Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
file.exe (PID: 3696 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 2F694C5080F96479F2BEA3F4D07200F1) WerFault.exe (PID: 4444 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 696 -s 156 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["benchillppwo.shop", "publicitttyps.shop", "answerrsdo.shop", "radiationnopp.shop", "affecthorsedpo.shop", "bargainnykwo.shop", "bannngwko.shop", "bouncedgowp.shop", "stationacutwo.shop"], "Build id": "P6Mk0M--key"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 23 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 0_2_0041718B |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0041003F | |
Source: | Code function: | 0_2_00427141 | |
Source: | Code function: | 0_2_00410950 | |
Source: | Code function: | 0_2_0041718B | |
Source: | Code function: | 0_2_00418192 | |
Source: | Code function: | 0_2_00418192 | |
Source: | Code function: | 0_2_0041B260 | |
Source: | Code function: | 0_2_00416380 | |
Source: | Code function: | 0_2_00416380 | |
Source: | Code function: | 0_2_00418C50 | |
Source: | Code function: | 0_2_00421570 | |
Source: | Code function: | 0_2_0040A660 | |
Source: | Code function: | 0_2_0041773E | |
Source: | Code function: | 0_2_0041773E | |
Source: | Code function: | 0_2_0041773E | |
Source: | Code function: | 0_2_0041773E | |
Source: | Code function: | 0_2_0041107B | |
Source: | Code function: | 0_2_004260F0 | |
Source: | Code function: | 0_2_004260F0 | |
Source: | Code function: | 0_2_0043A090 | |
Source: | Code function: | 0_2_0041289B | |
Source: | Code function: | 0_2_004390BE | |
Source: | Code function: | 0_2_00436162 | |
Source: | Code function: | 0_2_00425920 | |
Source: | Code function: | 0_2_00425920 | |
Source: | Code function: | 0_2_00413985 | |
Source: | Code function: | 0_2_004399A0 | |
Source: | Code function: | 0_2_004399A0 | |
Source: | Code function: | 0_2_004269B6 | |
Source: | Code function: | 0_2_00426A5F | |
Source: | Code function: | 0_2_00416210 | |
Source: | Code function: | 0_2_004242B2 | |
Source: | Code function: | 0_2_00438351 | |
Source: | Code function: | 0_2_00403BC0 | |
Source: | Code function: | 0_2_0040CBCC | |
Source: | Code function: | 0_2_004143D3 | |
Source: | Code function: | 0_2_004383E3 | |
Source: | Code function: | 0_2_00431B90 | |
Source: | Code function: | 0_2_00417C74 | |
Source: | Code function: | 0_2_00438C15 | |
Source: | Code function: | 0_2_00421C19 | |
Source: | Code function: | 0_2_004234DC | |
Source: | Code function: | 0_2_0043A480 | |
Source: | Code function: | 0_2_00421C8F | |
Source: | Code function: | 0_2_00417C90 | |
Source: | Code function: | 0_2_00415CA2 | |
Source: | Code function: | 0_2_00401D64 | |
Source: | Code function: | 0_2_00426660 | |
Source: | Code function: | 0_2_00439E00 | |
Source: | Code function: | 0_2_00439E00 | |
Source: | Code function: | 0_2_00402E80 | |
Source: | Code function: | 0_2_00425680 | |
Source: | Code function: | 0_2_0041D75D | |
Source: | Code function: | 0_2_0041D75D | |
Source: | Code function: | 0_2_0041D75D | |
Source: | Code function: | 0_2_0041D75D | |
Source: | Code function: | 0_2_00439F10 | |
Source: | Code function: | 0_2_00439F10 | |
Source: | Code function: | 0_2_0040E7D0 | |
Source: | Code function: | 0_2_0041FF85 | |
Source: | Code function: | 0_2_0041FF85 | |
Source: | Code function: | 0_2_0041FF85 | |
Source: | Code function: | 0_2_043FE403 | |
Source: | Code function: | 0_2_043F6477 | |
Source: | Code function: | 0_2_043FDA94 | |
Source: | Code function: | 0_2_0441A4B1 | |
Source: | Code function: | 0_2_043FB4C7 | |
Source: | Code function: | 0_2_04400510 | |
Source: | Code function: | 0_2_04400510 | |
Source: | Code function: | 0_2_04404519 | |
Source: | Code function: | 0_2_044185B8 | |
Source: | Code function: | 0_2_043F463A | |
Source: | Code function: | 0_2_0441864A | |
Source: | Code function: | 0_2_04403743 | |
Source: | Code function: | 0_2_043F6739 | |
Source: | Code function: | 0_2_043F772D | |
Source: | Code function: | 0_2_044017D7 | |
Source: | Code function: | 0_2_043E203D | |
Source: | Code function: | 0_2_043E30E7 | |
Source: | Code function: | 0_2_0441A21D | |
Source: | Code function: | 0_2_043FE257 | |
Source: | Code function: | 0_2_043F02A6 | |
Source: | Code function: | 0_2_043F12E2 | |
Source: | Code function: | 0_2_04406357 | |
Source: | Code function: | 0_2_04406357 | |
Source: | Code function: | 0_2_04419325 | |
Source: | Code function: | 0_2_044163C9 | |
Source: | Code function: | 0_2_044003F4 | |
Source: | Code function: | 0_2_044003F4 | |
Source: | Code function: | 0_2_043F83F9 | |
Source: | Code function: | 0_2_044073A8 | |
Source: | Code function: | 0_2_04406C1D | |
Source: | Code function: | 0_2_04406CC6 | |
Source: | Code function: | 0_2_04411DF7 | |
Source: | Code function: | 0_2_043E3E27 | |
Source: | Code function: | 0_2_04418E7C | |
Source: | Code function: | 0_2_043F8EB7 | |
Source: | Code function: | 0_2_043F7EA3 | |
Source: | Code function: | 0_2_043F7EDB | |
Source: | Code function: | 0_2_043F5F09 | |
Source: | Code function: | 0_2_043E1F8F | |
Source: | Code function: | 0_2_04401FBE | |
Source: | Code function: | 0_2_044068C7 | |
Source: | Code function: | 0_2_043F6899 | |
Source: | Code function: | 0_2_044058E7 | |
Source: | Code function: | 0_2_0441A88B | |
Source: | Code function: | 0_2_043EA8C7 | |
Source: | Code function: | 0_2_044058E7 | |
Source: | Code function: | 0_2_043FD9DB | |
Source: | Code function: | 0_2_043EEA37 | |
Source: | Code function: | 0_2_043F7A74 | |
Source: | Code function: | 0_2_043F8A6E | |
Source: | Code function: | 0_2_043FDA94 | |
Source: | Code function: | 0_2_043F0BB7 | |
Source: | Code function: | 0_2_043F3BEC | |
Source: | Code function: | 0_2_043F7BE0 | |
Source: | Code function: | 0_2_043F7BE0 |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0042E590 |
Source: | Code function: | 0_2_0042E590 |
Source: | Code function: | 0_2_0042EA70 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_0041718B | |
Source: | Code function: | 0_2_00422290 | |
Source: | Code function: | 0_2_00416C48 | |
Source: | Code function: | 0_2_00405460 | |
Source: | Code function: | 0_2_00420CED | |
Source: | Code function: | 0_2_00421570 | |
Source: | Code function: | 0_2_00417D08 | |
Source: | Code function: | 0_2_0043B630 | |
Source: | Code function: | 0_2_0040105C | |
Source: | Code function: | 0_2_0042B8F8 | |
Source: | Code function: | 0_2_0043A090 | |
Source: | Code function: | 0_2_0043B900 | |
Source: | Code function: | 0_2_00425920 | |
Source: | Code function: | 0_2_004369D0 | |
Source: | Code function: | 0_2_004089E0 | |
Source: | Code function: | 0_2_00433980 | |
Source: | Code function: | 0_2_004399A0 | |
Source: | Code function: | 0_2_00404A50 | |
Source: | Code function: | 0_2_00422AC1 | |
Source: | Code function: | 0_2_00423354 | |
Source: | Code function: | 0_2_00407310 | |
Source: | Code function: | 0_2_00421C19 | |
Source: | Code function: | 0_2_0043BC30 | |
Source: | Code function: | 0_2_0043A480 | |
Source: | Code function: | 0_2_00421C8F | |
Source: | Code function: | 0_2_00406D00 | |
Source: | Code function: | 0_2_0040FDA0 | |
Source: | Code function: | 0_2_00439E00 | |
Source: | Code function: | 0_2_004096C0 | |
Source: | Code function: | 0_2_0041D75D | |
Source: | Code function: | 0_2_00403F00 | |
Source: | Code function: | 0_2_00439F10 | |
Source: | Code function: | 0_2_00405F30 | |
Source: | Code function: | 0_2_0041FF85 | |
Source: | Code function: | 0_2_00401FA0 | |
Source: | Code function: | 0_2_043E56C7 | |
Source: | Code function: | 0_2_044017D7 | |
Source: | Code function: | 0_2_043F0007 | |
Source: | Code function: | 0_2_043E4167 | |
Source: | Code function: | 0_2_043E6197 | |
Source: | Code function: | 0_2_044003F4 | |
Source: | Code function: | 0_2_04416C37 | |
Source: | Code function: | 0_2_043E8C47 | |
Source: | Code function: | 0_2_043E4CB7 | |
Source: | Code function: | 0_2_0441BE97 | |
Source: | Code function: | 0_2_04402F17 | |
Source: | Code function: | 0_2_043E6F67 | |
Source: | Code function: | 0_2_043F7F91 | |
Source: | Code function: | 0_2_0441B897 | |
Source: | Code function: | 0_2_043E9927 | |
Source: | Code function: | 0_2_0440BB5F | |
Source: | Code function: | 0_2_0441BB67 | |
Source: | Code function: | 0_2_04413BE7 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_02A626D6 |
Source: | Code function: | 0_2_0042A44A |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00426005 | |
Source: | Code function: | 0_2_004418AA | |
Source: | Code function: | 0_2_02A6627E | |
Source: | Code function: | 0_2_02A6502A | |
Source: | Code function: | 0_2_02A6619C | |
Source: | Code function: | 0_2_02A631EF | |
Source: | Code function: | 0_2_02A654F1 | |
Source: | Code function: | 0_2_0440626C | |
Source: | Code function: | 0_2_043ECEA4 |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00438180 |
Source: | Code function: | 0_2_02A61FB3 | |
Source: | Code function: | 0_2_043E0D90 | |
Source: | Code function: | 0_2_043E092B |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | 31 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 4 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 22 Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1318160 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
stationacutwo.shop | 188.114.97.3 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.114.97.3 | stationacutwo.shop | European Union | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1466292 |
Start date and time: | 2024-07-02 19:01:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@2/5@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.208.16.94
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
13:02:02 | API Interceptor | |
13:02:32 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
188.114.97.3 | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | TechSupportScam | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | DBatLoader, Remcos | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | DBatLoader, Neshta | Browse |
| ||
Get hash | malicious | AsyncRAT, Neshta, XWorm | Browse |
| ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | Arc Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Bazar Loader, BruteRatel, Latrodectus | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_e1b8ee67c28e1740921d4bcadce1f30172278_35621c73_1a34e8b5-95ff-4b09-8773-76e45477dcb2\Report.wer ![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1MURGMTcxMEUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1MURGMTcxMUUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzBFRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzBGRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ndzG2gAAA2JJREFUeNq0VVtIlEEU/nZXaTc1txbLMkrFxAuolA+Z3dQgqIdE0dSy1gclezJt1VWrh9TSBzUqKCorMs1L0ENJqV0helBMxTCSykUSzby77pKX7czorr/r6mLggcPMf/453zdz5pwzIoPBgNUUMVZZRJaM0evlUTRUrRArpmpouNIqAYFLaeggdV0hgYbUm0h01kJ0zhK4o9NGwdzJEsF20tRl74B270xDltC2RiZDpEqFTa7bTbbNHh6ISEvj/8xETRhbljtBPqm90JBV8xTa4WF8a2w02b5++oSJ0VGoq2vMCezmMBYTEPNOGpTmHjIHBwz09CyKB7OtXbfOUqhOEVagpROULJVVTCS2tjiafJYrm1vJzBIi4Vg2grTct5THjl2BiM5UQz8xwb8PxsXhc339ciTBDJa0UjyXloWWVsns7XmIjqWk8H29vH0Lz2/eoLmI29g/pktIAWHLJL4yqYo+IheckQAOxMZCVV4BhYuLKU19gvfCOygILp6eszcqlyPk5AmMDQ5C095uTiAn1TECVrGmbbj6+UFVVoag8HA8K7mGvzodnN3dIRaLURgXi8baFzxEM9PTNK9F3b27iL14CbvDj+FHSwuG+/qEJL4iOoZamFqn869AameHJ7mXMdLfj/tdGlxPSsSeiEhMjIxgemoKDooNeFv2GOdpIwlUHyyUx7NzwBrnwyy1kCCHZVExaZfRohsbw920VA5uFL1Wi5E//TicmIgjyckY6u0lsBnTf934OB5dyOG1YdY6iiRf9PopChNLdJZJ3PG3RjMPTs5JxSWccJu3z2wN/OrhlVyZl4vvzc3cZpiZYc7o7+42up6hvtQiEhTaB5aqIoo1XywQB4UCUekZ/ARMXt25g+rCAowNDCwsgHnfjwyLCAwS023IpK00JNEuRHaOjvwS2WIGHpOdjdD4eNSVlqKzqQmHlErYr5fzOUsCiY0NmA+bs8OwrCTwnkXtmk5RSkMCq9SQuBPw3b8P/qFh+NnaigfqTHR3dPB1W728kHDlKtwCAtD65jXa33/Au4pyTE9Ost8PCVxp8T2Y66adxobHct/N3w8tDQ0WKykgjMjb2oQJoSX1NO5+qQdHbd4RVyA5BJ5n7cFZkLYrfNGKrD76tAM9Den/QZBh/lwy+SfAAK5qO2iUYLhmAAAAAElFTkSuQmCC)
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.984104509586134 |
Encrypted: | false |
SSDEEP: | 192:F09mTldvsPliQtiL0CLjGI3jBJFPzuiFKZ24IO8TVBE:S9ssNimiYCLj9j9zuiFKY4IO8X |
MD5: | B2567B9EF12BE2BFEA990AE385D226F0 |
SHA1: | 45FCDA1A315BA086106F5ADAD2CD6D86360BE8DE |
SHA-256: | 865E8EAAA575237C7FC0CD59FDB4D9980428B074E767AE4C1FCEA9F2665DFB22 |
SHA-512: | FD04B0B16D175F31C2533DBA08B3E1DC6FEF8CCFD9877F8345564AB1DE94706B2BDF0B47188F2BFA47F29EDAB180D7869338DAD998A46FA213ED19261C21A8F2 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8296 |
Entropy (8bit): | 3.694601812433928 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJGCvO6k/6Y9xSU1rFgmfBWei5DpDB89b0NsfoF8m:R6lXJE6E6YLSU15gmf8D5o0Gfor |
MD5: | 4FCB0DEFD207A60B6B5120785C4CD8E6 |
SHA1: | 68475D9CE7564568668A2F981BAF0D8F5A7DB832 |
SHA-256: | 8693EE92F1ADD51B93B9B5686B4F7CF98D4B98C4C33C6EFF84EF8D5AE149F951 |
SHA-512: | 4CC62AF102AF12BAB4F758438B8674347DF1857C3126C718170CD0C8BBF5F0AD9C7247BDF82AC9EBD4805E71594E6D313B1E33DA567A508BA042F357B57F53D0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4537 |
Entropy (8bit): | 4.427221069305402 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsPJg77aI9ZWWpW8VY9Ym8M4JStFNNo+q8UBw5NRT8At5d:uIjfxI7X37VZJaNoM5NRT75d |
MD5: | 6A11131CF06A5BC4A3D5C7AFA81BFAE7 |
SHA1: | B46D59A12A5442650C71247CF9BC844BB259A74C |
SHA-256: | 6FC35BE42A90DE960B307B36A974790468F6BA2559D84C2B27790303E1978939 |
SHA-512: | 41F73BAD2CCC574358000EAE2BAE6D598B76AF65E5D4EE81C6C43DE2EBDCF55473D8FB36A6508A378D8067FA3875A0B26398D8F62C797A576CEC8B9B1DBFFDA0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46094 |
Entropy (8bit): | 2.6367418174551056 |
Encrypted: | false |
SSDEEP: | 192:PQhBovXtjDZ7tODBvoDkpX4eq71DFlKbWgdNyeTPHn5ys8OnFZ6c:ohBUjDZMDBQIpXnfawyebH5h8OFZ6 |
MD5: | CDD9D626B6F8E569D59A31D0D9E5E4B4 |
SHA1: | 84029250E0AC81378725278F88B8BBC3AF6A0542 |
SHA-256: | 0703B5B8B8CE59DEFA85D3D3EEC9AC40C1B47A0B56E101877987C4BD937F7DC9 |
SHA-512: | AB84B55952C0B8D638F78E8A04EC1697FA73D122D49A51B743E4FE2C9D3078C6083A87C5A7E7DBE142512ABB52D348DE440D0C6F5AC1B9A5BE4A2274227DAFFD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465311077676866 |
Encrypted: | false |
SSDEEP: | 6144:kIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSbc:ZXD94+WlLZMM6YFH1+c |
MD5: | 71A9096BE5672F6A9C1B9E5AB871CB80 |
SHA1: | 05F3E1CD225B44F2FB77D7A1F69680AA3C81C5E3 |
SHA-256: | F8CEE971EE782300D35B3F14BEB763C78929608D34E9760ABC9E4E8978B936D6 |
SHA-512: | D086205E473BF6C7C515C705C5A68FC72520B40F2A212268DC8A7296C1D2A4C55702E031A5D477016CEE0128D5572B4D64D5953EDB1B3E92313F22885CFD9414 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.28304605913046 |
TrID: |
|
File name: | file.exe |
File size: | 297'472 bytes |
MD5: | 2f694c5080f96479f2bea3f4d07200f1 |
SHA1: | e67d58f0003e4506711c76e82915ba4f7d53b893 |
SHA256: | 60ec2c168365bcd32ac7a7ae6ad0d1fea4cc948590ac0ed7c621599f256964a0 |
SHA512: | 5bd183c62585d02aa98909b748dc9395fd1f942a5f3a54319f4a0a404a26bd595b4cd14da3111abfc82f2067170d771e0e85293340cc6fe35878501796a76d8e |
SSDEEP: | 6144:KPLVLEybu2Ts3URzcx4ahao3vewTbSo2BOwCk9ZC7:KP5LLbxsEuxj/3veUbZ2BOw1 |
TLSH: | D6548C6069F79926FFF75B312A70A6D40A3BBC637A70818E2540323E1D776D18A63713 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._...................................{...<...........v...........................Rich............PE..L....0.c.................D. |
Icon Hash: | cb97334d5555599a |
Entrypoint: | 0x401908 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x63BC307F [Mon Jan 9 15:19:27 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 039b1745d3ec0d69297e0716539e775c |
Instruction |
---|
call 00007F21A0DADA45h |
jmp 00007F21A0DA9D0Eh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 00000328h |
mov dword ptr [0043A918h], eax |
mov dword ptr [0043A914h], ecx |
mov dword ptr [0043A910h], edx |
mov dword ptr [0043A90Ch], ebx |
mov dword ptr [0043A908h], esi |
mov dword ptr [0043A904h], edi |
mov word ptr [0043A930h], ss |
mov word ptr [0043A924h], cs |
mov word ptr [0043A900h], ds |
mov word ptr [0043A8FCh], es |
mov word ptr [0043A8F8h], fs |
mov word ptr [0043A8F4h], gs |
pushfd |
pop dword ptr [0043A928h] |
mov eax, dword ptr [ebp+00h] |
mov dword ptr [0043A91Ch], eax |
mov eax, dword ptr [ebp+04h] |
mov dword ptr [0043A920h], eax |
lea eax, dword ptr [ebp+08h] |
mov dword ptr [0043A92Ch], eax |
mov eax, dword ptr [ebp-00000320h] |
mov dword ptr [0043A868h], 00010001h |
mov eax, dword ptr [0043A920h] |
mov dword ptr [0043A81Ch], eax |
mov dword ptr [0043A810h], C0000409h |
mov dword ptr [0043A814h], 00000001h |
mov eax, dword ptr [00439004h] |
mov dword ptr [ebp-00000328h], eax |
mov eax, dword ptr [00439008h] |
mov dword ptr [ebp-00000324h], eax |
call dword ptr [000000A8h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3777c | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2326000 | 0x101d8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x36000 | 0x188 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x34355 | 0x34400 | 1e22a9eb96e8bc6bddbd0ff7b987131a | False | 0.9151325134569378 | data | 7.864433923714666 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x36000 | 0x205c | 0x2200 | a5b8325eecea3a51a4e0810dc2e11832 | False | 0.3469669117647059 | data | 5.4033804076627225 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x39000 | 0x22ec548 | 0x1e00 | a65fda2a0cbdeb547a2c0ded9ba8b6c3 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x2326000 | 0x101d8 | 0x10200 | e84891895355dc5bef77d4d53a98f7c5 | False | 0.45842417635658916 | data | 4.996179893505764 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
NUSUTUMA | 0x232cf08 | 0x3fa | ASCII text, with very long lines (1018), with no line terminators | Turkish | Turkey | 0.6277013752455796 |
RT_CURSOR | 0x232d308 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.7368421052631579 | ||
RT_CURSOR | 0x232d438 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.06130705394190871 | ||
RT_ICON | 0x23266d0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Turkish | Turkey | 0.6114072494669509 |
RT_ICON | 0x2327578 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Turkish | Turkey | 0.6931407942238267 |
RT_ICON | 0x2327e20 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Turkish | Turkey | 0.7528801843317973 |
RT_ICON | 0x23284e8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Turkish | Turkey | 0.7933526011560693 |
RT_ICON | 0x2328a50 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Turkish | Turkey | 0.5953319502074689 |
RT_ICON | 0x232aff8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Turkish | Turkey | 0.725375234521576 |
RT_ICON | 0x232c0a0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Turkish | Turkey | 0.7377049180327869 |
RT_ICON | 0x232ca28 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Turkish | Turkey | 0.8847517730496454 |
RT_STRING | 0x232fbb8 | 0xaa | data | 0.611764705882353 | ||
RT_STRING | 0x232fc68 | 0x6e | data | 0.6 | ||
RT_STRING | 0x232fcd8 | 0x6b2 | data | 0.4305717619603267 | ||
RT_STRING | 0x2330390 | 0x688 | data | 0.4342105263157895 | ||
RT_STRING | 0x2330a18 | 0x6a4 | data | 0.42764705882352944 | ||
RT_STRING | 0x23310c0 | 0x202 | data | 0.5019455252918288 | ||
RT_STRING | 0x23312c8 | 0x6a4 | data | 0.42705882352941177 | ||
RT_STRING | 0x2331970 | 0x6d8 | data | 0.4297945205479452 | ||
RT_STRING | 0x2332048 | 0x7e0 | data | 0.42162698412698413 | ||
RT_STRING | 0x2332828 | 0x71a | data | 0.42684268426842686 | ||
RT_STRING | 0x2332f48 | 0x698 | data | 0.4277251184834123 | ||
RT_STRING | 0x23335e0 | 0x798 | data | 0.4202674897119342 | ||
RT_STRING | 0x2333d78 | 0x6dc | data | 0.4299544419134396 | ||
RT_STRING | 0x2334458 | 0x82c | data | 0.41634799235181646 | ||
RT_STRING | 0x2334c88 | 0x672 | data | 0.44 | ||
RT_STRING | 0x2335300 | 0x752 | data | 0.4247598719316969 | ||
RT_STRING | 0x2335a58 | 0x724 | data | 0.424507658643326 | ||
RT_STRING | 0x2336180 | 0x52 | data | 0.6585365853658537 | ||
RT_GROUP_CURSOR | 0x232f9e0 | 0x22 | data | 1.088235294117647 | ||
RT_GROUP_ICON | 0x232ce90 | 0x76 | data | Turkish | Turkey | 0.6610169491525424 |
RT_VERSION | 0x232fa08 | 0x1b0 | data | 0.5972222222222222 |
DLL | Import |
---|---|
KERNEL32.dll | SetVolumeMountPointW, GetComputerNameW, SleepEx, GetCommProperties, GetModuleHandleW, GetTickCount, ReadConsoleOutputA, GlobalAlloc, lstrcpynW, WriteConsoleW, GetModuleFileNameW, GetConsoleAliasesW, CreateJobObjectW, GetProcAddress, BuildCommDCBW, GetAtomNameA, LoadLibraryA, UnhandledExceptionFilter, InterlockedExchangeAdd, AddAtomA, FoldStringA, lstrcatW, EnumDateFormatsW, FindFirstVolumeA, AreFileApisANSI, OpenJobObjectA, ZombifyActCtx, GetLastError, GetConsoleAliasExesLengthA, CreateFileA, GetConsoleOutputCP, MultiByteToWideChar, HeapReAlloc, HeapAlloc, GetStartupInfoW, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, Sleep, HeapSize, ExitProcess, HeapCreate, VirtualFree, HeapFree, VirtualAlloc, WriteFile, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringA, WideCharToMultiByte, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, ReadFile, InitializeCriticalSectionAndSpinCount, RtlUnwind, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA |
GDI32.dll | GetBoundsRect |
ADVAPI32.dll | EnumDependentServicesA |
ole32.dll | CoTaskMemRealloc |
WINHTTP.dll | WinHttpAddRequestHeaders |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Turkish | Turkey |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 19:02:00.278760910 CEST | 49730 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:00.278794050 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:00.278904915 CEST | 49730 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:00.284331083 CEST | 49730 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:00.284347057 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:00.757734060 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:00.757812023 CEST | 49730 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:00.766042948 CEST | 49730 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:00.766061068 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:00.766338110 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:00.824450970 CEST | 49730 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:00.824465036 CEST | 49730 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:00.824563026 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:01.199270010 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:01.199348927 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:01.199433088 CEST | 49730 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:01.201777935 CEST | 49730 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:01.201795101 CEST | 443 | 49730 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:01.205091000 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:01.205132008 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:01.205199957 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:01.205452919 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:01.205467939 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:01.693440914 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:01.693511963 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:01.699748993 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:01.699759960 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:01.699985027 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:01.701446056 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:01.701494932 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:01.701513052 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.400413990 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.400456905 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.400487900 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.400511026 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.400541067 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.400573969 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.400868893 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.404463053 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.404505014 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.404702902 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.405098915 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.405153036 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.405190945 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.405201912 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.466772079 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.492897034 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.492944956 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.492971897 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.492989063 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.493020058 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.493061066 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.493074894 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.493088007 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.493125916 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.553960085 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.553988934 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.554009914 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.554017067 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.904079914 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.904109001 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:02.904200077 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.905134916 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:02.905144930 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:03.400080919 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:03.402682066 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:03.415999889 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:03.416016102 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:03.416234970 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:03.428131104 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:03.428230047 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:03.428266048 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:03.428313017 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:03.428330898 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:03.934511900 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:03.934602976 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:03.934740067 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:03.934762001 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:03.934779882 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:04.033797026 CEST | 49733 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:04.033824921 CEST | 443 | 49733 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:04.033888102 CEST | 49733 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:04.034187078 CEST | 49733 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:04.034200907 CEST | 443 | 49733 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:04.529588938 CEST | 443 | 49733 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:04.529668093 CEST | 49733 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:04.531091928 CEST | 49733 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:04.531111956 CEST | 443 | 49733 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:04.531421900 CEST | 443 | 49733 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:04.532496929 CEST | 49733 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:04.532624006 CEST | 49733 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:04.532682896 CEST | 443 | 49733 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:04.929897070 CEST | 443 | 49733 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:04.929987907 CEST | 443 | 49733 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:04.930032015 CEST | 49733 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:04.930427074 CEST | 49733 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:04.930447102 CEST | 443 | 49733 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:05.211939096 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:05.211977959 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:05.212039948 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:05.212438107 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:05.212454081 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:05.704312086 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:05.704499006 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:05.705670118 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:05.705682039 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:05.705918074 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:05.707103014 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:05.707223892 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:05.707257032 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:05.707340002 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:05.707350969 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:06.261940002 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:06.262032032 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:06.262259960 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:06.262307882 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:06.262335062 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:06.722322941 CEST | 49735 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:06.722357035 CEST | 443 | 49735 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:06.722434044 CEST | 49735 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:06.722750902 CEST | 49735 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:06.722764015 CEST | 443 | 49735 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:07.214402914 CEST | 443 | 49735 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:07.214481115 CEST | 49735 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:07.215840101 CEST | 49735 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:07.215852022 CEST | 443 | 49735 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:07.216088057 CEST | 443 | 49735 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:07.217513084 CEST | 49735 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:07.217631102 CEST | 49735 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:07.217655897 CEST | 443 | 49735 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:07.648566008 CEST | 443 | 49735 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:07.648654938 CEST | 443 | 49735 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:07.648719072 CEST | 49735 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:07.648876905 CEST | 49735 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:07.648897886 CEST | 443 | 49735 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:07.756949902 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:07.756980896 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:07.757057905 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:07.757337093 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:07.757349968 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:08.262855053 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:08.263052940 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:08.264448881 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:08.264457941 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:08.264689922 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:08.265907049 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:08.265985966 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:08.265991926 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:08.689804077 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:08.689932108 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:08.689976931 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:08.690040112 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:08.690059900 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.171684027 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.171752930 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.171822071 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.172144890 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.172173977 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.643846989 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.643917084 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.645780087 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.645796061 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.646034956 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.649456024 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.650377035 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.650414944 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.650511980 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.650543928 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.650650978 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.650708914 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.650834084 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.650861979 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.650990963 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.651025057 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.651175022 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.651206017 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.651220083 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.651297092 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.651324987 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.661322117 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.661446095 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.661484957 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.661510944 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.661529064 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.661607027 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.661645889 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.666697979 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.666871071 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.666908026 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:09.666915894 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:09.668351889 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:11.129879951 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:11.129976988 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:11.130024910 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:11.130115032 CEST | 49737 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:11.130132914 CEST | 443 | 49737 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:11.138700008 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:11.138727903 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:11.138801098 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:11.139198065 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:11.139211893 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:11.626775980 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:11.626835108 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:11.627933979 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:11.627943039 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:11.628145933 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:11.629462004 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:11.629534006 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:11.629556894 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:12.232594967 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:12.232680082 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:12.232870102 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:12.233042955 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:12.233042955 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 19:02:12.233062029 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 19:02:12.233069897 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 19:02:00.257067919 CEST | 54533 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 2, 2024 19:02:00.274194956 CEST | 53 | 54533 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 2, 2024 19:02:00.257067919 CEST | 192.168.2.4 | 1.1.1.1 | 0x98f6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 2, 2024 19:02:00.274194956 CEST | 1.1.1.1 | 192.168.2.4 | 0x98f6 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 19:02:00.274194956 CEST | 1.1.1.1 | 192.168.2.4 | 0x98f6 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 188.114.97.3 | 443 | 3696 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 17:02:00 UTC | 265 | OUT | |
2024-07-02 17:02:00 UTC | 8 | OUT | |
2024-07-02 17:02:01 UTC | 796 | IN | |
2024-07-02 17:02:01 UTC | 7 | IN | |
2024-07-02 17:02:01 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49731 | 188.114.97.3 | 443 | 3696 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 17:02:01 UTC | 266 | OUT | |
2024-07-02 17:02:01 UTC | 45 | OUT | |
2024-07-02 17:02:02 UTC | 798 | IN | |
2024-07-02 17:02:02 UTC | 571 | IN | |
2024-07-02 17:02:02 UTC | 1369 | IN | |
2024-07-02 17:02:02 UTC | 1369 | IN | |
2024-07-02 17:02:02 UTC | 1369 | IN | |
2024-07-02 17:02:02 UTC | 1369 | IN | |
2024-07-02 17:02:02 UTC | 1369 | IN | |
2024-07-02 17:02:02 UTC | 1369 | IN | |
2024-07-02 17:02:02 UTC | 1369 | IN | |
2024-07-02 17:02:02 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49732 | 188.114.97.3 | 443 | 3696 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 17:02:03 UTC | 284 | OUT | |
2024-07-02 17:02:03 UTC | 15331 | OUT | |
2024-07-02 17:02:03 UTC | 2830 | OUT | |
2024-07-02 17:02:03 UTC | 798 | IN | |
2024-07-02 17:02:03 UTC | 19 | IN | |
2024-07-02 17:02:03 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49733 | 188.114.97.3 | 443 | 3696 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 17:02:04 UTC | 283 | OUT | |
2024-07-02 17:02:04 UTC | 8782 | OUT | |
2024-07-02 17:02:04 UTC | 806 | IN | |
2024-07-02 17:02:04 UTC | 19 | IN | |
2024-07-02 17:02:04 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | 3696 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 17:02:05 UTC | 284 | OUT | |
2024-07-02 17:02:05 UTC | 15331 | OUT | |
2024-07-02 17:02:05 UTC | 5104 | OUT | |
2024-07-02 17:02:06 UTC | 806 | IN | |
2024-07-02 17:02:06 UTC | 19 | IN | |
2024-07-02 17:02:06 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49735 | 188.114.97.3 | 443 | 3696 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 17:02:07 UTC | 283 | OUT | |
2024-07-02 17:02:07 UTC | 5436 | OUT | |
2024-07-02 17:02:07 UTC | 810 | IN | |
2024-07-02 17:02:07 UTC | 19 | IN | |
2024-07-02 17:02:07 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49736 | 188.114.97.3 | 443 | 3696 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 17:02:08 UTC | 283 | OUT | |
2024-07-02 17:02:08 UTC | 1256 | OUT | |
2024-07-02 17:02:08 UTC | 800 | IN | |
2024-07-02 17:02:08 UTC | 19 | IN | |
2024-07-02 17:02:08 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49737 | 188.114.97.3 | 443 | 3696 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 17:02:09 UTC | 285 | OUT | |
2024-07-02 17:02:09 UTC | 15331 | OUT | |
2024-07-02 17:02:09 UTC | 15331 | OUT | |
2024-07-02 17:02:09 UTC | 15331 | OUT | |
2024-07-02 17:02:09 UTC | 15331 | OUT | |
2024-07-02 17:02:09 UTC | 15331 | OUT | |
2024-07-02 17:02:09 UTC | 15331 | OUT | |
2024-07-02 17:02:09 UTC | 15331 | OUT | |
2024-07-02 17:02:09 UTC | 15331 | OUT | |
2024-07-02 17:02:09 UTC | 15331 | OUT | |
2024-07-02 17:02:09 UTC | 15331 | OUT | |
2024-07-02 17:02:11 UTC | 806 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49738 | 188.114.97.3 | 443 | 3696 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 17:02:11 UTC | 266 | OUT | |
2024-07-02 17:02:11 UTC | 80 | OUT | |
2024-07-02 17:02:12 UTC | 810 | IN | |
2024-07-02 17:02:12 UTC | 54 | IN | |
2024-07-02 17:02:12 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:01:52 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 297'472 bytes |
MD5 hash: | 2F694C5080F96479F2BEA3F4D07200F1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 13:02:12 |
Start date: | 02/07/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa10000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.1% |
Dynamic/Decrypted Code Coverage: | 9% |
Signature Coverage: | 34.6% |
Total number of Nodes: | 312 |
Total number of Limit Nodes: | 23 |
Graph
Function 0040A660 Relevance: 23.0, Strings: 18, Instructions: 467COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00420CED Relevance: 11.8, Strings: 9, Instructions: 516COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418192 Relevance: 10.8, Strings: 8, Instructions: 776COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410950 Relevance: 10.4, Strings: 8, Instructions: 384COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418C50 Relevance: 9.2, Strings: 7, Instructions: 425COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041003F Relevance: 9.1, Strings: 7, Instructions: 394COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416C48 Relevance: 8.0, Strings: 6, Instructions: 457COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00422290 Relevance: 5.5, Strings: 4, Instructions: 494COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041773E Relevance: 5.5, Strings: 4, Instructions: 478COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421570 Relevance: 4.1, Strings: 3, Instructions: 362COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417D08 Relevance: 4.1, Strings: 3, Instructions: 310COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02A626D6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00405460 Relevance: 3.0, Strings: 2, Instructions: 451COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416380 Relevance: 1.6, Strings: 1, Instructions: 377COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438180 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FF85 Relevance: .6, Instructions: 590COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043B630 Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B260 Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A44A Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043E003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043E0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042BEB5 Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004380CA Relevance: 1.6, APIs: 1, Instructions: 63memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043603F Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437D4A Relevance: 1.5, APIs: 1, Instructions: 25libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437FE0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02A62395 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042E590 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 127clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043EA8C7 Relevance: 23.0, Strings: 18, Instructions: 467COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401FA0 Relevance: 13.0, Strings: 10, Instructions: 492COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043F0BB7 Relevance: 10.4, Strings: 8, Instructions: 384COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043F8EB7 Relevance: 9.2, Strings: 7, Instructions: 425COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043F02A6 Relevance: 9.1, Strings: 7, Instructions: 394COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040CBCC Relevance: 8.8, Strings: 7, Instructions: 92COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004260F0 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04406357 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00422AC1 Relevance: 4.2, Strings: 3, Instructions: 401COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 044017D7 Relevance: 4.1, Strings: 3, Instructions: 362COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043F83F9 Relevance: 4.1, Strings: 3, Instructions: 333COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043F7F91 Relevance: 4.0, Strings: 3, Instructions: 292COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043E092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00405F30 Relevance: 3.4, Strings: 2, Instructions: 886COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043E6197 Relevance: 3.4, Strings: 2, Instructions: 886COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00425920 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04404519 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 044073A8 Relevance: 3.0, Strings: 2, Instructions: 470COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043E56C7 Relevance: 3.0, Strings: 2, Instructions: 451COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004242B2 Relevance: 2.8, Strings: 2, Instructions: 289COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041D75D Relevance: 2.4, APIs: 1, Instructions: 875COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040105C Relevance: 2.1, Strings: 1, Instructions: 893COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042B8F8 Relevance: 1.8, APIs: 1, Instructions: 299COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0440BB5F Relevance: 1.8, APIs: 1, Instructions: 299COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00423354 Relevance: 1.8, Strings: 1, Instructions: 520COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043E9927 Relevance: 1.7, Strings: 1, Instructions: 416COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00439E00 Relevance: 1.7, Strings: 1, Instructions: 403COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00439F10 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043F8A6E Relevance: 1.6, Strings: 1, Instructions: 321COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00426660 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 044068C7 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407310 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041289B Relevance: 1.4, Strings: 1, Instructions: 135COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004143D3 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043F463A Relevance: 1.4, Strings: 1, Instructions: 110COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043F7A74 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00417C90 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438351 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 044185B8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004089E0 Relevance: .8, Instructions: 834COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043E8C47 Relevance: .8, Instructions: 834COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403F00 Relevance: .8, Instructions: 753COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043E4167 Relevance: .8, Instructions: 753COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004399A0 Relevance: .7, Instructions: 729COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404A50 Relevance: .6, Instructions: 634COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043E4CB7 Relevance: .6, Instructions: 634COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004369D0 Relevance: .6, Instructions: 574COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04416C37 Relevance: .6, Instructions: 574COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406D00 Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043E6F67 Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043A480 Relevance: .4, Instructions: 423COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004096C0 Relevance: .4, Instructions: 416COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421C19 Relevance: .4, Instructions: 398COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421C8F Relevance: .4, Instructions: 373COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A090 Relevance: .3, Instructions: 319COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043B900 Relevance: .3, Instructions: 304COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0441BB67 Relevance: .3, Instructions: 304COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043BC30 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0441BE97 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0441B897 Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004269B6 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04406C1D Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00433980 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413985 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04413BE7 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043F3BEC Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 04402F17 Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00426A5F Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04406CC6 Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043F7BE0 Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00415CA2 Relevance: .2, Instructions: 162COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043F5F09 Relevance: .2, Instructions: 162COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 044003F4 Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00416210 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043F6477 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041107B Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043F12E2 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043FB4C7 Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043F772D Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 04400510 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040FDA0 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043F0007 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043F6739 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402E80 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043E30E7 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043FDA94 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00438C15 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04418E7C Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0441A88B Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043FD9DB Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401D64 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043F6899 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00431B90 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04411DF7 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00425680 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 044058E7 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02A61FB3 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403BC0 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043E3E27 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00436162 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 044163C9 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004383E3 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0441864A Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004390BE Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04419325 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043E0D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 04401FBE Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E7D0 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043FE403 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043EEA37 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0441A4B1 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004234DC Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04403743 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043F7EA3 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043E1F8F Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043E203D Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 043FE257 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00417C74 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 043F7EDB Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0441A21D Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0440E7F7 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 127clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|