Edit tour
Windows
Analysis Report
SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe
Overview
General Information
| Sample name: | SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
| Analysis ID: | 1545740 |
| MD5: | 0b842f6524815b8064a51c651838cc73 |
| SHA1: | 08ef826547f5cf668f8d7d38477e1926a50c65db |
| SHA256: | 779f6eab3cef74bddcabbf54b6a46d6ef6b6fba5a7218e70e5ada41f68d047d1 |
| Tags: | exe |
| Infos: |  |
 | |
Detection
LummaC, DarkTortilla, LummaC Stealer
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected DarkTortilla Crypter
Yara detected LummaC Stealer
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to launch a process as a different user
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe (PID: 2200 cmdline: "C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.PWS .Lumma.749 .31391.168 1.exe" MD5: 0B842F6524815B8064A51C651838CC73) 
AddInProcess32.exe (PID: 5668 cmdline: "C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Add InProcess3 2.exe" MD5: 9827FF3CDF4B83F9C86354606736CA9C)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| DarkTortilla | DarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021. | No Attribution |
{"C2 url": ["faulteyotk.site", "dilemmadu.site", "seallysl.site", "servicedny.site", "contemteny.site", "goalyfeastz.site", "authorisev.site", "treatmentyj.cyou", "opposezmny.site"], "Build id": "VXGDR--G3"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
| JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
| JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
| JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
| JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | ||
| Click to see the 1 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
| JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
| JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security | ||
| JoeSecurity_DarkTortilla | Yara detected DarkTortilla Crypter | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-30T22:37:21.960483+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.5 | 62746 | 188.114.96.3 | 443 | TCP |
| 2024-10-30T22:37:23.342429+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.5 | 62747 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:24.316655+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.5 | 62748 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:33.748545+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.5 | 62754 | 104.21.33.140 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-30T22:37:21.960483+0100 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.5 | 62746 | 188.114.96.3 | 443 | TCP |
| 2024-10-30T22:37:23.342429+0100 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.5 | 62747 | 104.21.33.140 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-30T22:37:24.316655+0100 | 2049812 | 1 | A Network Trojan was detected | 192.168.2.5 | 62748 | 104.21.33.140 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-30T22:37:22.661468+0100 | 2057086 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 62747 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:24.006041+0100 | 2057086 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 62748 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:25.067029+0100 | 2057086 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 62749 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:26.180881+0100 | 2057086 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 62750 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:27.425850+0100 | 2057086 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 62751 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:28.893995+0100 | 2057086 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 62752 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:30.344255+0100 | 2057086 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 62753 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:33.280445+0100 | 2057086 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 62754 | 104.21.33.140 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-30T22:37:21.999773+0100 | 2057085 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 60198 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-30T22:37:21.983661+0100 | 2057089 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 51724 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-30T22:37:21.967612+0100 | 2057093 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 57099 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-30T22:37:25.549612+0100 | 2048094 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 62749 | 104.21.33.140 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-30T22:37:30.348995+0100 | 2843864 | 1 | A Network Trojan was detected | 192.168.2.5 | 62753 | 104.21.33.140 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Code function: | 4_2_0041D5AF | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 4_2_00410130 | |
| Source: | Code function: | 4_2_00410130 | |
| Source: | Code function: | 4_2_00410130 | |
| Source: | Code function: | 4_2_00410130 | |
| Source: | Code function: | 4_2_00410130 | |
| Source: | Code function: | 4_2_004441F0 | |
| Source: | Code function: | 4_2_0044137E | |
| Source: | Code function: | 4_2_004413D5 | |
| Source: | Code function: | 4_2_0041D5AF | |
| Source: | Code function: | 4_2_0043A97E | |
| Source: | Code function: | 4_2_0043A97E | |
| Source: | Code function: | 4_2_0043A97E | |
| Source: | Code function: | 4_2_0042EB60 | |
| Source: | Code function: | 4_2_0042EB60 | |
| Source: | Code function: | 4_2_0042EB60 | |
| Source: | Code function: | 4_2_0042EB60 | |
| Source: | Code function: | 4_2_0042EB60 | |
| Source: | Code function: | 4_2_0042EB60 | |
| Source: | Code function: | 4_2_0042EB60 | |
| Source: | Code function: | 4_2_00401000 | |
| Source: | Code function: | 4_2_00401000 | |
| Source: | Code function: | 4_2_0043B170 | |
| Source: | Code function: | 4_2_00410118 | |
| Source: | Code function: | 4_2_00410118 | |
| Source: | Code function: | 4_2_00410118 | |
| Source: | Code function: | 4_2_00410118 | |
| Source: | Code function: | 4_2_00410118 | |
| Source: | Code function: | 4_2_004431D0 | |
| Source: | Code function: | 4_2_004431D0 | |
| Source: | Code function: | 4_2_004241E0 | |
| Source: | Code function: | 4_2_00442EB0 | |
| Source: | Code function: | 4_2_00442EB0 | |
| Source: | Code function: | 4_2_004432C0 | |
| Source: | Code function: | 4_2_004432C0 | |
| Source: | Code function: | 4_2_004012D5 | |
| Source: | Code function: | 4_2_00421333 | |
| Source: | Code function: | 4_2_00444380 | |
| Source: | Code function: | 4_2_004433B0 | |
| Source: | Code function: | 4_2_004433B0 | |
| Source: | Code function: | 4_2_0042E400 | |
| Source: | Code function: | 4_2_0042F4DD | |
| Source: | Code function: | 4_2_0042F4DD | |
| Source: | Code function: | 4_2_0042F4DD | |
| Source: | Code function: | 4_2_0042F4DD | |
| Source: | Code function: | 4_2_0040D500 | |
| Source: | Code function: | 4_2_0041F510 | |
| Source: | Code function: | 4_2_0041F510 | |
| Source: | Code function: | 4_2_00441648 | |
| Source: | Code function: | 4_2_0043C6D0 | |
| Source: | Code function: | 4_2_0041C6E0 | |
| Source: | Code function: | 4_2_00441720 | |
| Source: | Code function: | 4_2_00443720 | |
| Source: | Code function: | 4_2_0043F7E0 | |
| Source: | Code function: | 4_2_0042E870 | |
| Source: | Code function: | 4_2_00405820 | |
| Source: | Code function: | 4_2_0041C8CE | |
| Source: | Code function: | 4_2_0040E8D6 | |
| Source: | Code function: | 4_2_0040C960 | |
| Source: | Code function: | 4_2_0040E996 | |
| Source: | Code function: | 4_2_0042AA40 | |
| Source: | Code function: | 4_2_0042AA60 | |
| Source: | Code function: | 4_2_0042CA72 | |
| Source: | Code function: | 4_2_0042CA72 | |
| Source: | Code function: | 4_2_0043FAD0 | |
| Source: | Code function: | 4_2_00421B40 | |
| Source: | Code function: | 4_2_0042AC04 | |
| Source: | Code function: | 4_2_0041ECDE | |
| Source: | Code function: | 4_2_00437CA0 | |
| Source: | Code function: | 4_2_0042DE70 | |
| Source: | Code function: | 4_2_00440E3A | |
| Source: | Code function: | 4_2_0042CEDA | |
| Source: | Code function: | 4_2_00442EB0 | |
| Source: | Code function: | 4_2_00442EB0 | |
| Source: | Code function: | 4_2_00425F00 | |
| Source: | Code function: | 4_2_00428F00 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 4_2_00435210 | |
| Source: | Code function: | 4_2_00435210 | |
| Source: | Code function: | 4_2_004359B7 | |
| Source: | Code function: | 0_2_080AAED0 | |
| Source: | Code function: | 0_2_006C0040 | |
| Source: | Code function: | 0_2_00A42140 | |
| Source: | Code function: | 0_2_00A42758 | |
| Source: | Code function: | 0_2_00A46910 | |
| Source: | Code function: | 0_2_00A456B8 | |
| Source: | Code function: | 0_2_00A45BD0 | |
| Source: | Code function: | 0_2_00A4274C | |
| Source: | Code function: | 0_2_00A47AA0 | |
| Source: | Code function: | 0_2_0536BC24 | |
| Source: | Code function: | 0_2_0536DBF0 | |
| Source: | Code function: | 0_2_0536DBE0 | |
| Source: | Code function: | 0_2_060C30E0 | |
| Source: | Code function: | 0_2_060CE848 | |
| Source: | Code function: | 0_2_060CD010 | |
| Source: | Code function: | 0_2_060C30B0 | |
| Source: | Code function: | 0_2_077B3118 | |
| Source: | Code function: | 0_2_077BDE38 | |
| Source: | Code function: | 0_2_077BDE27 | |
| Source: | Code function: | 0_2_078523B0 | |
| Source: | Code function: | 0_2_0785ECA3 | |
| Source: | Code function: | 0_2_0785DE18 | |
| Source: | Code function: | 0_2_0785FB90 | |
| Source: | Code function: | 0_2_0785DBFD | |
| Source: | Code function: | 0_2_0785DC24 | |
| Source: | Code function: | 0_2_0785DC2A | |
| Source: | Code function: | 0_2_0801EC18 | |
| Source: | Code function: | 0_2_0801D42F | |
| Source: | Code function: | 0_2_0801E050 | |
| Source: | Code function: | 0_2_0801E8CA | |
| Source: | Code function: | 0_2_08013E6E | |
| Source: | Code function: | 0_2_0801C3A7 | |
| Source: | Code function: | 0_2_080187F8 | |
| Source: | Code function: | 0_2_0801FC28 | |
| Source: | Code function: | 0_2_0801E034 | |
| Source: | Code function: | 0_2_0801B0B0 | |
| Source: | Code function: | 0_2_0801F0CA | |
| Source: | Code function: | 0_2_0801F928 | |
| Source: | Code function: | 0_2_0801F938 | |
| Source: | Code function: | 0_2_08012B20 | |
| Source: | Code function: | 0_2_080A9028 | |
| Source: | Code function: | 0_2_080AB450 | |
| Source: | Code function: | 0_2_080A5898 | |
| Source: | Code function: | 0_2_080A6136 | |
| Source: | Code function: | 0_2_080A3DC8 | |
| Source: | Code function: | 0_2_080A0698 | |
| Source: | Code function: | 0_2_080A0006 | |
| Source: | Code function: | 0_2_080A0040 | |
| Source: | Code function: | 0_2_080AF470 | |
| Source: | Code function: | 0_2_080A5888 | |
| Source: | Code function: | 0_2_080A04E1 | |
| Source: | Code function: | 0_2_080A04F0 | |
| Source: | Code function: | 0_2_080A3DB8 | |
| Source: | Code function: | 0_2_080A4DDA | |
| Source: | Code function: | 0_2_080A4DE0 | |
| Source: | Code function: | 0_2_080A7E22 | |
| Source: | Code function: | 0_2_080A7E30 | |
| Source: | Code function: | 0_2_080A1248 | |
| Source: | Code function: | 0_2_080A1242 | |
| Source: | Code function: | 0_2_080A0269 | |
| Source: | Code function: | 0_2_080A0278 | |
| Source: | Code function: | 0_2_080A0695 | |
| Source: | Code function: | 0_2_080A9790 | |
| Source: | Code function: | 0_2_07852385 | |
| Source: | Code function: | 4_2_004100C5 | |
| Source: | Code function: | 4_2_0042509D | |
| Source: | Code function: | 4_2_00410130 | |
| Source: | Code function: | 4_2_0043A2E0 | |
| Source: | Code function: | 4_2_0041D5AF | |
| Source: | Code function: | 4_2_00444620 | |
| Source: | Code function: | 4_2_0042A6D0 | |
| Source: | Code function: | 4_2_00426800 | |
| Source: | Code function: | 4_2_0040F970 | |
| Source: | Code function: | 4_2_0043A97E | |
| Source: | Code function: | 4_2_0042EB60 | |
| Source: | Code function: | 4_2_00401000 | |
| Source: | Code function: | 4_2_00410118 | |
| Source: | Code function: | 4_2_004431D0 | |
| Source: | Code function: | 4_2_004331DE | |
| Source: | Code function: | 4_2_004291E0 | |
| Source: | Code function: | 4_2_004241E0 | |
| Source: | Code function: | 4_2_00442EB0 | |
| Source: | Code function: | 4_2_0040F250 | |
| Source: | Code function: | 4_2_0040B260 | |
| Source: | Code function: | 4_2_0040A270 | |
| Source: | Code function: | 4_2_0043E230 | |
| Source: | Code function: | 4_2_004432C0 | |
| Source: | Code function: | 4_2_004012D5 | |
| Source: | Code function: | 4_2_0041E298 | |
| Source: | Code function: | 4_2_00408340 | |
| Source: | Code function: | 4_2_00401328 | |
| Source: | Code function: | 4_2_0042C3E0 | |
| Source: | Code function: | 4_2_00442380 | |
| Source: | Code function: | 4_2_004433B0 | |
| Source: | Code function: | 4_2_0042F4DD | |
| Source: | Code function: | 4_2_00429494 | |
| Source: | Code function: | 4_2_004094BF | |
| Source: | Code function: | 4_2_0041F510 | |
| Source: | Code function: | 4_2_004255A4 | |
| Source: | Code function: | 4_2_004335B0 | |
| Source: | Code function: | 4_2_0042D642 | |
| Source: | Code function: | 4_2_0042762D | |
| Source: | Code function: | 4_2_004386FE | |
| Source: | Code function: | 4_2_004226A0 | |
| Source: | Code function: | 4_2_0042762D | |
| Source: | Code function: | 4_2_0040D760 | |
| Source: | Code function: | 4_2_00441720 | |
| Source: | Code function: | 4_2_00443720 | |
| Source: | Code function: | 4_2_0040A730 | |
| Source: | Code function: | 4_2_00429494 | |
| Source: | Code function: | 4_2_0042B7D9 | |
| Source: | Code function: | 4_2_0042B7FE | |
| Source: | Code function: | 4_2_00442850 | |
| Source: | Code function: | 4_2_0041482A | |
| Source: | Code function: | 4_2_004038E0 | |
| Source: | Code function: | 4_2_00439940 | |
| Source: | Code function: | 4_2_00407960 | |
| Source: | Code function: | 4_2_00444920 | |
| Source: | Code function: | 4_2_00431980 | |
| Source: | Code function: | 4_2_0042AA40 | |
| Source: | Code function: | 4_2_0042CA72 | |
| Source: | Code function: | 4_2_00420A24 | |
| Source: | Code function: | 4_2_00421B40 | |
| Source: | Code function: | 4_2_0040DB20 | |
| Source: | Code function: | 4_2_00415BD8 | |
| Source: | Code function: | 4_2_00439BA0 | |
| Source: | Code function: | 4_2_00414BBF | |
| Source: | Code function: | 4_2_00444C50 | |
| Source: | Code function: | 4_2_00434C60 | |
| Source: | Code function: | 4_2_0042AC04 | |
| Source: | Code function: | 4_2_0043EC20 | |
| Source: | Code function: | 4_2_0040ECC0 | |
| Source: | Code function: | 4_2_00427CD2 | |
| Source: | Code function: | 4_2_0041ECDE | |
| Source: | Code function: | 4_2_0040BD70 | |
| Source: | Code function: | 4_2_00429D00 | |
| Source: | Code function: | 4_2_0040ADD0 | |
| Source: | Code function: | 4_2_00432D80 | |
| Source: | Code function: | 4_2_00408DA0 | |
| Source: | Code function: | 4_2_00422E50 | |
| Source: | Code function: | 4_2_00416E10 | |
| Source: | Code function: | 4_2_0042BE10 | |
| Source: | Code function: | 4_2_00442EB0 | |
| Source: | Code function: | 4_2_00406F60 | |
| Source: | Code function: | 4_2_00428F00 | |
| Source: | Code function: | 4_2_00408DA0 | |
| Source: | Code function: | 4_2_00426F82 | |
| Source: | Code function: | 4_2_00434F80 | |
| Source: | Code function: | 4_2_00441F80 | |
| Source: | Code function: | 4_2_00409F9C | |
| Source: | Code function: | 4_2_00404FA0 | |
| Source: | Code function: | 4_2_00409FA8 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 4_2_00432088 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | .Net Code: | ||
| Source: | Code function: | 0_2_0536335A | |
| Source: | Code function: | 0_2_05367F51 | |
| Source: | Code function: | 0_2_060C2229 | |
| Source: | Code function: | 0_2_077BB872 | |
| Source: | Code function: | 0_2_077BC8A2 | |
| Source: | Code function: | 0_2_0785A20D | |
| Source: | Code function: | 0_2_0785801A | |
| Source: | Code function: | 0_2_0785C366 | |
| Source: | Code function: | 0_2_080108C4 | |
| Source: | Code function: | 0_2_0801777E | |
| Source: | Code function: | 0_2_0801B59F | |
| Source: | Code function: | 0_2_0801B5CD | |
| Source: | Code function: | 0_2_08019E7E | |
| Source: | Code function: | 0_2_080177BD | |
| Source: | Code function: | 4_2_0044AEB9 | |
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File opened: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | File source: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 4_2_00440D90 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 1 Valid Accounts | 2 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 1 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 PowerShell | 1 Valid Accounts | 1 Valid Accounts | 111 Deobfuscate/Decode Files or Information | LSASS Memory | 22 System Information Discovery | Remote Desktop Protocol | 21 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Access Token Manipulation | 3 Obfuscated Files or Information | Security Account Manager | 121 Security Software Discovery | SMB/Windows Admin Shares | 1 Screen Capture | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 311 Process Injection | 1 Software Packing | NTDS | 1 Process Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 131 Virtualization/Sandbox Evasion | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Masquerading | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Valid Accounts | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 131 Virtualization/Sandbox Evasion | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
| IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 311 Process Injection | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
| Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | 1 Hidden Files and Directories | Input Capture | System Network Connections Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 37% | ReversingLabs | ByteCode-MSIL.Trojan.DarkTortilla | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| goalyfeastz.site | 104.21.33.140 | true | true | unknown | |
| treatmentyj.cyou | 188.114.96.3 | true | true | unknown | |
| www.google.com | 142.250.186.68 | true | false | unknown | |
| opposezmny.site | unknown | unknown | true | unknown | |
| seallysl.site | unknown | unknown | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 188.114.96.3 | treatmentyj.cyou | European Union | 13335 | CLOUDFLARENETUS | true | |
| 104.21.33.140 | goalyfeastz.site | United States | 13335 | CLOUDFLARENETUS | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1545740 |
| Start date and time: | 2024-10-30 22:35:13 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 28s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 7 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/1@5/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe
| Time | Type | Description |
|---|---|---|
| 17:36:12 | API Interceptor | |
| 17:37:21 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 188.114.96.3 | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | JohnWalkerTexasLoader | Browse |
| ||
| Get hash | malicious | JohnWalkerTexasLoader | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| 104.21.33.140 | Get hash | malicious | LummaC | Browse | ||
| Get hash | malicious | LummaC Stealer | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| www.google.com | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mamba2FA | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| goalyfeastz.site | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | KnowBe4 | Browse |
|
⊘No context
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe.log 
Download File
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1216 |
| Entropy (8bit): | 5.34331486778365 |
| Encrypted: | false |
| SSDEEP: | 24:MLU84G1qE4jE4K5E4KlKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MgvG1qHjHK5HKlYHKh3oPtHo6hAHKzea |
| MD5: | 8C15378BBF5818D874CD379FABA313A0 |
| SHA1: | 5BAB21DA519A7ACFD3BF8DD34ED4236D4A28ED00 |
| SHA-256: | 2900F5392DD3432B35D26F40D7D6FB206D1005A8529694F075D848C23A0958BB |
| SHA-512: | 89D1DC1023B4198EC3FB1ABF9DD326700BE8AECA8D778E8BCAE2B45E80E24102AA03DB824F35E5E549EAA97BECEC6329770342060CF02A70E476C217E83AE976 |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.940374711292268 |
| TrID: |
|
| File name: | SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
| File size: | 9'639'936 bytes |
| MD5: | 0b842f6524815b8064a51c651838cc73 |
| SHA1: | 08ef826547f5cf668f8d7d38477e1926a50c65db |
| SHA256: | 779f6eab3cef74bddcabbf54b6a46d6ef6b6fba5a7218e70e5ada41f68d047d1 |
| SHA512: | c6883d9567e435ab7a30e1f28c19ef700efd7039264a732ec00999d0c58f120f6f2ad836d20b95858316863c353f632c1935ed006d7fed99046a32595c733b97 |
| SSDEEP: | 196608:aCZEFPh4BO85Nn80iNFHFg5Nd6RbblazMXiQZxMWwH:aVFpSfnEF65b2VSsxMW |
| TLSH: | 3CA6336D879B684DC16D6AF884F9021613B570839823FB28719422FD4EF23E9DC51BA7 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{>?P..............P......>........... ........@.. .......................`............`................................ |
 | |
| Icon Hash: | 1016339396b696b3 |
| Entrypoint: | 0xd2f79e |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x503F3E7B [Thu Aug 30 10:20:43 2012 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x92f744 | 0x57 | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x930000 | 0x3b9c | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x934000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x92d7a4 | 0x92d800 | 264e2b7f1e0025d9a7ef89a899e56254 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x930000 | 0x3b9c | 0x3c00 | 5911931450b0bf2a2fd6573da690029e | False | 0.2916666666666667 | data | 3.8767112832048443 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x934000 | 0xc | 0x200 | 445a5b29f58dc385c345939d4d3ac79a | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x9305e0 | 0x134 | data | 0.40584415584415584 | ||
| RT_CURSOR | 0x930714 | 0x134 | data | 0.40584415584415584 | ||
| RT_BITMAP | 0x930848 | 0x3e8 | Device independent bitmap graphic, 112 x 16 x 4, image size 896, 16 important colors | Hebrew | Israel | 0.383 |
| RT_BITMAP | 0x930c30 | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112, resolution 3780 x 3780 px/m | English | United States | 0.4305555555555556 |
| RT_BITMAP | 0x930d08 | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112, resolution 3780 x 3780 px/m | English | United States | 0.42592592592592593 |
| RT_ICON | 0x930de0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.16909005628517823 | ||
| RT_ICON | 0x931e88 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.46365248226950356 | ||
| RT_ICON | 0x9322f0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | 0.39864864864864863 | ||
| RT_MENU | 0x932418 | 0x242 | data | English | United States | 0.48961937716262977 |
| RT_MENU | 0x93265c | 0x1c4 | data | English | United States | 0.4557522123893805 |
| RT_DIALOG | 0x932820 | 0xa2 | data | Hebrew | Israel | 0.7592592592592593 |
| RT_DIALOG | 0x9328c4 | 0x296 | data | Hebrew | Israel | 0.48942598187311176 |
| RT_DIALOG | 0x932b5c | 0x2dc | data | Hebrew | Israel | 0.46584699453551914 |
| RT_DIALOG | 0x932e38 | 0xfa | data | Hebrew | Israel | 0.62 |
| RT_DIALOG | 0x932f34 | 0x336 | data | English | United States | 0.49635036496350365 |
| RT_STRING | 0x93326c | 0x144 | data | English | United States | 0.5308641975308642 |
| RT_STRING | 0x9333b0 | 0x92 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | English | United States | 0.5068493150684932 |
| RT_STRING | 0x933444 | 0x40 | data | English | United States | 0.640625 |
| RT_STRING | 0x933484 | 0x32 | Matlab v4 mat-file (little endian) I, numeric, rows 0, columns 0 | English | United States | 0.62 |
| RT_STRING | 0x9334b8 | 0x28c | data | English | United States | 0.4125766871165644 |
| RT_STRING | 0x933744 | 0xe2 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | English | United States | 0.4557522123893805 |
| RT_ACCELERATOR | 0x933828 | 0x30 | data | Hebrew | Israel | 0.9375 |
| RT_GROUP_CURSOR | 0x933858 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_ICON | 0x93386c | 0x22 | data | 1.0588235294117647 | ||
| RT_GROUP_ICON | 0x933890 | 0x14 | data | 1.25 | ||
| RT_VERSION | 0x9338a4 | 0x2f8 | data | Hebrew | Israel | 0.4328947368421053 |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Hebrew | Israel |  |
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-30T22:37:21.960483+0100 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.5 | 62746 | 188.114.96.3 | 443 | TCP |
| 2024-10-30T22:37:21.960483+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.5 | 62746 | 188.114.96.3 | 443 | TCP |
| 2024-10-30T22:37:21.967612+0100 | 2057093 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (seallysl .site) | 1 | 192.168.2.5 | 57099 | 1.1.1.1 | 53 | UDP |
| 2024-10-30T22:37:21.983661+0100 | 2057089 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (opposezmny .site) | 1 | 192.168.2.5 | 51724 | 1.1.1.1 | 53 | UDP |
| 2024-10-30T22:37:21.999773+0100 | 2057085 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (goalyfeastz .site) | 1 | 192.168.2.5 | 60198 | 1.1.1.1 | 53 | UDP |
| 2024-10-30T22:37:22.661468+0100 | 2057086 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (goalyfeastz .site in TLS SNI) | 1 | 192.168.2.5 | 62747 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:23.342429+0100 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.5 | 62747 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:23.342429+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.5 | 62747 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:24.006041+0100 | 2057086 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (goalyfeastz .site in TLS SNI) | 1 | 192.168.2.5 | 62748 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:24.316655+0100 | 2049812 | ET MALWARE Lumma Stealer Related Activity M2 | 1 | 192.168.2.5 | 62748 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:24.316655+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.5 | 62748 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:25.067029+0100 | 2057086 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (goalyfeastz .site in TLS SNI) | 1 | 192.168.2.5 | 62749 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:25.549612+0100 | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 1 | 192.168.2.5 | 62749 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:26.180881+0100 | 2057086 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (goalyfeastz .site in TLS SNI) | 1 | 192.168.2.5 | 62750 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:27.425850+0100 | 2057086 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (goalyfeastz .site in TLS SNI) | 1 | 192.168.2.5 | 62751 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:28.893995+0100 | 2057086 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (goalyfeastz .site in TLS SNI) | 1 | 192.168.2.5 | 62752 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:30.344255+0100 | 2057086 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (goalyfeastz .site in TLS SNI) | 1 | 192.168.2.5 | 62753 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:30.348995+0100 | 2843864 | ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 | 1 | 192.168.2.5 | 62753 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:33.280445+0100 | 2057086 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (goalyfeastz .site in TLS SNI) | 1 | 192.168.2.5 | 62754 | 104.21.33.140 | 443 | TCP |
| 2024-10-30T22:37:33.748545+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.5 | 62754 | 104.21.33.140 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 30, 2024 22:37:20.581768990 CET | 62746 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 30, 2024 22:37:20.581811905 CET | 443 | 62746 | 188.114.96.3 | 192.168.2.5 |
| Oct 30, 2024 22:37:20.581885099 CET | 62746 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 30, 2024 22:37:20.583404064 CET | 62746 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 30, 2024 22:37:20.583415031 CET | 443 | 62746 | 188.114.96.3 | 192.168.2.5 |
| Oct 30, 2024 22:37:21.222562075 CET | 443 | 62746 | 188.114.96.3 | 192.168.2.5 |
| Oct 30, 2024 22:37:21.222640991 CET | 62746 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 30, 2024 22:37:21.224675894 CET | 62746 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 30, 2024 22:37:21.224684000 CET | 443 | 62746 | 188.114.96.3 | 192.168.2.5 |
| Oct 30, 2024 22:37:21.224919081 CET | 443 | 62746 | 188.114.96.3 | 192.168.2.5 |
| Oct 30, 2024 22:37:21.270190001 CET | 62746 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 30, 2024 22:37:21.275656939 CET | 62746 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 30, 2024 22:37:21.275686026 CET | 62746 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 30, 2024 22:37:21.275767088 CET | 443 | 62746 | 188.114.96.3 | 192.168.2.5 |
| Oct 30, 2024 22:37:21.960489988 CET | 443 | 62746 | 188.114.96.3 | 192.168.2.5 |
| Oct 30, 2024 22:37:21.960587025 CET | 443 | 62746 | 188.114.96.3 | 192.168.2.5 |
| Oct 30, 2024 22:37:21.960647106 CET | 62746 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 30, 2024 22:37:21.962694883 CET | 62746 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 30, 2024 22:37:21.962709904 CET | 443 | 62746 | 188.114.96.3 | 192.168.2.5 |
| Oct 30, 2024 22:37:21.962786913 CET | 62746 | 443 | 192.168.2.5 | 188.114.96.3 |
| Oct 30, 2024 22:37:21.962794065 CET | 443 | 62746 | 188.114.96.3 | 192.168.2.5 |
| Oct 30, 2024 22:37:22.016947985 CET | 62747 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:22.016978979 CET | 443 | 62747 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:22.017153025 CET | 62747 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:22.017462969 CET | 62747 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:22.017472982 CET | 443 | 62747 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:22.661216974 CET | 443 | 62747 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:22.661468029 CET | 62747 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:22.663300037 CET | 62747 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:22.663320065 CET | 443 | 62747 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:22.663604975 CET | 443 | 62747 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:22.664992094 CET | 62747 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:22.665044069 CET | 62747 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:22.665059090 CET | 443 | 62747 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:23.342438936 CET | 443 | 62747 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:23.342539072 CET | 443 | 62747 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:23.342608929 CET | 62747 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:23.342863083 CET | 62747 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:23.342879057 CET | 443 | 62747 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:23.342888117 CET | 62747 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:23.342894077 CET | 443 | 62747 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:23.388664961 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:23.388693094 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:23.388773918 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:23.389122963 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:23.389139891 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.005875111 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.006041050 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.007534027 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.007546902 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.007791996 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.009165049 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.009203911 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.009228945 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.316637039 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.316689968 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.316720009 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.316750050 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.316776991 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.316823006 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.316871881 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.316905975 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.316931009 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.316962004 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.317007065 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.317086935 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.317102909 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.317253113 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.317308903 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.317325115 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.364006996 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.434720993 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.434814930 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.434879065 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.434902906 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.434950113 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.434998035 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.435013056 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.435090065 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.435144901 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.435280085 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.435332060 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.435367107 CET | 62748 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.435381889 CET | 443 | 62748 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.459543943 CET | 62749 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.459594011 CET | 443 | 62749 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:24.459816933 CET | 62749 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.460083961 CET | 62749 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:24.460100889 CET | 443 | 62749 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:25.066804886 CET | 443 | 62749 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:25.067028999 CET | 62749 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:25.068372011 CET | 62749 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:25.068382978 CET | 443 | 62749 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:25.068614006 CET | 443 | 62749 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:25.069855928 CET | 62749 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:25.069998026 CET | 62749 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:25.070038080 CET | 443 | 62749 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:25.549592018 CET | 443 | 62749 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:25.549731970 CET | 443 | 62749 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:25.549801111 CET | 62749 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:25.549884081 CET | 62749 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:25.549897909 CET | 443 | 62749 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:25.566220999 CET | 62750 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:25.566325903 CET | 443 | 62750 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:25.566416025 CET | 62750 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:25.566725016 CET | 62750 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:25.566765070 CET | 443 | 62750 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:26.180741072 CET | 443 | 62750 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:26.180881023 CET | 62750 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:26.208765030 CET | 62750 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:26.208822012 CET | 443 | 62750 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:26.209141016 CET | 443 | 62750 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:26.210479021 CET | 62750 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:26.210655928 CET | 62750 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:26.210705042 CET | 443 | 62750 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:26.210799932 CET | 62750 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:26.210817099 CET | 443 | 62750 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:26.733488083 CET | 443 | 62750 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:26.733587980 CET | 443 | 62750 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:26.733650923 CET | 62750 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:26.733871937 CET | 62750 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:26.733891964 CET | 443 | 62750 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:26.800657034 CET | 62751 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:26.800700903 CET | 443 | 62751 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:26.800780058 CET | 62751 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:26.801121950 CET | 62751 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:26.801136017 CET | 443 | 62751 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:27.425761938 CET | 443 | 62751 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:27.425849915 CET | 62751 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:27.427373886 CET | 62751 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:27.427381039 CET | 443 | 62751 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:27.427618980 CET | 443 | 62751 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:27.428771019 CET | 62751 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:27.428909063 CET | 62751 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:27.428936005 CET | 443 | 62751 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:27.429001093 CET | 62751 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:27.429009914 CET | 443 | 62751 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:28.152010918 CET | 443 | 62751 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:28.152117014 CET | 443 | 62751 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:28.152170897 CET | 62751 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:28.152282953 CET | 62751 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:28.152297020 CET | 443 | 62751 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:28.277870893 CET | 62752 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:28.277905941 CET | 443 | 62752 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:28.277991056 CET | 62752 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:28.278326988 CET | 62752 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:28.278346062 CET | 443 | 62752 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:28.893886089 CET | 443 | 62752 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:28.893995047 CET | 62752 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:28.899166107 CET | 62752 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:28.899177074 CET | 443 | 62752 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:28.899444103 CET | 443 | 62752 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:28.903805971 CET | 62752 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:28.903951883 CET | 62752 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:28.903963089 CET | 443 | 62752 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:29.376784086 CET | 443 | 62752 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:29.376909018 CET | 443 | 62752 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:29.377062082 CET | 62752 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:29.377312899 CET | 62752 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:29.377334118 CET | 443 | 62752 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:29.700407982 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:29.700468063 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:29.700526953 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:29.701168060 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:29.701184034 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.344063044 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.344254971 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.345593929 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.345623016 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.345881939 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.347598076 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.348445892 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.348498106 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.348664045 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.348712921 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.348841906 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.348892927 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.349062920 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.349104881 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.349261999 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.349315882 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.349489927 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.349534988 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.349555969 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.349600077 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.349699020 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.349740028 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.349802971 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.349875927 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.349908113 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.360573053 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.360815048 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.360862017 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:30.360887051 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.360937119 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:30.367259979 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:32.644809008 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:32.644947052 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:32.645042896 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:32.645390034 CET | 62753 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:32.645406961 CET | 443 | 62753 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:32.651007891 CET | 62754 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:32.651066065 CET | 443 | 62754 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:32.651149035 CET | 62754 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:32.651443958 CET | 62754 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:32.651463985 CET | 443 | 62754 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:33.280288935 CET | 443 | 62754 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:33.280445099 CET | 62754 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:33.281749964 CET | 62754 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:33.281774998 CET | 443 | 62754 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:33.282111883 CET | 443 | 62754 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:33.283782959 CET | 62754 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:33.283833981 CET | 62754 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:33.283886909 CET | 443 | 62754 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:33.748577118 CET | 443 | 62754 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:33.748701096 CET | 443 | 62754 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:33.748769045 CET | 62754 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:33.748975039 CET | 62754 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:33.749000072 CET | 443 | 62754 | 104.21.33.140 | 192.168.2.5 |
| Oct 30, 2024 22:37:33.749016047 CET | 62754 | 443 | 192.168.2.5 | 104.21.33.140 |
| Oct 30, 2024 22:37:33.749031067 CET | 443 | 62754 | 104.21.33.140 | 192.168.2.5 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 30, 2024 22:36:06.343796968 CET | 64141 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 30, 2024 22:36:06.352695942 CET | 53 | 64141 | 1.1.1.1 | 192.168.2.5 |
| Oct 30, 2024 22:36:26.420972109 CET | 53 | 60938 | 1.1.1.1 | 192.168.2.5 |
| Oct 30, 2024 22:37:20.561177969 CET | 61001 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 30, 2024 22:37:20.576575994 CET | 53 | 61001 | 1.1.1.1 | 192.168.2.5 |
| Oct 30, 2024 22:37:21.967612028 CET | 57099 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 30, 2024 22:37:21.982125044 CET | 53 | 57099 | 1.1.1.1 | 192.168.2.5 |
| Oct 30, 2024 22:37:21.983660936 CET | 51724 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 30, 2024 22:37:21.998564959 CET | 53 | 51724 | 1.1.1.1 | 192.168.2.5 |
| Oct 30, 2024 22:37:21.999773026 CET | 60198 | 53 | 192.168.2.5 | 1.1.1.1 |
| Oct 30, 2024 22:37:22.016326904 CET | 53 | 60198 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 30, 2024 22:36:06.343796968 CET | 192.168.2.5 | 1.1.1.1 | 0xf01a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 30, 2024 22:37:20.561177969 CET | 192.168.2.5 | 1.1.1.1 | 0x1809 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 30, 2024 22:37:21.967612028 CET | 192.168.2.5 | 1.1.1.1 | 0x1ec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 30, 2024 22:37:21.983660936 CET | 192.168.2.5 | 1.1.1.1 | 0x2286 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 30, 2024 22:37:21.999773026 CET | 192.168.2.5 | 1.1.1.1 | 0xeb69 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 30, 2024 22:36:06.352695942 CET | 1.1.1.1 | 192.168.2.5 | 0xf01a | No error (0) | 142.250.186.68 | A (IP address) | IN (0x0001) | false | ||
| Oct 30, 2024 22:37:20.576575994 CET | 1.1.1.1 | 192.168.2.5 | 0x1809 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Oct 30, 2024 22:37:20.576575994 CET | 1.1.1.1 | 192.168.2.5 | 0x1809 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Oct 30, 2024 22:37:21.982125044 CET | 1.1.1.1 | 192.168.2.5 | 0x1ec | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 30, 2024 22:37:21.998564959 CET | 1.1.1.1 | 192.168.2.5 | 0x2286 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 30, 2024 22:37:22.016326904 CET | 1.1.1.1 | 192.168.2.5 | 0xeb69 | No error (0) | 104.21.33.140 | A (IP address) | IN (0x0001) | false | ||
| Oct 30, 2024 22:37:22.016326904 CET | 1.1.1.1 | 192.168.2.5 | 0xeb69 | No error (0) | 172.67.145.203 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 62746 | 188.114.96.3 | 443 | 5668 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-30 21:37:21 UTC | 263 | OUT | |
| 2024-10-30 21:37:21 UTC | 8 | OUT | |
| 2024-10-30 21:37:21 UTC | 1013 | IN | |
| 2024-10-30 21:37:21 UTC | 9 | IN | |
| 2024-10-30 21:37:21 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 62747 | 104.21.33.140 | 443 | 5668 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-30 21:37:22 UTC | 263 | OUT | |
| 2024-10-30 21:37:22 UTC | 8 | OUT | |
| 2024-10-30 21:37:23 UTC | 1009 | IN | |
| 2024-10-30 21:37:23 UTC | 7 | IN | |
| 2024-10-30 21:37:23 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 62748 | 104.21.33.140 | 443 | 5668 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-30 21:37:24 UTC | 264 | OUT | |
| 2024-10-30 21:37:24 UTC | 43 | OUT | |
| 2024-10-30 21:37:24 UTC | 1007 | IN | |
| 2024-10-30 21:37:24 UTC | 362 | IN | |
| 2024-10-30 21:37:24 UTC | 1369 | IN | |
| 2024-10-30 21:37:24 UTC | 1369 | IN | |
| 2024-10-30 21:37:24 UTC | 1369 | IN | |
| 2024-10-30 21:37:24 UTC | 1369 | IN | |
| 2024-10-30 21:37:24 UTC | 1369 | IN | |
| 2024-10-30 21:37:24 UTC | 371 | IN | |
| 2024-10-30 21:37:24 UTC | 1369 | IN | |
| 2024-10-30 21:37:24 UTC | 1369 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 62749 | 104.21.33.140 | 443 | 5668 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-30 21:37:25 UTC | 282 | OUT | |
| 2024-10-30 21:37:25 UTC | 12831 | OUT | |
| 2024-10-30 21:37:25 UTC | 1018 | IN | |
| 2024-10-30 21:37:25 UTC | 23 | IN | |
| 2024-10-30 21:37:25 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 62750 | 104.21.33.140 | 443 | 5668 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-30 21:37:26 UTC | 282 | OUT | |
| 2024-10-30 21:37:26 UTC | 15073 | OUT | |
| 2024-10-30 21:37:26 UTC | 1010 | IN | |
| 2024-10-30 21:37:26 UTC | 23 | IN | |
| 2024-10-30 21:37:26 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 62751 | 104.21.33.140 | 443 | 5668 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-30 21:37:27 UTC | 282 | OUT | |
| 2024-10-30 21:37:27 UTC | 15331 | OUT | |
| 2024-10-30 21:37:27 UTC | 5232 | OUT | |
| 2024-10-30 21:37:28 UTC | 1013 | IN | |
| 2024-10-30 21:37:28 UTC | 23 | IN | |
| 2024-10-30 21:37:28 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 62752 | 104.21.33.140 | 443 | 5668 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-30 21:37:28 UTC | 281 | OUT | |
| 2024-10-30 21:37:28 UTC | 1257 | OUT | |
| 2024-10-30 21:37:29 UTC | 1010 | IN | |
| 2024-10-30 21:37:29 UTC | 23 | IN | |
| 2024-10-30 21:37:29 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.5 | 62753 | 104.21.33.140 | 443 | 5668 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-30 21:37:30 UTC | 283 | OUT | |
| 2024-10-30 21:37:30 UTC | 15331 | OUT | |
| 2024-10-30 21:37:30 UTC | 15331 | OUT | |
| 2024-10-30 21:37:30 UTC | 15331 | OUT | |
| 2024-10-30 21:37:30 UTC | 15331 | OUT | |
| 2024-10-30 21:37:30 UTC | 15331 | OUT | |
| 2024-10-30 21:37:30 UTC | 15331 | OUT | |
| 2024-10-30 21:37:30 UTC | 15331 | OUT | |
| 2024-10-30 21:37:30 UTC | 15331 | OUT | |
| 2024-10-30 21:37:30 UTC | 15331 | OUT | |
| 2024-10-30 21:37:30 UTC | 15331 | OUT | |
| 2024-10-30 21:37:32 UTC | 1017 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.5 | 62754 | 104.21.33.140 | 443 | 5668 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-30 21:37:33 UTC | 264 | OUT | |
| 2024-10-30 21:37:33 UTC | 78 | OUT | |
| 2024-10-30 21:37:33 UTC | 1009 | IN | |
| 2024-10-30 21:37:33 UTC | 54 | IN | |
| 2024-10-30 21:37:33 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 17:36:05 |
| Start date: | 30/10/2024 |
| Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xab0000 |
| File size: | 9'639'936 bytes |
| MD5 hash: | 0B842F6524815B8064A51C651838CC73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 17:36:47 |
| Start date: | 30/10/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xf00000 |
| File size: | 43'008 bytes |
| MD5 hash: | 9827FF3CDF4B83F9C86354606736CA9C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 20.8% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 3.2% |
| Total number of Nodes: | 186 |
| Total number of Limit Nodes: | 12 |
Graph
Function 00A46910 Relevance: 12.1, Strings: 9, Instructions: 888COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 060CE848 Relevance: 11.0, Strings: 8, Instructions: 972COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A45BD0 Relevance: 8.4, Strings: 6, Instructions: 905COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 08013E6E Relevance: 7.9, Strings: 4, Instructions: 2917COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07852385 Relevance: 5.5, Instructions: 5508COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 078523B0 Relevance: 5.5, Instructions: 5499COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 077B3118 Relevance: 5.2, Instructions: 5237COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080AB450 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A42140 Relevance: 4.0, Strings: 3, Instructions: 260COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A3DC8 Relevance: 3.9, Strings: 3, Instructions: 167COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A456B8 Relevance: 2.7, Strings: 2, Instructions: 227COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801E034 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801FC28 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801E050 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A3DB8 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785ECA3 Relevance: 1.5, Strings: 1, Instructions: 277COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801E8CA Relevance: 1.4, Strings: 1, Instructions: 150COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801EC18 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080187F8 Relevance: 1.4, Instructions: 1393COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801C3A7 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 060C30B0 Relevance: .6, Instructions: 598COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 060C30E0 Relevance: .6, Instructions: 596COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785DBFD Relevance: .4, Instructions: 372COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785DC24 Relevance: .3, Instructions: 346COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785DC2A Relevance: .3, Instructions: 344COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A6136 Relevance: .3, Instructions: 322COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A9028 Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A47AA0 Relevance: .3, Instructions: 256COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A4274C Relevance: .2, Instructions: 194COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A42758 Relevance: .2, Instructions: 194COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A5898 Relevance: .2, Instructions: 159COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A5888 Relevance: .2, Instructions: 153COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785DE18 Relevance: .1, Instructions: 119COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801D42F Relevance: .1, Instructions: 89COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A0698 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536B228 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536B238 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A483C0 Relevance: 4.0, Strings: 3, Instructions: 256COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A48740 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07851094 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A48DF0 Relevance: 3.3, Strings: 2, Instructions: 766COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07850040 Relevance: 2.9, Strings: 2, Instructions: 392COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A44FB8 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 078511A0 Relevance: 2.5, Strings: 2, Instructions: 43COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07850861 Relevance: 1.8, Strings: 1, Instructions: 530COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07850870 Relevance: 1.8, Strings: 1, Instructions: 526COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 05368FB0 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536F830 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536F890 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A3C48 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080ACA90 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080ADBF8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536B480 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080AD958 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A3CB8 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 077BA8B0 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801D379 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A3CC0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801D380 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080AD178 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080ADE60 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A3C38 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 053691A0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A424C8 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A474A8 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A407D7 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A48BE8 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785F372 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006C06A1 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006C06A8 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A40838 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A40848 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785B76C Relevance: .6, Instructions: 553COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07859C08 Relevance: .4, Instructions: 413COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A4A5C8 Relevance: .3, Instructions: 330COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785A93E Relevance: .3, Instructions: 324COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A4764F Relevance: .3, Instructions: 309COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A452C0 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785D32D Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A48AA0 Relevance: .2, Instructions: 176COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785D368 Relevance: .2, Instructions: 160COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A49A60 Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A49A70 Relevance: .1, Instructions: 148COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A47C28 Relevance: .1, Instructions: 127COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A41120 Relevance: .1, Instructions: 124COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A410FF Relevance: .1, Instructions: 112COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A41460 Relevance: .1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A4A435 Relevance: .1, Instructions: 105COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A43989 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A44380 Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785D214 Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A48CD2 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A4A47E Relevance: .1, Instructions: 84COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A4550F Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A43998 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785F238 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785F248 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785A1B4 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A47DC0 Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0092D1D4 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0092D01C Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A44371 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A47F00 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0092D006 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A4749C Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A43AB8 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A461E0 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A485B0 Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785D148 Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A49DF9 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A43AA9 Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07859A6C Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0092D1CF Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A486B1 Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A41450 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785003A Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0091D7E1 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A415EF Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785C95F Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0091D7E0 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A47E80 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785E606 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A47EB8 Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785C978 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785E5D2 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A412D4 Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A47EB0 Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785E3F0 Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07859A5D Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A45958 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07852120 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A45968 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801B0B0 Relevance: 2.9, Strings: 2, Instructions: 408COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006C0040 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A0269 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A0278 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A0006 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A0040 Relevance: 2.6, Strings: 2, Instructions: 113COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 08012B20 Relevance: 2.0, Strings: 1, Instructions: 800COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801F938 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801F928 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080AF470 Relevance: .4, Instructions: 424COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 060CD010 Relevance: .3, Instructions: 318COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536DBF0 Relevance: .3, Instructions: 315COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 077BDE27 Relevance: .3, Instructions: 270COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 077BDE38 Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536BC24 Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536DBE0 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A9790 Relevance: .2, Instructions: 215COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A7E30 Relevance: .2, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0785FB90 Relevance: .2, Instructions: 179COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A7E22 Relevance: .2, Instructions: 174COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0801F0CA Relevance: .2, Instructions: 169COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A4DE0 Relevance: .1, Instructions: 129COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A4DDA Relevance: .1, Instructions: 119COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A1248 Relevance: .1, Instructions: 114COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A1242 Relevance: .1, Instructions: 105COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A04E1 Relevance: .1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A04F0 Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 080A0695 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A45B40 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 7% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 33.3% |
| Total number of Nodes: | 183 |
| Total number of Limit Nodes: | 13 |
Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043A97E Relevance: 19.8, APIs: 9, Strings: 2, Instructions: 587memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041D5AF Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 404encryptionCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00440D90 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004441F0 Relevance: .2, Instructions: 157COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004413D5 Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044137E Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D0B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00440CC0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 79memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004107F7 Relevance: 2.6, APIs: 2, Instructions: 97COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E1C0 Relevance: 1.6, APIs: 1, Instructions: 90libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043DC40 Relevance: 1.5, APIs: 1, Instructions: 49memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00431859 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00434A7F Relevance: 1.5, APIs: 1, Instructions: 20COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00440F68 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043A952 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043DC18 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00435210 Relevance: 31.6, APIs: 6, Strings: 12, Instructions: 120clipboardCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401000 Relevance: 19.5, Strings: 14, Instructions: 1989COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004012D5 Relevance: 16.0, Strings: 12, Instructions: 987COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004241E0 Relevance: 8.0, Strings: 6, Instructions: 461COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041E298 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004431D0 Relevance: 4.4, Strings: 3, Instructions: 680COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00421B40 Relevance: 4.4, Strings: 3, Instructions: 657COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004432C0 Relevance: 4.4, Strings: 3, Instructions: 637COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042AC04 Relevance: 4.3, Strings: 3, Instructions: 578COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E8D6 Relevance: 3.8, Strings: 3, Instructions: 52COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E996 Relevance: 3.8, Strings: 3, Instructions: 25COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004433B0 Relevance: 1.8, Strings: 1, Instructions: 572COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E400 Relevance: 1.6, Strings: 1, Instructions: 382COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00421333 Relevance: 1.5, Strings: 1, Instructions: 288COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042E870 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042CA72 Relevance: .3, Instructions: 318COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405820 Relevance: .2, Instructions: 163COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444380 Relevance: .2, Instructions: 154COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043B170 Relevance: .1, Instructions: 142COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C960 Relevance: .1, Instructions: 106COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041C8CE Relevance: .1, Instructions: 94COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043FAD0 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00432088 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042AA60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041CBE6 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 273threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|