Edit tour
Windows
Analysis Report
Launcher.exe
Overview
General Information
| Sample name: | Launcher.exe |
| Analysis ID: | 1483203 |
| MD5: | eb703224c407d3d68b7fbd444cc2dfc3 |
| SHA1: | 2c11f4fd7e736ba67ba7a9e5f4e79f5c7c5edebe |
| SHA256: | f9544eee0a9c3a07cd8b5a912cdbc5c75252cd951709e409b53027310b3a969e |
| Tags: | exe |
| Infos: |  |
 | |
Detection
LummaC Stealer
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
Launcher.exe (PID: 6628 cmdline: "C:\Users\ user\Deskt op\Launche r.exe" MD5: EB703224C407D3D68B7FBD444CC2DFC3) 
conhost.exe (PID: 6552 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - RegAsm.exe (PID: 3868 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
{"C2 url": ["kaminiasbbefow.shop"]}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
| Timestamp: | 2024-07-26T20:37:04.604918+0200 |
| SID: | 2048094 |
| Source Port: | 49733 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | Malware Command and Control Activity Detected |
| Timestamp: | 2024-07-26T20:37:11.134815+0200 |
| SID: | 2054653 |
| Source Port: | 49737 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 2024-07-26T20:37:07.763651+0200 |
| SID: | 2843864 |
| Source Port: | 49736 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 2024-07-26T20:37:03.519551+0200 |
| SID: | 2048094 |
| Source Port: | 49732 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | Malware Command and Control Activity Detected |
| Timestamp: | 2024-07-26T20:37:02.375727+0200 |
| SID: | 2054653 |
| Source Port: | 49731 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 2024-07-26T20:37:01.200358+0200 |
| SID: | 2054653 |
| Source Port: | 49730 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 2024-07-26T20:37:16.591630+0200 |
| SID: | 2022930 |
| Source Port: | 443 |
| Destination Port: | 49738 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 2_2_004168B0 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_005185E9 | |
| Source: | Code function: | 0_2_00538160 | |
| Source: | Code function: | 0_2_005401A0 | |
| Source: | Code function: | 0_2_00566270 | |
| Source: | Code function: | 0_2_0056432E | |
| Source: | Code function: | 0_2_00534410 | |
| Source: | Code function: | 0_2_0055049E | |
| Source: | Code function: | 0_2_0054057E | |
| Source: | Code function: | 0_2_0053C5CE | |
| Source: | Code function: | 0_2_0053C663 | |
| Source: | Code function: | 0_2_0053C663 | |
| Source: | Code function: | 0_2_0054E600 | |
| Source: | Code function: | 0_2_0054A690 | |
| Source: | Code function: | 0_2_005646B7 | |
| Source: | Code function: | 0_2_0055077B | |
| Source: | Code function: | 0_2_0055077B | |
| Source: | Code function: | 0_2_00550703 | |
| Source: | Code function: | 0_2_00550703 | |
| Source: | Code function: | 0_2_00552850 | |
| Source: | Code function: | 0_2_00566850 | |
| Source: | Code function: | 0_2_0054E82F | |
| Source: | Code function: | 0_2_005506FE | |
| Source: | Code function: | 0_2_00562AA4 | |
| Source: | Code function: | 0_2_00566B80 | |
| Source: | Code function: | 0_2_0054AC10 | |
| Source: | Code function: | 0_2_0054ED8E | |
| Source: | Code function: | 0_2_00552DA1 | |
| Source: | Code function: | 0_2_00552DA1 | |
| Source: | Code function: | 0_2_0053CE07 | |
| Source: | Code function: | 0_2_00551B17 | |
| Source: | Code function: | 0_2_0055AF60 | |
| Source: | Code function: | 0_2_00546FE0 | |
| Source: | Code function: | 0_2_0053F0DB | |
| Source: | Code function: | 0_2_00545090 | |
| Source: | Code function: | 0_2_0056521C | |
| Source: | Code function: | 0_2_0054F280 | |
| Source: | Code function: | 0_2_0053F373 | |
| Source: | Code function: | 0_2_0054F630 | |
| Source: | Code function: | 0_2_00565780 | |
| Source: | Code function: | 0_2_00565950 | |
| Source: | Code function: | 0_2_0052F9D0 | |
| Source: | Code function: | 0_2_0053DA83 | |
| Source: | Code function: | 0_2_0053DA83 | |
| Source: | Code function: | 0_2_00565B00 | |
| Source: | Code function: | 0_2_0052DB90 | |
| Source: | Code function: | 0_2_0054DC10 | |
| Source: | Code function: | 0_2_0055FCD0 | |
| Source: | Code function: | 0_2_00533D60 | |
| Source: | Code function: | 0_2_00563D8C | |
| Source: | Code function: | 0_2_0053FE47 | |
| Source: | Code function: | 0_2_00561E70 | |
| Source: | Code function: | 0_2_0054DE26 | |
| Source: | Code function: | 0_2_0052DEF0 | |
| Source: | Code function: | 0_2_0054FF40 | |
| Source: | Code function: | 0_2_00533FF0 | |
| Source: | Code function: | 2_2_0040A000 | |
| Source: | Code function: | 2_2_00420800 | |
| Source: | Code function: | 2_2_004241F0 | |
| Source: | Code function: | 2_2_00412253 | |
| Source: | Code function: | 2_2_00412253 | |
| Source: | Code function: | 2_2_00412253 | |
| Source: | Code function: | 2_2_00425B30 | |
| Source: | Code function: | 2_2_00425B30 | |
| Source: | Code function: | 2_2_00425B30 | |
| Source: | Code function: | 2_2_00425B30 | |
| Source: | Code function: | 2_2_00425B30 | |
| Source: | Code function: | 2_2_00425B30 | |
| Source: | Code function: | 2_2_0043B540 | |
| Source: | Code function: | 2_2_0043BE60 | |
| Source: | Code function: | 2_2_0043B6F0 | |
| Source: | Code function: | 2_2_0043C770 | |
| Source: | Code function: | 2_2_00415F00 | |
| Source: | Code function: | 2_2_004358C0 | |
| Source: | Code function: | 2_2_00409950 | |
| Source: | Code function: | 2_2_00413972 | |
| Source: | Code function: | 2_2_00413972 | |
| Source: | Code function: | 2_2_00407174 | |
| Source: | Code function: | 2_2_0043997C | |
| Source: | Code function: | 2_2_004149E6 | |
| Source: | Code function: | 2_2_004149E6 | |
| Source: | Code function: | 2_2_0042319C | |
| Source: | Code function: | 2_2_0043A9B2 | |
| Source: | Code function: | 2_2_00437A60 | |
| Source: | Code function: | 2_2_00423A16 | |
| Source: | Code function: | 2_2_00425220 | |
| Source: | Code function: | 2_2_00415A37 | |
| Source: | Code function: | 2_2_00420280 | |
| Source: | Code function: | 2_2_00430B50 | |
| Source: | Code function: | 2_2_00423361 | |
| Source: | Code function: | 2_2_0043B370 | |
| Source: | Code function: | 2_2_0041CBD0 | |
| Source: | Code function: | 2_2_00409BE0 | |
| Source: | Code function: | 2_2_00428440 | |
| Source: | Code function: | 2_2_0043C440 | |
| Source: | Code function: | 2_2_0041AC80 | |
| Source: | Code function: | 2_2_0040DD50 | |
| Source: | Code function: | 2_2_004055C0 | |
| Source: | Code function: | 2_2_0043AD80 | |
| Source: | Code function: | 2_2_00415D90 | |
| Source: | Code function: | 2_2_00424E70 | |
| Source: | Code function: | 2_2_00413601 | |
| Source: | Code function: | 2_2_00413601 | |
| Source: | Code function: | 2_2_00411FEF | |
| Source: | Code function: | 2_2_00403780 | |
Networking | |
|---|
| Source: | URLs: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 2_2_0042D8C0 | |
| Source: | Code function: | 2_2_0042D8C0 | |
| Source: | Code function: | 2_2_0042E8E8 | |
| Source: | Code function: | 0_2_0054A4B6 | |
| Source: | Code function: | 0_2_00566530 | |
| Source: | Code function: | 0_2_00566850 | |
| Source: | Code function: | 0_2_00532870 | |
| Source: | Code function: | 0_2_0052E8C0 | |
| Source: | Code function: | 0_2_005549DC | |
| Source: | Code function: | 0_2_00530B30 | |
| Source: | Code function: | 0_2_0055CD20 | |
| Source: | Code function: | 0_2_0054CEB0 | |
| Source: | Code function: | 0_2_00539270 | |
| Source: | Code function: | 0_2_0052F2A0 | |
| Source: | Code function: | 0_2_00533550 | |
| Source: | Code function: | 0_2_005177CA | |
| Source: | Code function: | 0_2_0054F8D0 | |
| Source: | Code function: | 0_2_0054B8E0 | |
| Source: | Code function: | 0_2_00561E70 | |
| Source: | Code function: | 0_2_0052FE24 | |
| Source: | Code function: | 0_2_0052DEF0 | |
| Source: | Code function: | 2_2_00421970 | |
| Source: | Code function: | 2_2_0041E110 | |
| Source: | Code function: | 2_2_0040F1B0 | |
| Source: | Code function: | 2_2_00412253 | |
| Source: | Code function: | 2_2_00425B30 | |
| Source: | Code function: | 2_2_00420BEC | |
| Source: | Code function: | 2_2_00404E90 | |
| Source: | Code function: | 2_2_004117FB | |
| Source: | Code function: | 2_2_00433790 | |
| Source: | Code function: | 2_2_0041E054 | |
| Source: | Code function: | 2_2_00401000 | |
| Source: | Code function: | 2_2_00409140 | |
| Source: | Code function: | 2_2_00407174 | |
| Source: | Code function: | 2_2_00432910 | |
| Source: | Code function: | 2_2_0043C120 | |
| Source: | Code function: | 2_2_0042292B | |
| Source: | Code function: | 2_2_004149E6 | |
| Source: | Code function: | 2_2_0042319C | |
| Source: | Code function: | 2_2_0043A9B2 | |
| Source: | Code function: | 2_2_00437A60 | |
| Source: | Code function: | 2_2_0042127D | |
| Source: | Code function: | 2_2_00406222 | |
| Source: | Code function: | 2_2_00415232 | |
| Source: | Code function: | 2_2_00420280 | |
| Source: | Code function: | 2_2_00421A95 | |
| Source: | Code function: | 2_2_00423361 | |
| Source: | Code function: | 2_2_0043A300 | |
| Source: | Code function: | 2_2_0043C440 | |
| Source: | Code function: | 2_2_00405C04 | |
| Source: | Code function: | 2_2_004254C0 | |
| Source: | Code function: | 2_2_004084FB | |
| Source: | Code function: | 2_2_004044BF | |
| Source: | Code function: | 2_2_0040BD07 | |
| Source: | Code function: | 2_2_0042A5CC | |
| Source: | Code function: | 2_2_0043AD80 | |
| Source: | Code function: | 2_2_00406DB0 | |
| Source: | Code function: | 2_2_00401644 | |
| Source: | Code function: | 2_2_0040EE60 | |
| Source: | Code function: | 2_2_0041FE25 | |
| Source: | Code function: | 2_2_00407628 | |
| Source: | Code function: | 2_2_00405EE6 | |
| Source: | Code function: | 2_2_0043A6B0 | |
| Source: | Code function: | 2_2_00406720 | |
| Source: | Code function: | 2_2_00401FA0 | |
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 2_2_00428D80 | |
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_005087B2 | |
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | System information queried: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Code function: | 0_2_005185E9 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_00438D50 | |
| Source: | Code function: | 0_2_00508DFE | |
| Source: | Code function: | 0_2_005105AA | |
| Source: | Code function: | 0_2_00513E62 | |
| Source: | Code function: | 0_2_00519720 | |
| Source: | Code function: | 0_2_00508DFE | |
| Source: | Code function: | 0_2_0050CDE3 | |
| Source: | Code function: | 0_2_00508F5A | |
| Source: | Code function: | 0_2_00509015 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Code function: | 0_2_0147018D | |
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00508BF5 | |
| Source: | Code function: | 0_2_0051B338 | |
| Source: | Code function: | 0_2_0051B533 | |
| Source: | Code function: | 0_2_0051B5DA | |
| Source: | Code function: | 0_2_0051B625 | |
| Source: | Code function: | 0_2_0051B6C0 | |
| Source: | Code function: | 0_2_005136E5 | |
| Source: | Code function: | 0_2_0051B74B | |
| Source: | Code function: | 0_2_0051B99E | |
| Source: | Code function: | 0_2_0051BAC7 | |
| Source: | Code function: | 0_2_0051BBCD | |
| Source: | Code function: | 0_2_00513C0B | |
| Source: | Code function: | 0_2_0051BC9C | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_005083F3 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 411 Process Injection | LSASS Memory | 131 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 11 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 21 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 11 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 33 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 58% | ReversingLabs | Win32.Trojan.Stealerc | ||
| 100% | Avira | HEUR/AGEN.1352999 | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| kaminiasbbefow.shop | 188.114.96.3 | true | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 188.114.96.3 | kaminiasbbefow.shop | European Union | 13335 | CLOUDFLARENETUS | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1483203 |
| Start date and time: | 2024-07-26 20:36:06 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 5s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 4 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Launcher.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@4/0@1/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): SIHClient.exe
- Excluded IPs from analysis (whitelisted): 13.85.23.206
- Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Launcher.exe
| Time | Type | Description |
|---|---|---|
| 14:37:01 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 188.114.96.3 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | GuLoader, Remcos | Browse |
| ||
| Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
| Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| |
| Get hash | malicious | Amadey, Babadeda, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Babadeda | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | Amadey, Babadeda, RedLine, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, Babadeda, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CobaltStrike, ReflectiveLoader | Browse |
| ||
| Get hash | malicious | Amadey, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 7.649441362291848 |
| TrID: |
|
| File name: | Launcher.exe |
| File size: | 487'936 bytes |
| MD5: | eb703224c407d3d68b7fbd444cc2dfc3 |
| SHA1: | 2c11f4fd7e736ba67ba7a9e5f4e79f5c7c5edebe |
| SHA256: | f9544eee0a9c3a07cd8b5a912cdbc5c75252cd951709e409b53027310b3a969e |
| SHA512: | da1448222d34f4af9d7112342e2a7a45413d3aabb91917e286fab726152311a38c3a80c6e821ff8d8b55d04d0b01301d8299edad56123eb9c7f42d543a95dae5 |
| SSDEEP: | 6144:e24ml/xWmgXhnmrCX6iQK6BHVlsdssys1FdUf7HGrzKGzTnkT+UKSgLjwfqSOOgr:e2np7ggpHVyyslQGrz5kqUeLjwCSO/ |
| TLSH: | 20A4F151B4C08073C673253509E8D7B89E7EB9704FA68DAFAB944F7E0F30281E621667 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........wq..."..."..."]..#..."]..#'.."]..#..."LE.#..."]..#..."..."..."LE.#..."LE.#..."}F.#..."}F.#..."Rich..."................PE..L.. |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x408acb |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows cui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x669FC4D3 [Tue Jul 23 14:57:23 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 42eb2b50acad70f9618962bfa70c7f34 |
| Instruction |
|---|
| call 00007F8BE08D81C4h |
| jmp 00007F8BE08D78A9h |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| push ecx |
| lea ecx, dword ptr [esp+08h] |
| sub ecx, eax |
| and ecx, 0Fh |
| add eax, ecx |
| sbb ecx, ecx |
| or eax, ecx |
| pop ecx |
| jmp 00007F8BE08D82AFh |
| push ecx |
| lea ecx, dword ptr [esp+08h] |
| sub ecx, eax |
| and ecx, 07h |
| add eax, ecx |
| sbb ecx, ecx |
| or eax, ecx |
| pop ecx |
| jmp 00007F8BE08D8299h |
| int3 |
| int3 |
| int3 |
| int3 |
| push ebx |
| push esi |
| mov eax, dword ptr [esp+18h] |
| or eax, eax |
| jne 00007F8BE08D7A4Ah |
| mov ecx, dword ptr [esp+14h] |
| mov eax, dword ptr [esp+10h] |
| xor edx, edx |
| div ecx |
| mov ebx, eax |
| mov eax, dword ptr [esp+0Ch] |
| div ecx |
| mov edx, ebx |
| jmp 00007F8BE08D7A73h |
| mov ecx, eax |
| mov ebx, dword ptr [esp+14h] |
| mov edx, dword ptr [esp+10h] |
| mov eax, dword ptr [esp+0Ch] |
| shr ecx, 1 |
| rcr ebx, 1 |
| shr edx, 1 |
| rcr eax, 1 |
| or ecx, ecx |
| jne 00007F8BE08D7A26h |
| div ebx |
| mov esi, eax |
| mul dword ptr [esp+18h] |
| mov ecx, eax |
| mov eax, dword ptr [esp+14h] |
| mul esi |
| add edx, ecx |
| jc 00007F8BE08D7A40h |
| cmp edx, dword ptr [esp+10h] |
| jnbe 00007F8BE08D7A3Ah |
| jc 00007F8BE08D7A39h |
| cmp eax, dword ptr [esp+0Ch] |
| jbe 00007F8BE08D7A33h |
| dec esi |
| xor edx, edx |
| mov eax, esi |
| pop esi |
| pop ebx |
| retn 0010h |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| push ebx |
| mov eax, dword ptr [esp+14h] |
| or eax, eax |
| jne 00007F8BE08D7A4Ah |
| mov ecx, dword ptr [esp+10h] |
| mov eax, dword ptr [esp+0Ch] |
| xor edx, edx |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x29dfc | 0x3c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x79000 | 0x1f94 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x273a8 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x27400 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x272e8 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x20000 | 0x174 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x1ea87 | 0x1ec00 | 74572ee2a8ffc122bc46d570bdda8c33 | False | 0.5812849339430894 | data | 6.594277178434165 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x20000 | 0xa6ac | 0xa800 | 549803e1e95103221385d77eb03d4bce | False | 0.38292875744047616 | data | 4.621267525953547 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x2b000 | 0x4c404 | 0x4b400 | 10967ebb64f3fd60c9b1079da1c80c30 | False | 0.9841478924418605 | data | 7.988911210370472 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .bsS | 0x78000 | 0x4ac | 0x600 | f929bf25d4c42bd01cdad568b5fe4d8a | False | 0.4791666666666667 | data | 5.111291762588542 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .reloc | 0x79000 | 0x1f94 | 0x2000 | 7b02f8bc0bbb94c166c37781d6f450c4 | False | 0.7503662109375 | data | 6.5259141747211675 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| DLL | Import |
|---|---|
| USER32.dll | OffsetRect |
| KERNEL32.dll | GetCPInfo, CreateFileW, WaitForSingleObject, CreateThread, VirtualAllocEx, FreeConsole, RaiseException, InitOnceBeginInitialize, InitOnceComplete, CloseHandle, GetCurrentThreadId, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, GetLastError, FreeLibraryWhenCallbackReturns, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolWork, GetModuleHandleExW, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, QueryPerformanceCounter, EncodePointer, DecodePointer, MultiByteToWideChar, WideCharToMultiByte, LCMapStringEx, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, GetStringTypeW, WriteConsoleW, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, InitializeSListHead, HeapSize, RtlUnwind, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleFileNameW, GetStdHandle, WriteFile, GetCommandLineA, GetCommandLineW, HeapFree, HeapAlloc, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, SetStdHandle |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 2024-07-26T20:37:04.604918+0200 | TCP | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
| 2024-07-26T20:37:11.134815+0200 | TCP | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
| 2024-07-26T20:37:07.763651+0200 | TCP | 2843864 | ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| 2024-07-26T20:37:03.519551+0200 | TCP | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
| 2024-07-26T20:37:02.375727+0200 | TCP | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| 2024-07-26T20:37:01.200358+0200 | TCP | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| 2024-07-26T20:37:16.591630+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49738 | 40.68.123.157 | 192.168.2.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 26, 2024 20:37:00.239495039 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:00.239547968 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:00.239809036 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:00.242954016 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:00.242996931 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:00.722800970 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:00.722986937 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:00.725744009 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:00.725770950 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:00.726277113 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:00.773190975 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:00.811661959 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:00.811662912 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:00.811853886 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:01.200427055 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:01.200675964 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:01.200841904 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:01.210405111 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:01.210467100 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:01.210511923 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:01.210530043 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:01.246746063 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:01.246835947 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:01.246921062 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:01.289097071 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:01.289141893 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:01.808269978 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:01.808423042 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:01.820252895 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:01.820287943 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:01.820720911 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:01.866784096 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:01.875473022 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:01.875516891 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:01.875730038 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.375708103 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.375823021 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.375902891 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.375936031 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.375960112 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.375972033 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.376027107 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.376060963 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.376082897 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.376090050 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.376101971 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.376157999 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.376159906 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.376173973 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.376224041 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.376225948 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.376235962 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.376291037 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.380234957 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.429402113 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.465967894 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.466284990 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.466407061 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.466464996 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.466511965 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.466547012 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.466559887 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.518488884 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.518578053 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.518696070 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.519079924 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.519159079 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.983551979 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.983655930 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.984896898 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.984924078 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.985284090 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.986387014 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.986525059 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.986572027 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:02.986644983 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:02.986660004 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:03.519476891 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:03.519737005 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:03.519731998 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:03.519808054 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:03.538316011 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:03.538409948 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:03.538804054 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:03.538985968 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:03.539019108 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:04.100075960 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:04.100270033 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:04.101557016 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:04.101572037 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:04.101891041 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:04.103070974 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:04.103179932 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:04.103209019 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:04.604810953 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:04.605005026 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:04.605106115 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:04.605106115 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:04.680084944 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:04.680135012 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:04.680216074 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:04.680519104 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:04.680533886 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:04.913705111 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:04.913743019 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:05.176532984 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:05.176692963 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:05.177756071 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:05.177777052 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:05.178111076 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:05.179744959 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:05.179903030 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:05.179941893 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:05.180027962 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:05.180043936 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:05.739974022 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:05.740196943 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:05.740252018 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:05.740252018 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:05.958101988 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:05.958183050 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:05.958436966 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:05.958935976 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:05.958973885 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:06.428534031 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:06.428843975 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:06.430555105 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:06.430581093 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:06.430989027 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:06.432060003 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:06.432209015 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:06.432218075 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:06.839179039 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:06.839423895 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:06.839497089 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:06.839576960 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:06.839595079 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.263658047 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.263703108 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.263917923 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.264107943 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.264121056 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.758269072 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.758363962 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.760080099 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.760107994 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.760656118 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.762262106 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.762999058 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.763046026 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.763176918 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.763221979 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.763345957 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.763381004 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.763535976 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.763571978 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.763751030 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.763788939 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.763967991 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.764008999 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.764031887 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.764200926 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.764242887 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.774375916 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.774595022 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.774636984 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.774671078 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.774693012 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.774756908 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.774806976 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.774863958 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.781104088 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:07.781236887 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:07.781296968 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:10.158227921 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:10.158457041 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:10.158524036 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:10.158560038 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:10.162597895 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:10.162687063 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:10.162797928 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:10.163193941 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:10.163227081 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:10.650857925 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:10.651099920 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:10.652537107 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:10.652565002 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:10.653503895 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:10.654597998 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:10.654638052 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:10.654967070 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:11.134851933 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:11.135075092 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:11.135158062 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:11.135261059 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:11.135261059 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
| Jul 26, 2024 20:37:11.135307074 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
| Jul 26, 2024 20:37:11.135340929 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 26, 2024 20:37:00.219902992 CEST | 50460 | 53 | 192.168.2.4 | 1.1.1.1 |
| Jul 26, 2024 20:37:00.235589981 CEST | 53 | 50460 | 1.1.1.1 | 192.168.2.4 |
| Jul 26, 2024 20:37:16.322124958 CEST | 53 | 63354 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jul 26, 2024 20:37:00.219902992 CEST | 192.168.2.4 | 1.1.1.1 | 0x38f0 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jul 26, 2024 20:37:00.235589981 CEST | 1.1.1.1 | 192.168.2.4 | 0x38f0 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 20:37:00.235589981 CEST | 1.1.1.1 | 192.168.2.4 | 0x38f0 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49730 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 18:37:00 UTC | 266 | OUT | |
| 2024-07-26 18:37:00 UTC | 8 | OUT | |
| 2024-07-26 18:37:01 UTC | 800 | IN | |
| 2024-07-26 18:37:01 UTC | 7 | IN | |
| 2024-07-26 18:37:01 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49731 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 18:37:01 UTC | 267 | OUT | |
| 2024-07-26 18:37:01 UTC | 57 | OUT | |
| 2024-07-26 18:37:02 UTC | 810 | IN | |
| 2024-07-26 18:37:02 UTC | 559 | IN | |
| 2024-07-26 18:37:02 UTC | 1369 | IN | |
| 2024-07-26 18:37:02 UTC | 1369 | IN | |
| 2024-07-26 18:37:02 UTC | 1369 | IN | |
| 2024-07-26 18:37:02 UTC | 1369 | IN | |
| 2024-07-26 18:37:02 UTC | 1369 | IN | |
| 2024-07-26 18:37:02 UTC | 181 | IN | |
| 2024-07-26 18:37:02 UTC | 1369 | IN | |
| 2024-07-26 18:37:02 UTC | 1369 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49732 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 18:37:02 UTC | 285 | OUT | |
| 2024-07-26 18:37:02 UTC | 15331 | OUT | |
| 2024-07-26 18:37:02 UTC | 2842 | OUT | |
| 2024-07-26 18:37:03 UTC | 804 | IN | |
| 2024-07-26 18:37:03 UTC | 19 | IN | |
| 2024-07-26 18:37:03 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49733 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 18:37:04 UTC | 284 | OUT | |
| 2024-07-26 18:37:04 UTC | 8794 | OUT | |
| 2024-07-26 18:37:04 UTC | 808 | IN | |
| 2024-07-26 18:37:04 UTC | 19 | IN | |
| 2024-07-26 18:37:04 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49734 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 18:37:05 UTC | 285 | OUT | |
| 2024-07-26 18:37:05 UTC | 15331 | OUT | |
| 2024-07-26 18:37:05 UTC | 5116 | OUT | |
| 2024-07-26 18:37:05 UTC | 796 | IN | |
| 2024-07-26 18:37:05 UTC | 19 | IN | |
| 2024-07-26 18:37:05 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49735 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 18:37:06 UTC | 284 | OUT | |
| 2024-07-26 18:37:06 UTC | 1265 | OUT | |
| 2024-07-26 18:37:06 UTC | 800 | IN | |
| 2024-07-26 18:37:06 UTC | 19 | IN | |
| 2024-07-26 18:37:06 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 18:37:07 UTC | 286 | OUT | |
| 2024-07-26 18:37:07 UTC | 15331 | OUT | |
| 2024-07-26 18:37:07 UTC | 15331 | OUT | |
| 2024-07-26 18:37:07 UTC | 15331 | OUT | |
| 2024-07-26 18:37:07 UTC | 15331 | OUT | |
| 2024-07-26 18:37:07 UTC | 15331 | OUT | |
| 2024-07-26 18:37:07 UTC | 15331 | OUT | |
| 2024-07-26 18:37:07 UTC | 15331 | OUT | |
| 2024-07-26 18:37:07 UTC | 15331 | OUT | |
| 2024-07-26 18:37:07 UTC | 15331 | OUT | |
| 2024-07-26 18:37:07 UTC | 15331 | OUT | |
| 2024-07-26 18:37:10 UTC | 802 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49737 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 18:37:10 UTC | 267 | OUT | |
| 2024-07-26 18:37:10 UTC | 92 | OUT | |
| 2024-07-26 18:37:11 UTC | 800 | IN | |
| 2024-07-26 18:37:11 UTC | 54 | IN | |
| 2024-07-26 18:37:11 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 14:36:58 |
| Start date: | 26/07/2024 |
| Path: | C:\Users\user\Desktop\Launcher.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x500000 |
| File size: | 487'936 bytes |
| MD5 hash: | EB703224C407D3D68B7FBD444CC2DFC3 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 14:36:58 |
| Start date: | 26/07/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 14:36:59 |
| Start date: | 26/07/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x530000 |
| File size: | 65'440 bytes |
| MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 1.9% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 5.1% |
| Total number of Nodes: | 292 |
| Total number of Limit Nodes: | 17 |
Graph
Function 0147018D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005105AA Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005138AE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0050525A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00510536 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00515A2E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00513979 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00513E93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00514082 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0050504D Relevance: 3.0, APIs: 2, Instructions: 12synchronizationthreadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00505378 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00534410 Relevance: 11.7, Strings: 9, Instructions: 426COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0051BC9C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0051B338 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 251COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005185E9 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0051BAC7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0050CDE3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005083F3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27timeCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00508DFE Relevance: 6.1, APIs: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054FF40 Relevance: 5.2, Strings: 4, Instructions: 234COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00545090 Relevance: 4.1, Strings: 3, Instructions: 381COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00533FF0 Relevance: 4.1, Strings: 3, Instructions: 322COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00565B00 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005136E5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0052FE24 Relevance: 3.3, Strings: 2, Instructions: 819COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054F8D0 Relevance: 3.0, Strings: 2, Instructions: 543COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0052F2A0 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005506FE Relevance: 2.9, Strings: 2, Instructions: 403COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0055077B Relevance: 2.9, Strings: 2, Instructions: 393COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054B8E0 Relevance: 2.9, Strings: 2, Instructions: 384COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00566B80 Relevance: 2.7, Strings: 2, Instructions: 247COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00533D60 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00508BF5 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00533550 Relevance: 1.6, Strings: 1, Instructions: 363COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0051BBCD Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054AC10 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00508F5A Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005549DC Relevance: 1.5, Strings: 1, Instructions: 226COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00565780 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00565950 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0055049E Relevance: 1.4, Strings: 1, Instructions: 134COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00519720 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00532870 Relevance: .9, Instructions: 867COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00561E70 Relevance: .8, Instructions: 788COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0052DEF0 Relevance: .7, Instructions: 660COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0052E8C0 Relevance: .6, Instructions: 608COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00530B30 Relevance: .5, Instructions: 545COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053C663 Relevance: .4, Instructions: 418COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00552850 Relevance: .3, Instructions: 321COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00566530 Relevance: .3, Instructions: 303COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053FE47 Relevance: .3, Instructions: 303COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00552DA1 Relevance: .3, Instructions: 296COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00566850 Relevance: .3, Instructions: 286COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00550703 Relevance: .3, Instructions: 285COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053DA83 Relevance: .3, Instructions: 266COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00566270 Relevance: .2, Instructions: 250COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00546FE0 Relevance: .2, Instructions: 249COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054F280 Relevance: .2, Instructions: 197COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054CEB0 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0055CD20 Relevance: .2, Instructions: 188COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054E600 Relevance: .2, Instructions: 181COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054A4B6 Relevance: .2, Instructions: 157COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00551B17 Relevance: .2, Instructions: 151COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005401A0 Relevance: .1, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00539270 Relevance: .1, Instructions: 127COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054E82F Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00563D8C Relevance: .1, Instructions: 117COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00562AA4 Relevance: .1, Instructions: 109COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054A690 Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053F373 Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053F0DB Relevance: .1, Instructions: 90COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0052F9D0 Relevance: .1, Instructions: 85COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054DC10 Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0055AF60 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054F630 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0052DB90 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0056432E Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053C5CE Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0056521C Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00538160 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0055FCD0 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054DE26 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054057E Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0054ED8E Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005646B7 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053CE07 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005083AE Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0050BD42 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00516DCC Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005060CB Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 116threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005105CC Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 42libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00515576 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 338fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00506CE1 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00514EA4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00508791 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0050CAD7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005182F5 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0050FE04 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0051928B Relevance: 6.1, APIs: 4, Instructions: 74COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005165B5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0050C0E7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00515BF2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00515B09 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00503FEA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00509143 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005099C2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005024EA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0050243C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00506B64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20threadCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 15.5% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 11.8% |
| Total number of Nodes: | 415 |
| Total number of Limit Nodes: | 35 |
Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00428D80 Relevance: 21.4, Strings: 17, Instructions: 182COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004168B0 Relevance: 1.7, APIs: 1, Instructions: 162COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438D50 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00437190 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 98memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A6C0 Relevance: 11.3, APIs: 1, Strings: 5, Instructions: 846libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004298C4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 87memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409662 Relevance: 3.0, APIs: 2, Instructions: 10COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040967F Relevance: 3.0, APIs: 2, Instructions: 10COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409657 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438C60 Relevance: 1.6, APIs: 1, Instructions: 81memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00437176 Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004095F6 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004095CD Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004095BF Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042D8C0 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 132clipboardCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|