Edit tour
Windows
Analysis Report
Solara.exe
Overview
General Information
| Sample name: | Solara.exe |
| Analysis ID: | 1581432 |
| MD5: | a58debbc1c1961456ca288898e937ffb |
| SHA1: | 018e99304ae7b0d1fbae772daab0acd5afb5f3c6 |
| SHA256: | 08d7909a9758d3c8e1492e5f83721acb930300d182ec2877dbe59bddd251e602 |
| Tags: | exeuser-JaffaCakes118 |
| Infos: |  |
 | |
Detection
LummaC
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
Solara.exe (PID: 7556 cmdline: "C:\Users\ user\Deskt op\Solara. exe" MD5: A58DEBBC1C1961456CA288898E937FFB) 
conhost.exe (PID: 7564 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Solara.exe (PID: 7620 cmdline:
"C:\Users\ user\Deskt op\Solara. exe" MD5: A58DEBBC1C1961456CA288898E937FFB)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["prisonyfork.buzz", "hummskitnj.buzz", "cashfuzysao.buzz", "mindhandru.buzz", "scentniej.buzz", "inherineau.buzz", "screwamusresz.buzz", "rebuildeso.buzz", "appliacnesot.buzz"], "Build id": "yau6Na--629912535"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| Click to see the 1 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T16:20:58.059815+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49733 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:00.150427+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49734 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:02.536177+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49735 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:04.940094+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49736 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:07.237305+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49737 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:09.801267+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49738 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:12.337000+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49739 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:16.149908+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49741 | 172.67.165.185 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T16:20:58.825403+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49733 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:00.929153+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:16.932910+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49741 | 172.67.165.185 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T16:20:58.825403+0100 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49733 | 172.67.165.185 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T16:21:00.929153+0100 | 2049812 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 172.67.165.185 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T16:21:12.351028+0100 | 2048094 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49739 | 172.67.165.185 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Code function: | 2_2_004150E9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00221FE9 | |
| Source: | Code function: | 2_2_0040C06F | |
| Source: | Code function: | 2_2_0040C06F | |
| Source: | Code function: | 2_2_004150E9 | |
| Source: | Code function: | 2_2_0043D0BC | |
| Source: | Code function: | 2_2_0042B73E | |
| Source: | Code function: | 2_2_0042B73E | |
| Source: | Code function: | 2_2_0042B73E | |
| Source: | Code function: | 2_2_0042187F | |
| Source: | Code function: | 2_2_0042187F | |
| Source: | Code function: | 2_2_0042187F | |
| Source: | Code function: | 2_2_0043EBB0 | |
| Source: | Code function: | 2_2_00425CD0 | |
| Source: | Code function: | 2_2_00425CD0 | |
| Source: | Code function: | 2_2_00437D90 | |
| Source: | Code function: | 2_2_00437D90 | |
| Source: | Code function: | 2_2_0043C010 | |
| Source: | Code function: | 2_2_004250C0 | |
| Source: | Code function: | 2_2_0041608C | |
| Source: | Code function: | 2_2_00426150 | |
| Source: | Code function: | 2_2_00426170 | |
| Source: | Code function: | 2_2_00426170 | |
| Source: | Code function: | 2_2_00423180 | |
| Source: | Code function: | 2_2_0043F220 | |
| Source: | Code function: | 2_2_0042D2B4 | |
| Source: | Code function: | 2_2_0042D2B4 | |
| Source: | Code function: | 2_2_0042A360 | |
| Source: | Code function: | 2_2_0040C30B | |
| Source: | Code function: | 2_2_0040D3C3 | |
| Source: | Code function: | 2_2_00407430 | |
| Source: | Code function: | 2_2_00407430 | |
| Source: | Code function: | 2_2_00417494 | |
| Source: | Code function: | 2_2_0043849F | |
| Source: | Code function: | 2_2_0043B4B0 | |
| Source: | Code function: | 2_2_004274B5 | |
| Source: | Code function: | 2_2_0043C559 | |
| Source: | Code function: | 2_2_0041457C | |
| Source: | Code function: | 2_2_00423520 | |
| Source: | Code function: | 2_2_00409650 | |
| Source: | Code function: | 2_2_00423650 | |
| Source: | Code function: | 2_2_0040C6F5 | |
| Source: | Code function: | 2_2_00429680 | |
| Source: | Code function: | 2_2_00423680 | |
| Source: | Code function: | 2_2_0041A722 | |
| Source: | Code function: | 2_2_00438730 | |
| Source: | Code function: | 2_2_004357C0 | |
| Source: | Code function: | 2_2_0043B780 | |
| Source: | Code function: | 2_2_00424789 | |
| Source: | Code function: | 2_2_00424789 | |
| Source: | Code function: | 2_2_0040A840 | |
| Source: | Code function: | 2_2_0041D860 | |
| Source: | Code function: | 2_2_00429810 | |
| Source: | Code function: | 2_2_004058E0 | |
| Source: | Code function: | 2_2_004058E0 | |
| Source: | Code function: | 2_2_0041B8F0 | |
| Source: | Code function: | 2_2_004298B0 | |
| Source: | Code function: | 2_2_0042CA59 | |
| Source: | Code function: | 2_2_00428B40 | |
| Source: | Code function: | 2_2_00418BC2 | |
| Source: | Code function: | 2_2_0042BC22 | |
| Source: | Code function: | 2_2_0042BC22 | |
| Source: | Code function: | 2_2_0042BC22 | |
| Source: | Code function: | 2_2_0041BCCE | |
| Source: | Code function: | 2_2_0041BCCE | |
| Source: | Code function: | 2_2_0040ACD0 | |
| Source: | Code function: | 2_2_00427CDD | |
| Source: | Code function: | 2_2_0041BCBB | |
| Source: | Code function: | 2_2_0041BCBB | |
| Source: | Code function: | 2_2_00414D0A | |
| Source: | Code function: | 2_2_0041CE00 | |
| Source: | Code function: | 2_2_00429E00 | |
| Source: | Code function: | 2_2_00413EB0 | |
| Source: | Code function: | 2_2_0043EF50 | |
| Source: | Code function: | 2_2_00408FF0 | |
| Source: | Code function: | 2_2_00408FF0 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 2_2_004331A0 | |
| Source: | Code function: | 2_2_051E1000 | |
| Source: | Code function: | 2_2_004331A0 | |
| Source: | Code function: | 2_2_00433C95 | |
| Source: | Code function: | 0_2_00201000 | |
| Source: | Code function: | 0_2_0020F555 | |
| Source: | Code function: | 0_2_00227792 | |
| Source: | Code function: | 0_2_00225C5E | |
| Source: | Code function: | 0_2_00219CC0 | |
| Source: | Code function: | 0_2_00213FB2 | |
| Source: | Code function: | 2_2_00201000 | |
| Source: | Code function: | 2_2_0020F555 | |
| Source: | Code function: | 2_2_00227792 | |
| Source: | Code function: | 2_2_00225C5E | |
| Source: | Code function: | 2_2_00219CC0 | |
| Source: | Code function: | 2_2_00213FB2 | |
| Source: | Code function: | 2_2_0043B030 | |
| Source: | Code function: | 2_2_0043F560 | |
| Source: | Code function: | 2_2_00420500 | |
| Source: | Code function: | 2_2_00408630 | |
| Source: | Code function: | 2_2_0042B73E | |
| Source: | Code function: | 2_2_0042187F | |
| Source: | Code function: | 2_2_00422890 | |
| Source: | Code function: | 2_2_00437A10 | |
| Source: | Code function: | 2_2_00411BB0 | |
| Source: | Code function: | 2_2_0040CC00 | |
| Source: | Code function: | 2_2_0043ECC0 | |
| Source: | Code function: | 2_2_00425CD0 | |
| Source: | Code function: | 2_2_00437D90 | |
| Source: | Code function: | 2_2_00411059 | |
| Source: | Code function: | 2_2_0040E0F0 | |
| Source: | Code function: | 2_2_0041608C | |
| Source: | Code function: | 2_2_0041C0A0 | |
| Source: | Code function: | 2_2_00421140 | |
| Source: | Code function: | 2_2_00426170 | |
| Source: | Code function: | 2_2_0043E100 | |
| Source: | Code function: | 2_2_004081C0 | |
| Source: | Code function: | 2_2_004061D0 | |
| Source: | Code function: | 2_2_0041B1DB | |
| Source: | Code function: | 2_2_00423180 | |
| Source: | Code function: | 2_2_00434180 | |
| Source: | Code function: | 2_2_00404270 | |
| Source: | Code function: | 2_2_0043F220 | |
| Source: | Code function: | 2_2_00436220 | |
| Source: | Code function: | 2_2_004372C0 | |
| Source: | Code function: | 2_2_004092B0 | |
| Source: | Code function: | 2_2_0043E2B0 | |
| Source: | Code function: | 2_2_0040C30B | |
| Source: | Code function: | 2_2_004253D0 | |
| Source: | Code function: | 2_2_0041C380 | |
| Source: | Code function: | 2_2_0043E3B0 | |
| Source: | Code function: | 2_2_00407430 | |
| Source: | Code function: | 2_2_0043849F | |
| Source: | Code function: | 2_2_0043E4B0 | |
| Source: | Code function: | 2_2_004274B5 | |
| Source: | Code function: | 2_2_0043E540 | |
| Source: | Code function: | 2_2_0043C559 | |
| Source: | Code function: | 2_2_0041457C | |
| Source: | Code function: | 2_2_00423520 | |
| Source: | Code function: | 2_2_00437520 | |
| Source: | Code function: | 2_2_004185AC | |
| Source: | Code function: | 2_2_00409650 | |
| Source: | Code function: | 2_2_00406660 | |
| Source: | Code function: | 2_2_00422672 | |
| Source: | Code function: | 2_2_00423680 | |
| Source: | Code function: | 2_2_00422690 | |
| Source: | Code function: | 2_2_00438730 | |
| Source: | Code function: | 2_2_0043B780 | |
| Source: | Code function: | 2_2_00424789 | |
| Source: | Code function: | 2_2_0041C790 | |
| Source: | Code function: | 2_2_0040A840 | |
| Source: | Code function: | 2_2_00411850 | |
| Source: | Code function: | 2_2_004038C0 | |
| Source: | Code function: | 2_2_0040E8D0 | |
| Source: | Code function: | 2_2_004058E0 | |
| Source: | Code function: | 2_2_0041F8A0 | |
| Source: | Code function: | 2_2_0042B9AD | |
| Source: | Code function: | 2_2_00408A30 | |
| Source: | Code function: | 2_2_00418AD1 | |
| Source: | Code function: | 2_2_00426AB1 | |
| Source: | Code function: | 2_2_00417B69 | |
| Source: | Code function: | 2_2_00418BC2 | |
| Source: | Code function: | 2_2_00404BA0 | |
| Source: | Code function: | 2_2_0041CBB0 | |
| Source: | Code function: | 2_2_00415C66 | |
| Source: | Code function: | 2_2_0040ACD0 | |
| Source: | Code function: | 2_2_00427CDD | |
| Source: | Code function: | 2_2_00428CAF | |
| Source: | Code function: | 2_2_00430CB0 | |
| Source: | Code function: | 2_2_00414D0A | |
| Source: | Code function: | 2_2_00432D30 | |
| Source: | Code function: | 2_2_00435D3A | |
| Source: | Code function: | 2_2_00418E40 | |
| Source: | Code function: | 2_2_00419E60 | |
| Source: | Code function: | 2_2_0041CE00 | |
| Source: | Code function: | 2_2_00402EC0 | |
| Source: | Code function: | 2_2_00413EB0 | |
| Source: | Code function: | 2_2_0043EF50 | |
| Source: | Code function: | 2_2_00438F69 | |
| Source: | Code function: | 2_2_00416F02 | |
| Source: | Code function: | 2_2_0042EF15 | |
| Source: | Code function: | 2_2_0041DF20 | |
| Source: | Code function: | 2_2_00432FD0 | |
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 2_2_00437D90 | |
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0020FB96 | |
| Source: | Code function: | 2_2_0020FB96 | |
| Source: | Code function: | 2_2_0043E244 | |
| Source: | Code function: | 2_2_00448860 | |
| Source: | Code function: | 2_2_00447FEE | |
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Evasive API call chain: | graph_0-19979 | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Code function: | 0_2_00221FE9 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_2-34032 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_0043CB40 | |
| Source: | Code function: | 0_2_0020F8E9 | |
| Source: | Code function: | 0_2_0023A19E | |
| Source: | Code function: | 0_2_00201FB0 | |
| Source: | Code function: | 2_2_00201FB0 | |
| Source: | Code function: | 0_2_0021D8E0 | |
| Source: | Code function: | 0_2_0020F52D | |
| Source: | Code function: | 0_2_0020F8E9 | |
| Source: | Code function: | 0_2_0020F8DD | |
| Source: | Code function: | 0_2_00217E30 | |
| Source: | Code function: | 2_2_0020F52D | |
| Source: | Code function: | 2_2_0020F8E9 | |
| Source: | Code function: | 2_2_0020F8DD | |
| Source: | Code function: | 2_2_00217E30 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Code function: | 0_2_0023A19E | |
| Source: | Memory written: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_0021D1BD | |
| Source: | Code function: | 0_2_00221287 | |
| Source: | Code function: | 0_2_002214D8 | |
| Source: | Code function: | 0_2_00221580 | |
| Source: | Code function: | 0_2_002217D3 | |
| Source: | Code function: | 0_2_00221840 | |
| Source: | Code function: | 0_2_00221915 | |
| Source: | Code function: | 0_2_00221960 | |
| Source: | Code function: | 0_2_00221A07 | |
| Source: | Code function: | 0_2_00221B0D | |
| Source: | Code function: | 0_2_0021CC15 | |
| Source: | Code function: | 2_2_0021D1BD | |
| Source: | Code function: | 2_2_00221287 | |
| Source: | Code function: | 2_2_002214D8 | |
| Source: | Code function: | 2_2_00221580 | |
| Source: | Code function: | 2_2_002217D3 | |
| Source: | Code function: | 2_2_00221840 | |
| Source: | Code function: | 2_2_00221915 | |
| Source: | Code function: | 2_2_00221960 | |
| Source: | Code function: | 2_2_00221A07 | |
| Source: | Code function: | 2_2_00221B0D | |
| Source: | Code function: | 2_2_0021CC15 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_002100B4 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 DLL Side-Loading | 211 Process Injection | 21 Virtualization/Sandbox Evasion | 2 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 211 Process Injection | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 241 Security Software Discovery | SMB/Windows Admin Shares | 41 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 21 Virtualization/Sandbox Evasion | Distributed Component Object Model | 3 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 1 Process Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 11 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 33 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| mindhandru.buzz | 172.67.165.185 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 172.67.165.185 | mindhandru.buzz | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1581432 |
| Start date and time: | 2024-12-27 16:20:06 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 54s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 7 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Solara.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@4/1@1/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 4.245.163.56, 20.12.23.50, 13.107.246.63
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Solara.exe
| Time | Type | Description |
|---|---|---|
| 10:20:57 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 172.67.165.185 | Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse | ||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, Stealc | Browse | |||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| mindhandru.buzz | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
⊘No context
| Process: | C:\Users\user\Desktop\Solara.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 14402 |
| Entropy (8bit): | 4.874636730022465 |
| Encrypted: | false |
| SSDEEP: | 384:vlICCmV5fTMzsM3qlICCmV5fTMzsM3ip9guFx2rBhiLfmfU:vGCC+dMOGCC+dMY9guFx2rBo |
| MD5: | DF0EFD0545733561C6E165770FB3661C |
| SHA1: | 0F3AD477176CF235C6C59EE2EB15D81DCB6178A8 |
| SHA-256: | A434B406E97A2C892FA88C3975D8181EBEA62A8DA919C5221409E425DF50FD17 |
| SHA-512: | 3FF527435BC8BCF2640E0B64725CC0DB8A801D912698D4D94C44200529268B80AA7B59A2E2A2EA6C4621E09AA249AAA3583A8D90E4F5D7B68E0E6FFFEB759918 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.562861764583217 |
| TrID: |
|
| File name: | Solara.exe |
| File size: | 565'288 bytes |
| MD5: | a58debbc1c1961456ca288898e937ffb |
| SHA1: | 018e99304ae7b0d1fbae772daab0acd5afb5f3c6 |
| SHA256: | 08d7909a9758d3c8e1492e5f83721acb930300d182ec2877dbe59bddd251e602 |
| SHA512: | cee95a96c4077e7cc6b37a98bc5cebcb680110b790b524a295cb82ea4b31868f5f0eca3be0bf9ef5ac2b8aeb1b1ca04b54f02d49df1f11f83cb1d0fe844daf79 |
| SSDEEP: | 12288:XYO6Dqzihouxpa+yWQWXkY239XFHs+9UAPisqZa2LQAnREO:IO6DThou2+yrj39XFD9fn0agQERt |
| TLSH: | 33C4D0523690C4B2D9531A765A79D7795A3EF8200F625ACBA3940BFDCE703C14F30A6E |
| File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....ng..........................................@.......................................@.................................|j..<.. |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x4104a0 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows cui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NO_ISOLATION, GUARD_CF, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x676E98E6 [Fri Dec 27 12:09:10 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 96d90e8808da099bc17e050394f447e7 |
| Signature Valid: | false |
| Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
| Signature Validation Error: | The digital signature of the object did not verify |
| Error Number: | -2146869232 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 5F1B6B6C408DB2B4D60BAA489E9A0E5A |
| Thumbprint SHA-1: | 15F760D82C79D22446CC7D4806540BF632B1E104 |
| Thumbprint SHA-256: | 28AF76241322F210DA473D9569EFF6F27124C4CA9F43933DA547E8D068B0A95D |
| Serial: | 0997C56CAA59055394D9A9CDB8BEEB56 |
| Instruction |
|---|
| call 00007F55C0F1899Ah |
| jmp 00007F55C0F187FDh |
| mov ecx, dword ptr [0043B680h] |
| push esi |
| push edi |
| mov edi, BB40E64Eh |
| mov esi, FFFF0000h |
| cmp ecx, edi |
| je 00007F55C0F18996h |
| test esi, ecx |
| jne 00007F55C0F189B8h |
| call 00007F55C0F189C1h |
| mov ecx, eax |
| cmp ecx, edi |
| jne 00007F55C0F18999h |
| mov ecx, BB40E64Fh |
| jmp 00007F55C0F189A0h |
| test esi, ecx |
| jne 00007F55C0F1899Ch |
| or eax, 00004711h |
| shl eax, 10h |
| or ecx, eax |
| mov dword ptr [0043B680h], ecx |
| not ecx |
| pop edi |
| mov dword ptr [0043B6C0h], ecx |
| pop esi |
| ret |
| push ebp |
| mov ebp, esp |
| sub esp, 14h |
| lea eax, dword ptr [ebp-0Ch] |
| xorps xmm0, xmm0 |
| push eax |
| movlpd qword ptr [ebp-0Ch], xmm0 |
| call dword ptr [00436D00h] |
| mov eax, dword ptr [ebp-08h] |
| xor eax, dword ptr [ebp-0Ch] |
| mov dword ptr [ebp-04h], eax |
| call dword ptr [00436CB8h] |
| xor dword ptr [ebp-04h], eax |
| call dword ptr [00436CB4h] |
| xor dword ptr [ebp-04h], eax |
| lea eax, dword ptr [ebp-14h] |
| push eax |
| call dword ptr [00436D50h] |
| mov eax, dword ptr [ebp-10h] |
| lea ecx, dword ptr [ebp-04h] |
| xor eax, dword ptr [ebp-14h] |
| xor eax, dword ptr [ebp-04h] |
| xor eax, ecx |
| leave |
| ret |
| mov eax, 00004000h |
| ret |
| push 0043CF48h |
| call dword ptr [00436D28h] |
| ret |
| push 00030000h |
| push 00010000h |
| push 00000000h |
| call 00007F55C0F1F773h |
| add esp, 0Ch |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x36a7c | 0x3c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8d000 | 0x3fc | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x87a00 | 0x2628 | .bss |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3f000 | 0x2744 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x32608 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2ea98 | 0xc0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x36c3c | 0x184 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x2b4ca | 0x2b600 | ebf84c6b836020b1a66433a898baeab7 | False | 0.5443702719740634 | data | 6.596404756541432 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x2d000 | 0xc50c | 0xc600 | 96e76e7ef084461591b1dcd4c2131f05 | False | 0.40260022095959597 | data | 4.741850626178578 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x3a000 | 0x3714 | 0x2800 | d87fd4546a2b39263a028b496b33108f | False | 0.29814453125 | data | 5.024681407682101 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0x3e000 | 0x9 | 0x200 | 1f354d76203061bfdd5a53dae48d5435 | False | 0.033203125 | data | 0.020393135236084953 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .reloc | 0x3f000 | 0x2744 | 0x2800 | c7508b57e36483307c47b7dd73fc0c85 | False | 0.75166015625 | data | 6.531416896423856 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| .bss | 0x42000 | 0x4a200 | 0x4a200 | a5e67897cabd609a43ba9f1a15160029 | False | 1.0003326570404723 | data | 7.999352798586712 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x8d000 | 0x3fc | 0x400 | 6a4851071664eb0d5787860b0928a2fa | False | 0.4443359375 | data | 3.391431520369637 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x8d058 | 0x3a4 | data | English | United States | 0.44849785407725323 |
| DLL | Import |
|---|---|
| KERNEL32.dll | AcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateFileW, CreateThread, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExitThread, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetConsoleWindow, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetExitCodeThread, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WaitForSingleObjectEx, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile |
| USER32.dll | ShowWindow |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T16:20:58.059815+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49733 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:20:58.825403+0100 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49733 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:20:58.825403+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49733 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:00.150427+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49734 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:00.929153+0100 | 2049812 | ET MALWARE Lumma Stealer Related Activity M2 | 1 | 192.168.2.4 | 49734 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:00.929153+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49734 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:02.536177+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49735 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:04.940094+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49736 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:07.237305+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49737 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:09.801267+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49738 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:12.337000+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49739 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:12.351028+0100 | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 1 | 192.168.2.4 | 49739 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:16.149908+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49741 | 172.67.165.185 | 443 | TCP |
| 2024-12-27T16:21:16.932910+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49741 | 172.67.165.185 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 27, 2024 16:20:56.781799078 CET | 49733 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:56.781832933 CET | 443 | 49733 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:20:56.781908989 CET | 49733 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:56.784878969 CET | 49733 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:56.784895897 CET | 443 | 49733 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:20:58.059726954 CET | 443 | 49733 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:20:58.059814930 CET | 49733 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:58.063349962 CET | 49733 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:58.063360929 CET | 443 | 49733 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:20:58.063777924 CET | 443 | 49733 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:20:58.112401962 CET | 49733 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:58.112421036 CET | 49733 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:58.112593889 CET | 443 | 49733 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:20:58.825508118 CET | 443 | 49733 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:20:58.825778008 CET | 443 | 49733 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:20:58.825848103 CET | 49733 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:58.827188969 CET | 49733 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:58.827203035 CET | 443 | 49733 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:20:58.827214003 CET | 49733 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:58.827219009 CET | 443 | 49733 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:20:58.835758924 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:58.835833073 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:20:58.835918903 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:58.837038040 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:20:58.837066889 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.150324106 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.150427103 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:00.151753902 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:00.151786089 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.152295113 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.153512955 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:00.153574944 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:00.153613091 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.929269075 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.929397106 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.929465055 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:00.929505110 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.929533958 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.929595947 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:00.929621935 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.929773092 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.929826021 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:00.929851055 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.937208891 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.937272072 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:00.937288046 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.945374012 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.945432901 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:00.945449114 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:00.990185022 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:00.990201950 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:01.037050962 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:01.048554897 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:01.099654913 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:01.139307976 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:01.142762899 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:01.142833948 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:01.142852068 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:01.143069983 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:01.143131018 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:01.143225908 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:01.143260956 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:01.143287897 CET | 49734 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:01.143301010 CET | 443 | 49734 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:01.269104004 CET | 49735 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:01.269150972 CET | 443 | 49735 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:01.269220114 CET | 49735 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:01.269489050 CET | 49735 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:01.269504070 CET | 443 | 49735 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:02.536092043 CET | 443 | 49735 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:02.536176920 CET | 49735 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:02.537811041 CET | 49735 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:02.537822962 CET | 443 | 49735 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:02.538610935 CET | 443 | 49735 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:02.539885998 CET | 49735 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:02.540028095 CET | 49735 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:02.540066004 CET | 443 | 49735 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:02.540132046 CET | 49735 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:02.540139914 CET | 443 | 49735 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:03.593235970 CET | 443 | 49735 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:03.593514919 CET | 443 | 49735 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:03.593584061 CET | 49735 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:03.593703032 CET | 49735 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:03.593719959 CET | 443 | 49735 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:03.671684980 CET | 49736 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:03.671717882 CET | 443 | 49736 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:03.671809912 CET | 49736 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:03.672075033 CET | 49736 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:03.672091007 CET | 443 | 49736 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:04.939976931 CET | 443 | 49736 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:04.940093994 CET | 49736 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:04.941248894 CET | 49736 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:04.941258907 CET | 443 | 49736 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:04.941750050 CET | 443 | 49736 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:04.942786932 CET | 49736 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:04.942930937 CET | 49736 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:04.942962885 CET | 443 | 49736 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:05.793451071 CET | 443 | 49736 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:05.793715954 CET | 443 | 49736 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:05.793772936 CET | 49736 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:05.793874025 CET | 49736 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:05.793890953 CET | 443 | 49736 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:05.967192888 CET | 49737 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:05.967272043 CET | 443 | 49737 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:05.967354059 CET | 49737 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:05.967685938 CET | 49737 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:05.967709064 CET | 443 | 49737 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:07.237096071 CET | 443 | 49737 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:07.237304926 CET | 49737 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:07.238504887 CET | 49737 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:07.238528967 CET | 443 | 49737 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:07.239283085 CET | 443 | 49737 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:07.240672112 CET | 49737 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:07.240833998 CET | 49737 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:07.240856886 CET | 443 | 49737 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:07.240923882 CET | 49737 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:07.240931988 CET | 443 | 49737 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:08.237591028 CET | 443 | 49737 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:08.237823963 CET | 443 | 49737 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:08.237900972 CET | 49737 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:08.237982035 CET | 49737 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:08.238007069 CET | 443 | 49737 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:08.579870939 CET | 49738 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:08.579916954 CET | 443 | 49738 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:08.579981089 CET | 49738 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:08.583327055 CET | 49738 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:08.583347082 CET | 443 | 49738 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:09.801204920 CET | 443 | 49738 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:09.801266909 CET | 49738 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:09.802520037 CET | 49738 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:09.802532911 CET | 443 | 49738 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:09.802856922 CET | 443 | 49738 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:09.804114103 CET | 49738 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:09.804208994 CET | 49738 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:09.804215908 CET | 443 | 49738 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:10.581778049 CET | 443 | 49738 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:10.582006931 CET | 443 | 49738 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:10.582070112 CET | 49738 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:10.582328081 CET | 49738 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:10.582348108 CET | 443 | 49738 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:11.024008989 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:11.024105072 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:11.024204969 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:11.024478912 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:11.024502993 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.336869001 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.336999893 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.338244915 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.338298082 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.339214087 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.348953009 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.349853039 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.349912882 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.350052118 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.350099087 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.350248098 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.350331068 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.350476027 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.350652933 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.350692987 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.350739956 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.350779057 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.350950003 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.351150990 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.351202011 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.351443052 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.351488113 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.351536036 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.351639032 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.351783991 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.351849079 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.351871014 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.351921082 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.352160931 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.352204084 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.352247000 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.352341890 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.352361917 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.352478981 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.352591038 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.591502905 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.591679096 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.591730118 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.591846943 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:12.635371923 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:12.807954073 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:14.826925993 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:14.827045918 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:14.827112913 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:14.827398062 CET | 49739 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:14.827440977 CET | 443 | 49739 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:14.888715029 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:14.888766050 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:14.888838053 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:14.889338970 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:14.889353037 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.149838924 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.149908066 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.151004076 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.151015043 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.151349068 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.153666973 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.153687954 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.153748989 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.932926893 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.932988882 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.933028936 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.933048964 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.933079004 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.933116913 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.933125019 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.933162928 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.933202982 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.933211088 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.941299915 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.941348076 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.941356897 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.953056097 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.953118086 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.953126907 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.961309910 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.961364985 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.961371899 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.961400032 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.961443901 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.961502075 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.961517096 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Dec 27, 2024 16:21:16.961541891 CET | 49741 | 443 | 192.168.2.4 | 172.67.165.185 |
| Dec 27, 2024 16:21:16.961546898 CET | 443 | 49741 | 172.67.165.185 | 192.168.2.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 27, 2024 16:20:56.475796938 CET | 62635 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 27, 2024 16:20:56.774569988 CET | 53 | 62635 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 27, 2024 16:20:56.475796938 CET | 192.168.2.4 | 1.1.1.1 | 0x876d | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 27, 2024 16:20:56.774569988 CET | 1.1.1.1 | 192.168.2.4 | 0x876d | No error (0) | 172.67.165.185 | A (IP address) | IN (0x0001) | false | ||
| Dec 27, 2024 16:20:56.774569988 CET | 1.1.1.1 | 192.168.2.4 | 0x876d | No error (0) | 104.21.11.101 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49733 | 172.67.165.185 | 443 | 7620 | C:\Users\user\Desktop\Solara.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 15:20:58 UTC | 262 | OUT | |
| 2024-12-27 15:20:58 UTC | 8 | OUT | |
| 2024-12-27 15:20:58 UTC | 1127 | IN | |
| 2024-12-27 15:20:58 UTC | 7 | IN | |
| 2024-12-27 15:20:58 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49734 | 172.67.165.185 | 443 | 7620 | C:\Users\user\Desktop\Solara.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 15:21:00 UTC | 263 | OUT | |
| 2024-12-27 15:21:00 UTC | 51 | OUT | |
| 2024-12-27 15:21:00 UTC | 1121 | IN | |
| 2024-12-27 15:21:00 UTC | 248 | IN | |
| 2024-12-27 15:21:00 UTC | 1369 | IN | |
| 2024-12-27 15:21:00 UTC | 1369 | IN | |
| 2024-12-27 15:21:00 UTC | 160 | IN | |
| 2024-12-27 15:21:00 UTC | 1369 | IN | |
| 2024-12-27 15:21:00 UTC | 1369 | IN | |
| 2024-12-27 15:21:00 UTC | 1369 | IN | |
| 2024-12-27 15:21:00 UTC | 1369 | IN | |
| 2024-12-27 15:21:00 UTC | 1369 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49735 | 172.67.165.185 | 443 | 7620 | C:\Users\user\Desktop\Solara.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 15:21:02 UTC | 282 | OUT | |
| 2024-12-27 15:21:02 UTC | 15331 | OUT | |
| 2024-12-27 15:21:02 UTC | 2842 | OUT | |
| 2024-12-27 15:21:03 UTC | 1126 | IN | |
| 2024-12-27 15:21:03 UTC | 20 | IN | |
| 2024-12-27 15:21:03 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49736 | 172.67.165.185 | 443 | 7620 | C:\Users\user\Desktop\Solara.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 15:21:04 UTC | 274 | OUT | |
| 2024-12-27 15:21:04 UTC | 8752 | OUT | |
| 2024-12-27 15:21:05 UTC | 1129 | IN | |
| 2024-12-27 15:21:05 UTC | 20 | IN | |
| 2024-12-27 15:21:05 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49737 | 172.67.165.185 | 443 | 7620 | C:\Users\user\Desktop\Solara.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 15:21:07 UTC | 278 | OUT | |
| 2024-12-27 15:21:07 UTC | 15331 | OUT | |
| 2024-12-27 15:21:07 UTC | 5092 | OUT | |
| 2024-12-27 15:21:08 UTC | 1128 | IN | |
| 2024-12-27 15:21:08 UTC | 20 | IN | |
| 2024-12-27 15:21:08 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49738 | 172.67.165.185 | 443 | 7620 | C:\Users\user\Desktop\Solara.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 15:21:09 UTC | 273 | OUT | |
| 2024-12-27 15:21:09 UTC | 1228 | OUT | |
| 2024-12-27 15:21:10 UTC | 1120 | IN | |
| 2024-12-27 15:21:10 UTC | 20 | IN | |
| 2024-12-27 15:21:10 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49739 | 172.67.165.185 | 443 | 7620 | C:\Users\user\Desktop\Solara.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 15:21:12 UTC | 281 | OUT | |
| 2024-12-27 15:21:12 UTC | 15331 | OUT | |
| 2024-12-27 15:21:12 UTC | 15331 | OUT | |
| 2024-12-27 15:21:12 UTC | 15331 | OUT | |
| 2024-12-27 15:21:12 UTC | 15331 | OUT | |
| 2024-12-27 15:21:12 UTC | 15331 | OUT | |
| 2024-12-27 15:21:12 UTC | 15331 | OUT | |
| 2024-12-27 15:21:12 UTC | 15331 | OUT | |
| 2024-12-27 15:21:12 UTC | 15331 | OUT | |
| 2024-12-27 15:21:12 UTC | 15331 | OUT | |
| 2024-12-27 15:21:12 UTC | 15331 | OUT | |
| 2024-12-27 15:21:14 UTC | 1137 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49741 | 172.67.165.185 | 443 | 7620 | C:\Users\user\Desktop\Solara.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 15:21:16 UTC | 263 | OUT | |
| 2024-12-27 15:21:16 UTC | 86 | OUT | |
| 2024-12-27 15:21:16 UTC | 1123 | IN | |
| 2024-12-27 15:21:16 UTC | 246 | IN | |
| 2024-12-27 15:21:16 UTC | 1369 | IN | |
| 2024-12-27 15:21:16 UTC | 1369 | IN | |
| 2024-12-27 15:21:16 UTC | 1369 | IN | |
| 2024-12-27 15:21:16 UTC | 636 | IN | |
| 2024-12-27 15:21:16 UTC | 1369 | IN | |
| 2024-12-27 15:21:16 UTC | 1369 | IN | |
| 2024-12-27 15:21:16 UTC | 1369 | IN | |
| 2024-12-27 15:21:16 UTC | 1369 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 10:20:54 |
| Start date: | 27/12/2024 |
| Path: | C:\Users\user\Desktop\Solara.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x200000 |
| File size: | 565'288 bytes |
| MD5 hash: | A58DEBBC1C1961456CA288898E937FFB |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 10:20:54 |
| Start date: | 27/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 10:20:55 |
| Start date: | 27/12/2024 |
| Path: | C:\Users\user\Desktop\Solara.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x200000 |
| File size: | 565'288 bytes |
| MD5 hash: | A58DEBBC1C1961456CA288898E937FFB |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 6.5% |
| Dynamic/Decrypted Code Coverage: | 0.4% |
| Signature Coverage: | 5.4% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 16 |
Graph
Function 0023A19E Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00201FB0 Relevance: 9.2, APIs: 6, Instructions: 200fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00201000 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002024B0 Relevance: 10.6, APIs: 7, Instructions: 83threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021CF0B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00215349 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002154EE Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002090F0 Relevance: 3.1, APIs: 2, Instructions: 73COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021DA52 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00201EF0 Relevance: 3.1, APIs: 2, Instructions: 60memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00215470 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00202270 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021BED7 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020DEF0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020CB40 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020B060 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020CB32 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00207770 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021BF11 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002098F0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00221287 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 182COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00221A07 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00219CC0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00221FE9 Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020F8E9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00221580 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00213FB2 Relevance: 2.8, Strings: 2, Instructions: 318COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020F555 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00221840 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00221960 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00221B0D Relevance: 1.5, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020F8DD Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021D8E0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0022AAE2 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020FE29 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021EE76 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00210080 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00209B30 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021B56E Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002155C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021D6EA Relevance: 7.7, APIs: 5, Instructions: 197COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020EFF1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020D4C2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00220976 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00203E90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020F11D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33threadCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020ABC5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00226940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00207220 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00204460 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00221DC6 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00212BA2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002231BE Relevance: 6.1, APIs: 4, Instructions: 74COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020E892 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002104F5 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021B992 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021B1FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020B46C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00202610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 4.3% |
| Dynamic/Decrypted Code Coverage: | 7.2% |
| Signature Coverage: | 42.6% |
| Total number of Nodes: | 223 |
| Total number of Limit Nodes: | 20 |
Graph
Function 00411BB0 Relevance: 159.4, APIs: 1, Strings: 89, Instructions: 1884COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00437D90 Relevance: 30.3, APIs: 11, Strings: 6, Instructions: 561memorycomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 051E1000 Relevance: 19.6, APIs: 13, Instructions: 81clipboardsleepmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408630 Relevance: 7.7, APIs: 5, Instructions: 248threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C06F Relevance: 2.7, Strings: 2, Instructions: 173COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043CB40 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043D0BC Relevance: 1.5, Strings: 1, Instructions: 216COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043EBB0 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00425CD0 Relevance: .4, Instructions: 412COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C678 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042C498 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042C493 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043CCF7 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00431D0D Relevance: 1.5, APIs: 1, Instructions: 42COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043CAD0 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00431C8B Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042FEE7 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004371CA Relevance: 1.5, APIs: 1, Instructions: 20COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C630 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043CD4F Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043B000 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043AFD4 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043AFE0 Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423520 Relevance: 41.1, Strings: 32, Instructions: 1058COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423180 Relevance: 39.9, Strings: 31, Instructions: 1128COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423680 Relevance: 39.8, Strings: 31, Instructions: 1023COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040ACD0 Relevance: 13.0, Strings: 10, Instructions: 457COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041608C Relevance: 12.1, Strings: 9, Instructions: 860COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041CE00 Relevance: 12.1, Strings: 9, Instructions: 849COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00409650 Relevance: 10.4, Strings: 8, Instructions: 352COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00426150 Relevance: 8.9, Strings: 7, Instructions: 184COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00408FF0 Relevance: 7.8, Strings: 6, Instructions: 281COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00201FB0 Relevance: 7.7, APIs: 5, Instructions: 200fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C6F5 Relevance: 6.5, Strings: 5, Instructions: 256COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00219CC0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00413EB0 Relevance: 6.1, Strings: 4, Instructions: 1089COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020F8E9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00424789 Relevance: 5.7, Strings: 4, Instructions: 663COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00426170 Relevance: 5.5, Strings: 4, Instructions: 478COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040A840 Relevance: 5.4, Strings: 4, Instructions: 367COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041B8F0 Relevance: 5.3, Strings: 4, Instructions: 345COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423650 Relevance: 5.2, Strings: 4, Instructions: 189COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414D0A Relevance: 2.8, Strings: 2, Instructions: 259COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BCBB Relevance: 2.7, Strings: 2, Instructions: 231COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041BCCE Relevance: 2.7, Strings: 2, Instructions: 227COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041A722 Relevance: 2.6, Strings: 2, Instructions: 147COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00428B40 Relevance: 2.6, Strings: 2, Instructions: 106COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418BC2 Relevance: 2.6, Strings: 2, Instructions: 104COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043B780 Relevance: 2.0, Strings: 1, Instructions: 777COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004274B5 Relevance: 1.8, Strings: 1, Instructions: 552COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00429E00 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042CA59 Relevance: 1.6, Strings: 1, Instructions: 378COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004298B0 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042A360 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043B4B0 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C30B Relevance: 1.4, Strings: 1, Instructions: 160COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417494 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407430 Relevance: .6, Instructions: 625COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00438730 Relevance: .5, Instructions: 489COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004058E0 Relevance: .4, Instructions: 448COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00427CDD Relevance: .4, Instructions: 361COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043F220 Relevance: .3, Instructions: 307COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043EF50 Relevance: .3, Instructions: 282COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043C010 Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004250C0 Relevance: .2, Instructions: 227COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043C559 Relevance: .2, Instructions: 224COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041D860 Relevance: .2, Instructions: 204COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043849F Relevance: .2, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00429680 Relevance: .2, Instructions: 172COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042D2B4 Relevance: .2, Instructions: 160COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041457C Relevance: .1, Instructions: 135COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040D3C3 Relevance: .1, Instructions: 104COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004357C0 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00429810 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043173B Relevance: 57.9, APIs: 1, Strings: 32, Instructions: 173memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043247F Relevance: 57.9, APIs: 1, Strings: 32, Instructions: 172memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0022AAE2 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020FE29 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021EE76 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002024B0 Relevance: 10.6, APIs: 7, Instructions: 83threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021CF0B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00210080 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00209B30 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021B56E Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002155C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021D6EA Relevance: 7.7, APIs: 5, Instructions: 197COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020EFF1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020D4C2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00203E90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020F11D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33threadCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020ABC5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00226940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00207220 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00221DC6 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00212BA2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002231BE Relevance: 6.1, APIs: 4, Instructions: 74COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002104F5 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021B992 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0021B1FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0020B46C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00202610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|