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D99A63 Relevance: .8, Instructions: 802COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031D39D0 Relevance: .6, Instructions: 628COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D95343 Relevance: .6, Instructions: 628COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D90000 Relevance: .5, Instructions: 495COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0062B936 Relevance: .5, Instructions: 458COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031D6570 Relevance: .4, Instructions: 432COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D97EE3 Relevance: .4, Instructions: 432COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0062D332 Relevance: .3, Instructions: 324COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0320BF40 Relevance: .3, Instructions: 311COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DCD8B3 Relevance: .3, Instructions: 311COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0320BC20 Relevance: .3, Instructions: 296COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DCD593 Relevance: .3, Instructions: 296COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006230B5 Relevance: .3, Instructions: 288COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031E1CA5 Relevance: .2, Instructions: 242COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DA3618 Relevance: .2, Instructions: 242COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031E437F Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DA5CF2 Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00623222 Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0062D71C Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 032035E0 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DC4F53 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031E480A Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DA617D Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031E5BB0 Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DA7523 Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00623291 Relevance: .2, Instructions: 176COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00622F93 Relevance: .2, Instructions: 162COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006232F0 Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DA861B Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DA7B53 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031DF840 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DA11B3 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031E6B5C Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DA84CF Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DA7E65 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D910D7 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00623B16 Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031E2DAD Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DA4720 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 03207940 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DC92B3 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00623CA3 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03209546 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DCAEB9 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031EFA80 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB13F3 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D910D6 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 03200F40 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DC28B3 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031F4C30 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00623D2B Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB65A3 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031F1F18 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB388B Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DA7A55 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DC99F8 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 03207465 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DC8DD8 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031D3680 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02D94FF3 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02D90E37 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DA87D3 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DA49A4 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031E277E Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DA40F1 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02DC7895 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031F2BDC Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB454F Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0320403F Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DC59B2 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 031EF9AD Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 031D1EA1 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DB1320 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0320A21A Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02DCBB8D Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006217F2 Relevance: 65.1, APIs: 26, Strings: 11, Instructions: 332windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006223AF Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 231windowtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00621635 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 139registrystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00621C65 Relevance: 33.1, APIs: 22, Instructions: 79COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00621474 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 153windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00621F04 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 153windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00622C57 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 120windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006221F0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 90stringwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0062267F Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 86timewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00622ADE Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 69stringsynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0062A965 Relevance: 15.2, APIs: 10, Instructions: 215COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0063FDDC Relevance: 15.2, APIs: 10, Instructions: 156memoryfileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00639091 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 284COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006340A8 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 146fileCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006227E6 Relevance: 12.2, APIs: 8, Instructions: 156COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00630FB9 Relevance: 9.3, APIs: 6, Instructions: 287COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00633A6D Relevance: 9.2, APIs: 6, Instructions: 228COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00621BB8 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 61stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00637FE4 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 214COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006354E2 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00621E9A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00629E34 Relevance: 8.0, APIs: 5, Instructions: 489COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00634396 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006339C5 Relevance: 7.5, APIs: 5, Instructions: 45threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0063734F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0063FD26 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00625B9A Relevance: 6.1, APIs: 4, Instructions: 106COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0062AC19 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0062F4C2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00622145 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00622DA2 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00622BF6 Relevance: 6.0, APIs: 4, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00632C0A Relevance: 6.0, APIs: 4, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00639472 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00621605 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|