Source: W53oi1JYy4.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49706 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49708 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49709 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49721 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49734 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49751 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49772 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49788 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49812 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49833 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49878 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49891 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49952 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49956 version: TLS 1.2 |
Source: Joe Sandbox View |
JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.190.147.6 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.190.147.6 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.190.147.6 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.190.147.6 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.190.147.6 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.198.119.84 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49674 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49708 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49788 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49721 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49672 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49706 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49702 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49878 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49833 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49701 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49956 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49751 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49956 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49812 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49878 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49734 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49772 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49833 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49709 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49734 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49891 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49952 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49673 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49705 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49751 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49952 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49772 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49812 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49891 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49788 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49721 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49709 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49708 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49706 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49705 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49702 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49701 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49706 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49708 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49709 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49721 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49734 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49751 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49772 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49788 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49812 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49833 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49878 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49891 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49952 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49956 version: TLS 1.2 |
Source: W53oi1JYy4.exe, 00000000.00000000.2125081010.00000000005E4000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilename" vs W53oi1JYy4.exe |
Source: W53oi1JYy4.exe |
Binary or memory string: OriginalFilename" vs W53oi1JYy4.exe |
Source: W53oi1JYy4.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: classification engine |
Classification label: sus22.evad.winEXE@1/0@0/1 |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
Window found: window name: TButton |
Jump to behavior |
Source: W53oi1JYy4.exe |
Static file information: File size 2764288 > 1048576 |
Source: W53oi1JYy4.exe |
Static PE information: Raw size of CODE is bigger than: 0x100000 < 0x1d8000 |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
User Timer Set: Timeout: 100ms |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
User Timer Set: Timeout: 250ms |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
User Timer Set: Timeout: 250ms |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
User Timer Set: Timeout: 250ms |
Jump to behavior |
Source: C:\Users\user\Desktop\W53oi1JYy4.exe |
User Timer Set: Timeout: 250ms |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: W53oi1JYy4.exe, 00000000.00000002.3397846283.00000000041FF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |