Windows
Analysis Report
#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe
Overview
General Information
Sample name: | #Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exerenamed because original name is a hash value |
Original sample name: | .exe |
Analysis ID: | 1601484 |
MD5: | f86c1fb3a2c034c4d3d44a96fd9d6093 |
SHA1: | eb478a69bc15b156a9ea0f0276e72788426b5b9e |
SHA256: | 10216641566ad9478b8aa7af136ee17959c8a4597b663ae379647f437f91f220 |
Tags: | exeLummaStealeruser-aachum |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe (PID: 7412 cmdline:
"C:\Users\ user\Deskt op\#Ud835# Udc7a#Ud83 5#Udc6c#Ud 835#Udc7b# Ud835#Udc7 c#Ud835#Ud c77.exe" MD5: F86C1FB3A2C034C4D3D44A96FD9D6093) powershell.exe (PID: 8004 cmdline:
powershell -exec byp ass -f "C: \Users\use r\AppData\ Local\Temp \MVYET7Q4Z 4FMOQW2PUN L.ps1" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) conhost.exe (PID: 8012 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
{
"C2 url": [
"abaft-taboo.bond",
"noxiuos-utopi.bond",
"moonehobno.bond",
"rainy-lamep.bond",
"elfinyamen.bond",
"cowertbabei.bond",
"learnyprocce.bond",
"conquemappe.bond",
"traveladdicts.top"
],
"Build id": "MeHdy4--pl2yan1"
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): |
Source: | Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T16:15:57.972873+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49734 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:15:59.294730+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49736 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:01.039050+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49738 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:13.829900+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49743 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:26.672332+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49744 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:40.165943+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49752 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:43.058158+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49773 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:57.101132+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49859 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:58.057907+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49865 | 104.26.3.16 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T16:15:58.771885+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:15:59.782405+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:57.561213+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49859 | 104.21.60.241 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T16:15:58.771885+0100 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 104.21.60.241 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T16:15:59.782405+0100 | 2049812 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 104.21.60.241 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T16:16:40.931548+0100 | 2048094 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49752 | 104.21.60.241 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T16:16:43.064017+0100 | 2843864 | 1 | A Network Trojan was detected | 192.168.2.4 | 49773 | 104.21.60.241 | 443 | TCP |
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | DNS query: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: |
Source: | Code function: | 0_3_00719601 | |
Source: | Code function: | 0_3_007194E8 | |
Source: | Code function: | 0_3_007193EA | |
Source: | Code function: | 0_3_007193CA | |
Source: | Code function: | 0_3_007193BE | |
Source: | Code function: | 0_3_0074460E | |
Source: | Code function: | 0_3_0074460E | |
Source: | Code function: | 0_3_0074460E | |
Source: | Code function: | 0_3_00739EEB | |
Source: | Code function: | 0_3_00709464 | |
Source: | Code function: | 0_3_0070B1A1 | |
Source: | Code function: | 0_3_0074460E | |
Source: | Code function: | 0_3_0074460E | |
Source: | Code function: | 0_3_0074460E | |
Source: | Code function: | 0_3_00719601 | |
Source: | Code function: | 0_3_007194E8 | |
Source: | Code function: | 0_3_007193EA | |
Source: | Code function: | 0_3_007193CA | |
Source: | Code function: | 0_3_007193BE | |
Source: | Code function: | 0_3_00719601 | |
Source: | Code function: | 0_3_007194E8 | |
Source: | Code function: | 0_3_007193EA | |
Source: | Code function: | 0_3_007193CA | |
Source: | Code function: | 0_3_007193BE | |
Source: | Code function: | 0_3_0074460E | |
Source: | Code function: | 0_3_0074460E | |
Source: | Code function: | 0_3_0074460E | |
Source: | Code function: | 0_3_00719601 | |
Source: | Code function: | 0_3_007194E8 | |
Source: | Code function: | 0_3_007193EA | |
Source: | Code function: | 0_3_007193CA | |
Source: | Code function: | 0_3_007193BE |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 0_3_0071C591 | |
Source: | Code function: | 0_3_0071C591 | |
Source: | Code function: | 0_3_0071C591 | |
Source: | Code function: | 0_3_0071CB08 | |
Source: | Code function: | 0_3_0071CB08 | |
Source: | Code function: | 0_3_0071CB08 | |
Source: | Code function: | 0_3_0071FFBB | |
Source: | Code function: | 0_3_0071FFBB | |
Source: | Code function: | 0_3_00719C9F | |
Source: | Code function: | 0_3_0071AF91 | |
Source: | Code function: | 0_3_0071AF91 | |
Source: | Code function: | 0_3_0071AF91 | |
Source: | Code function: | 0_3_00756B39 | |
Source: | Code function: | 0_3_00756B39 | |
Source: | Code function: | 0_3_00756B39 | |
Source: | Code function: | 0_3_0073C064 | |
Source: | Code function: | 0_3_0073BB6E | |
Source: | Code function: | 0_3_00737BDA | |
Source: | Code function: | 0_3_0070EB72 | |
Source: | Code function: | 0_3_0070EB72 | |
Source: | Code function: | 0_3_0070EB72 | |
Source: | Code function: | 0_3_0070CA05 | |
Source: | Code function: | 0_3_0070CA05 | |
Source: | Code function: | 0_3_0070CEF8 | |
Source: | Code function: | 0_3_0070CEF8 | |
Source: | Code function: | 0_3_0070C7B8 | |
Source: | Code function: | 0_3_0070C7B8 | |
Source: | Code function: | 0_3_00756B39 | |
Source: | Code function: | 0_3_00756B39 | |
Source: | Code function: | 0_3_00756B39 | |
Source: | Code function: | 0_3_0074635E |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | System information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 221 Virtualization/Sandbox Evasion | 2 OS Credential Dumping | 1 Query Registry | Remote Services | 1 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 221 Security Software Discovery | Remote Desktop Protocol | 41 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 221 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 4 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | 115 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 22 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
traveladdicts.top | 104.21.60.241 | true | true | unknown | |
rentry.co | 104.26.3.16 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false | high | ||
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.26.3.16 | rentry.co | United States | 13335 | CLOUDFLARENETUS | false | |
104.21.60.241 | traveladdicts.top | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1601484 |
Start date and time: | 2025-01-28 16:14:47 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 24s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | #Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exerenamed because original name is a hash value |
Original Sample Name: | .exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/4@2/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, W MIADAP.exe, SIHClient.exe, con host.exe - Excluded IPs from analysis (wh
itelisted): 4.245.163.56, 13.1 07.253.45 - Excluded domains from analysis
(whitelisted): ocsp.digicert. com, slscr.update.microsoft.co m, otelrules.azureedge.net, ct ldl.windowsupdate.com, fe3cr.d elivery.mp.microsoft.com - Execution Graph export aborted
for target #Ud835#Udc7a#Ud835 #Udc6c#Ud835#Udc7b#Ud835#Udc7c #Ud835#Udc77.exe, PID 7412 bec ause there are no executed fun ction - Execution Graph export aborted
for target powershell.exe, PI D 8004 because it is empty - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
Time | Type | Description |
---|---|---|
10:15:57 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.26.3.16 | Get hash | malicious | LummaC Stealer | Browse | ||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWorm | Browse | |||
Get hash | malicious | LummaC Stealer | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC Stealer | Browse | |||
Get hash | malicious | Python Stealer, CStealer | Browse | |||
Get hash | malicious | XWorm | Browse | |||
104.21.60.241 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HTMLPhisher, Tycoon2FA | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher, Tycoon2FA | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
traveladdicts.top | Get hash | malicious | LummaC Stealer | Browse |
| |
rentry.co | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Amadey, AsyncRAT, LummaC Stealer, PureLog Stealer, Socks5Systemz, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Babadeda, LummaC Stealer, PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Njrat, XWorm | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
|
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 0.7307872139132228 |
Encrypted: | false |
SSDEEP: | 3:Nlllul4/X:NllU4/ |
MD5: | 3C34689C4BD27F7A51A67BBD54FA65C2 |
SHA1: | E444E6B6E24D2FE2ACE5A5A7D96A6142C2368735 |
SHA-256: | 4B7DAB4629E6B8CC1CD6E404CB5FC110296C3D0F4E3FDBBDB0C1CE48B5B8A546 |
SHA-512: | 02827A36A507539C617DFE05EDF5367EB295EB80172794D83F3E9AF612125B7CA88218C2601DFA8E0E98888061A0C7B0E78428188523FA915F39B23F148F8766 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4452 |
Entropy (8bit): | 5.071274990406666 |
Encrypted: | false |
SSDEEP: | 48:5q41lJM8WOxEj4/wPsAG4oevjKEcXrCnBBkpBxVGLrGWQ7aSTw2wptI8Id6Pu:5hPA5jKEcXrCnTkpBxFzanx/ICu |
MD5: | 3C3E3FB6161702F077D39BAE54AB780B |
SHA1: | 071F755A156ABC6FE4E6F9CD82D19A6CB3A72121 |
SHA-256: | 5CB42D98FC867F8DA8E4F428707068E8D9D85227A6E01E4A172DC76BEA03EC1B |
SHA-512: | 23941EBDCCFF8EB59424D97E669BFAF6FF2C1EC575E70E5F42C9B4230DB441872B2C68B2B9C4797C6D2467536DDB0E5B3A4B2B1518B4F0767B83A0E7013CBF7A |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 4.291433707311005 |
TrID: |
|
File name: | #Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
File size: | 79'325'044 bytes |
MD5: | f86c1fb3a2c034c4d3d44a96fd9d6093 |
SHA1: | eb478a69bc15b156a9ea0f0276e72788426b5b9e |
SHA256: | 10216641566ad9478b8aa7af136ee17959c8a4597b663ae379647f437f91f220 |
SHA512: | 8635eebd4dc351856804f7d310d7ba6b7802def8f1ef63590dd62d8f547947c76abc4f7b0364f3f43a0b5b735cbb9aa9a50106f34f3715256a7eefa69a663ab3 |
SSDEEP: | 24576:XrIWzIGJHrHPcf6ZzI5SuxumqUQk0+xBFQbtLlDy/pyy/pNNx4/rdnfRSnJ89d/b:XN7JbTIAtRe/P//2rdfLd/k12jzL |
TLSH: | 02088479AB1013E55F8399CE4E07E7D6EE6DD1107212246CA28F068BDA438EC4377D6E |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 5fc1c131094d9e07 |
Entrypoint: | 0x463c48 |
Entrypoint Section: | CODE |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 1 |
OS Version Minor: | 0 |
File Version Major: | 1 |
File Version Minor: | 0 |
Subsystem Version Major: | 1 |
Subsystem Version Minor: | 0 |
Import Hash: | 92db50972771bbc9741d8dba3b89adb3 |
Signature Valid: | false |
Signature Issuer: | CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 3A209510BAACD4B48C20A0F8656AA26A |
Thumbprint SHA-1: | 47D58D082C452B3086973BEE37FB549F965F9E0B |
Thumbprint SHA-256: | 6F9838A2DA08559B3E0FE2156E99EA0AA4F3D1CD43675980B806CDECA7A5E616 |
Serial: | 00989AAB57D7FCC43812B213AEDEA41AB6 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF4h |
push ebx |
mov eax, 00463A68h |
call 00007F76ACCD3000h |
mov ebx, dword ptr [00464D18h] |
mov eax, dword ptr [ebx] |
call 00007F76ACCF8737h |
mov eax, dword ptr [ebx] |
mov edx, 00463D08h |
call 00007F76ACCF8443h |
mov eax, dword ptr [ebx] |
add eax, 34h |
mov edx, 00463D38h |
call 00007F76ACCD154Ch |
mov ecx, dword ptr [00464BCCh] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [00463614h] |
call 00007F76ACCF8721h |
mov ecx, dword ptr [00464D54h] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [0046205Ch] |
call 00007F76ACCF870Eh |
mov ecx, dword ptr [00464D7Ch] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [00462C68h] |
call 00007F76ACCF86FBh |
mov ecx, dword ptr [00464D68h] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [004602F4h] |
call 00007F76ACCF86E8h |
mov ecx, dword ptr [00464DF4h] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [0044EA78h] |
call 00007F76ACCF86D5h |
mov ecx, dword ptr [00464DCCh] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [0045F9B0h] |
call 00007F76ACCF86C2h |
mov eax, dword ptr [ebx] |
call 00007F76ACCF8747h |
pop ebx |
call 00007F76ACCD1349h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x66000 | 0x1e1c | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x71000 | 0x136e00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x4ba3a04 | 0x2d70 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6a000 | 0x66e0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x69000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0x62d44 | 0x62e00 | a608b75b620bc9899da54425632a33e5 | False | 0.5154768489254109 | data | 6.498737751055233 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
DATA | 0x64000 | 0xe2c | 0x1000 | b9ffc5470506451801f9a3ee8bb378eb | False | 0.396240234375 | data | 3.9376047457579335 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
BSS | 0x65000 | 0xa65 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x66000 | 0x1e1c | 0x2000 | 1e4c463a52feae64e21dcc93c56c27fe | False | 0.358642578125 | data | 4.711728774841513 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x68000 | 0x8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x69000 | 0x18 | 0x200 | 6eda95e7f89fac29502da04b93c31e66 | False | 0.05078125 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.reloc | 0x6a000 | 0x66e0 | 0x6800 | 2a6e3bd94e29f2f2a46d5c3d5d03f649 | False | 0.6045297475961539 | data | 6.636864870170326 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0x71000 | 0x136e00 | 0x136e00 | ab6dad1a6881f59023e131ce70af5cd4 | False | 0.42046611127864897 | data | 7.584171439487795 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x71b58 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | French | France | 0.5714285714285714 |
RT_CURSOR | 0x71c8c | 0x134 | data | 0.4642857142857143 | ||
RT_CURSOR | 0x71dc0 | 0x134 | data | 0.4805194805194805 | ||
RT_CURSOR | 0x71ef4 | 0x134 | data | 0.38311688311688313 | ||
RT_CURSOR | 0x72028 | 0x134 | data | 0.36038961038961037 | ||
RT_CURSOR | 0x7215c | 0x134 | data | 0.4090909090909091 | ||
RT_CURSOR | 0x72290 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | 0.4967532467532468 | ||
RT_CURSOR | 0x723c4 | 0x134 | data | 0.38636363636363635 | ||
RT_CURSOR | 0x724f8 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | 0.38636363636363635 | ||
RT_ICON | 0x7262c | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | French | France | 0.6252665245202559 |
RT_ICON | 0x734d4 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | French | France | 0.769404332129964 |
RT_ICON | 0x73d7c | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | French | France | 0.611271676300578 |
RT_ICON | 0x742e4 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | French | France | 0.3741701244813278 |
RT_ICON | 0x7688c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | French | France | 0.599671669793621 |
RT_ICON | 0x77934 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | French | France | 0.725177304964539 |
RT_STRING | 0x77d9c | 0xec | data | 0.5466101694915254 | ||
RT_STRING | 0x77e88 | 0x130 | data | 0.5493421052631579 | ||
RT_STRING | 0x77fb8 | 0x224 | data | 0.4306569343065693 | ||
RT_STRING | 0x781dc | 0x5cc | data | 0.32681940700808626 | ||
RT_STRING | 0x787a8 | 0x254 | data | 0.5016778523489933 | ||
RT_STRING | 0x789fc | 0x128 | data | 0.5304054054054054 | ||
RT_STRING | 0x78b24 | 0x2d8 | data | 0.4532967032967033 | ||
RT_STRING | 0x78dfc | 0x4a8 | data | 0.3859060402684564 | ||
RT_STRING | 0x792a4 | 0x43c | data | 0.34501845018450183 | ||
RT_STRING | 0x796e0 | 0x314 | data | 0.37817258883248733 | ||
RT_STRING | 0x799f4 | 0xe4 | data | 0.5570175438596491 | ||
RT_STRING | 0x79ad8 | 0xb8 | data | 0.5543478260869565 | ||
RT_STRING | 0x79b90 | 0x384 | data | 0.4266666666666667 | ||
RT_STRING | 0x79f14 | 0x434 | data | 0.370817843866171 | ||
RT_STRING | 0x7a348 | 0x368 | data | 0.39908256880733944 | ||
RT_RCDATA | 0x7a6b0 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x7a6c0 | 0x2b0 | data | 0.7311046511627907 | ||
RT_RCDATA | 0x7a970 | 0x2722 | Delphi compiled form 'TEnvoyerResultatDlg' | 0.3609502894789379 | ||
RT_RCDATA | 0x7d094 | 0x644e6 | Delphi compiled form 'TEtoileDlg' | 0.4514499067795373 | ||
RT_RCDATA | 0xe157c | 0x2cb13 | Delphi compiled form 'TPerfCDInfoDlg' | 0.19966786664408742 | ||
RT_RCDATA | 0x10e090 | 0x12412 | Delphi compiled form 'TPerfCDROMChartDlg' | 0.10465427310418617 | ||
RT_RCDATA | 0x1204a4 | 0x2d672 | Delphi compiled form 'TPerfCDROMDlg' | 0.1919825778351347 | ||
RT_RCDATA | 0x14db18 | 0x77f | Delphi compiled form 'TSelectionCDROMDlg' | 0.39030745179781134 | ||
RT_GROUP_CURSOR | 0x14e298 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | French | France | 1.25 |
RT_GROUP_CURSOR | 0x14e2ac | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x14e2c0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x14e2d4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
RT_GROUP_CURSOR | 0x14e2e8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x14e2fc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x14e310 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x14e324 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x14e338 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_ICON | 0x14e34c | 0x5a | data | French | France | 0.7333333333333333 |
RT_VERSION | 0x14e3a8 | 0x360 | data | French | France | 0.4652777777777778 |
RT_MANIFEST | 0x14e708 | 0x2bd | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4893009985734665 |
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, CreateFileA, CloseHandle |
user32.dll | GetKeyboardType, LoadStringA, MessageBoxA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
oleaut32.dll | VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysReAllocStringLen, SysAllocStringLen |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey |
kernel32.dll | WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ReadFile, OutputDebugStringA, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
gdi32.dll | UnrealizeObject, TextOutA, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetTextAlign, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetBrushOrgEx, GetBkColor, GetBitmapBits, ExcludeClipRect, EnumFontsA, EnumFontFamiliesExA, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt, Arc |
user32.dll | WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadIconA, LoadCursorA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollPos, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIcon, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout |
comctl32.dll | ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Create, InitCommonControls |
shell32.dll | ShellExecuteA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
French | France | |
English | United States |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T16:15:57.972873+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49734 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:15:58.771885+0100 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49734 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:15:58.771885+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49734 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:15:59.294730+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49736 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:15:59.782405+0100 | 2049812 | ET MALWARE Lumma Stealer Related Activity M2 | 1 | 192.168.2.4 | 49736 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:15:59.782405+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49736 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:01.039050+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49738 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:13.829900+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49743 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:26.672332+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49744 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:40.165943+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49752 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:40.931548+0100 | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 1 | 192.168.2.4 | 49752 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:43.058158+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49773 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:43.064017+0100 | 2843864 | ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 | 1 | 192.168.2.4 | 49773 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:57.101132+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49859 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:57.561213+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49859 | 104.21.60.241 | 443 | TCP |
2025-01-28T16:16:58.057907+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49865 | 104.26.3.16 | 443 | TCP |
- Total Packets: 112
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 28, 2025 16:15:57.477778912 CET | 49734 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:57.477822065 CET | 443 | 49734 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:57.478013039 CET | 49734 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:57.497462988 CET | 49734 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:57.497498035 CET | 443 | 49734 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:57.972676039 CET | 443 | 49734 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:57.972872972 CET | 49734 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:57.976839066 CET | 49734 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:57.976876020 CET | 443 | 49734 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:57.977258921 CET | 443 | 49734 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:58.019187927 CET | 49734 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:58.040186882 CET | 49734 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:58.040254116 CET | 49734 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:58.040333033 CET | 443 | 49734 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:58.771898031 CET | 443 | 49734 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:58.772011042 CET | 443 | 49734 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:58.775079012 CET | 49734 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:58.780647993 CET | 49734 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:58.780684948 CET | 443 | 49734 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:58.780730963 CET | 49734 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:58.780764103 CET | 443 | 49734 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:58.811094999 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:58.811121941 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:58.811242104 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:58.811567068 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:58.811584949 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.294658899 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.294729948 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.296000004 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.296010971 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.296260118 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.297472000 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.297498941 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.297552109 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.782406092 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.782489061 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.782527924 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.782563925 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.782591105 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.782615900 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.782640934 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.782933950 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.782980919 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.782989979 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.783217907 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.783278942 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.783288002 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.787256002 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.787305117 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.787350893 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.787358999 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.787638903 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.870683908 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.870763063 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.870848894 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.870896101 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.870942116 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.871129990 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.871145964 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:15:59.871160030 CET | 49736 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:15:59.871165991 CET | 443 | 49736 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:00.558666945 CET | 49738 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:00.558710098 CET | 443 | 49738 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:00.558850050 CET | 49738 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:00.559216976 CET | 49738 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:00.559232950 CET | 443 | 49738 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:01.038968086 CET | 443 | 49738 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:01.039050102 CET | 49738 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:01.040450096 CET | 49738 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:01.040462017 CET | 443 | 49738 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:01.040726900 CET | 443 | 49738 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:01.042337894 CET | 49738 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:01.042519093 CET | 49738 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:01.042550087 CET | 443 | 49738 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:01.042646885 CET | 49738 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:01.042655945 CET | 443 | 49738 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:13.226144075 CET | 443 | 49738 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:13.226250887 CET | 443 | 49738 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:13.226315022 CET | 49738 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:13.232762098 CET | 49738 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:13.232778072 CET | 443 | 49738 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:13.366518974 CET | 49743 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:13.366544008 CET | 443 | 49743 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:13.366630077 CET | 49743 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:13.366911888 CET | 49743 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:13.366923094 CET | 443 | 49743 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:13.829804897 CET | 443 | 49743 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:13.829900026 CET | 49743 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:13.831145048 CET | 49743 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:13.831166029 CET | 443 | 49743 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:13.831440926 CET | 443 | 49743 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:13.841021061 CET | 49743 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:13.841182947 CET | 49743 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:13.841227055 CET | 443 | 49743 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:25.809106112 CET | 443 | 49743 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:25.809254885 CET | 443 | 49743 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:25.809343100 CET | 49743 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:25.809528112 CET | 49743 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:25.809551954 CET | 443 | 49743 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:26.202224016 CET | 49744 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:26.202272892 CET | 443 | 49744 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:26.202379942 CET | 49744 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:26.202706099 CET | 49744 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:26.202718973 CET | 443 | 49744 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:26.672157049 CET | 443 | 49744 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:26.672332048 CET | 49744 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:26.676156044 CET | 49744 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:26.676172972 CET | 443 | 49744 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:26.676520109 CET | 443 | 49744 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:26.677748919 CET | 49744 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:26.677802086 CET | 49744 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:26.677834034 CET | 443 | 49744 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:26.677894115 CET | 49744 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:26.677902937 CET | 443 | 49744 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:38.855979919 CET | 443 | 49744 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:38.856051922 CET | 443 | 49744 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:38.856122971 CET | 49744 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:38.856234074 CET | 49744 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:38.856256962 CET | 443 | 49744 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:39.699850082 CET | 49752 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:39.699884892 CET | 443 | 49752 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:39.699944019 CET | 49752 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:39.700242043 CET | 49752 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:39.700258970 CET | 443 | 49752 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:40.165772915 CET | 443 | 49752 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:40.165942907 CET | 49752 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:40.167100906 CET | 49752 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:40.167119026 CET | 443 | 49752 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:40.167381048 CET | 443 | 49752 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:40.168739080 CET | 49752 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:40.168767929 CET | 49752 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:40.168781996 CET | 443 | 49752 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:40.931557894 CET | 443 | 49752 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:40.931663036 CET | 443 | 49752 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:40.931768894 CET | 49752 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:40.931941986 CET | 49752 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:40.931962967 CET | 443 | 49752 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:42.577606916 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:42.577646971 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:42.577725887 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:42.578025103 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:42.578039885 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.058063984 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.058157921 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.059923887 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.059947014 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.060893059 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.062725067 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.063473940 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.063543081 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.063672066 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.063719988 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.063886881 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.063929081 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.064285994 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.064338923 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.064524889 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.064578056 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.064785957 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.064846039 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.064867020 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.064881086 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.065073967 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.065114021 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.065151930 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.065361023 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.065402985 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.073697090 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.076596975 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.076654911 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:43.076709032 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.076760054 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.077455997 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:43.078059912 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:56.495273113 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:56.495373964 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:56.495482922 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:56.495583057 CET | 49773 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:56.495625973 CET | 443 | 49773 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:56.631604910 CET | 49859 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:56.631650925 CET | 443 | 49859 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:56.631726027 CET | 49859 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:56.631985903 CET | 49859 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:56.632004976 CET | 443 | 49859 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:57.101037979 CET | 443 | 49859 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:57.101131916 CET | 49859 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:57.140688896 CET | 49859 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:57.140749931 CET | 443 | 49859 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:57.141047955 CET | 443 | 49859 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:57.149715900 CET | 49859 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:57.149771929 CET | 49859 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:57.149925947 CET | 443 | 49859 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:57.561250925 CET | 443 | 49859 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:57.561501980 CET | 443 | 49859 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:57.561575890 CET | 49859 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:57.561688900 CET | 49859 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:57.561707973 CET | 443 | 49859 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:57.561718941 CET | 49859 | 443 | 192.168.2.4 | 104.21.60.241 |
Jan 28, 2025 16:16:57.561724901 CET | 443 | 49859 | 104.21.60.241 | 192.168.2.4 |
Jan 28, 2025 16:16:57.573004961 CET | 49865 | 443 | 192.168.2.4 | 104.26.3.16 |
Jan 28, 2025 16:16:57.573091984 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:57.573194981 CET | 49865 | 443 | 192.168.2.4 | 104.26.3.16 |
Jan 28, 2025 16:16:57.573499918 CET | 49865 | 443 | 192.168.2.4 | 104.26.3.16 |
Jan 28, 2025 16:16:57.573535919 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.057782888 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.057907104 CET | 49865 | 443 | 192.168.2.4 | 104.26.3.16 |
Jan 28, 2025 16:16:58.059489965 CET | 49865 | 443 | 192.168.2.4 | 104.26.3.16 |
Jan 28, 2025 16:16:58.059508085 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.059854031 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.061459064 CET | 49865 | 443 | 192.168.2.4 | 104.26.3.16 |
Jan 28, 2025 16:16:58.107325077 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.361649036 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.361779928 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.361843109 CET | 49865 | 443 | 192.168.2.4 | 104.26.3.16 |
Jan 28, 2025 16:16:58.361880064 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.361977100 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.362035990 CET | 49865 | 443 | 192.168.2.4 | 104.26.3.16 |
Jan 28, 2025 16:16:58.362051010 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.362169027 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.362238884 CET | 49865 | 443 | 192.168.2.4 | 104.26.3.16 |
Jan 28, 2025 16:16:58.362329960 CET | 49865 | 443 | 192.168.2.4 | 104.26.3.16 |
Jan 28, 2025 16:16:58.362361908 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Jan 28, 2025 16:16:58.362389088 CET | 49865 | 443 | 192.168.2.4 | 104.26.3.16 |
Jan 28, 2025 16:16:58.362404108 CET | 443 | 49865 | 104.26.3.16 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 28, 2025 16:15:57.076904058 CET | 55701 | 53 | 192.168.2.4 | 1.1.1.1 |
Jan 28, 2025 16:15:57.423588991 CET | 53 | 55701 | 1.1.1.1 | 192.168.2.4 |
Jan 28, 2025 16:16:57.564513922 CET | 57243 | 53 | 192.168.2.4 | 1.1.1.1 |
Jan 28, 2025 16:16:57.572319031 CET | 53 | 57243 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 28, 2025 16:15:57.076904058 CET | 192.168.2.4 | 1.1.1.1 | 0x7a76 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 28, 2025 16:16:57.564513922 CET | 192.168.2.4 | 1.1.1.1 | 0xa0e5 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 28, 2025 16:15:57.423588991 CET | 1.1.1.1 | 192.168.2.4 | 0x7a76 | No error (0) | 104.21.60.241 | A (IP address) | IN (0x0001) | false | ||
Jan 28, 2025 16:15:57.423588991 CET | 1.1.1.1 | 192.168.2.4 | 0x7a76 | No error (0) | 172.67.202.141 | A (IP address) | IN (0x0001) | false | ||
Jan 28, 2025 16:16:57.572319031 CET | 1.1.1.1 | 192.168.2.4 | 0xa0e5 | No error (0) | 104.26.3.16 | A (IP address) | IN (0x0001) | false | ||
Jan 28, 2025 16:16:57.572319031 CET | 1.1.1.1 | 192.168.2.4 | 0xa0e5 | No error (0) | 104.26.2.16 | A (IP address) | IN (0x0001) | false | ||
Jan 28, 2025 16:16:57.572319031 CET | 1.1.1.1 | 192.168.2.4 | 0xa0e5 | No error (0) | 172.67.75.40 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49734 | 104.21.60.241 | 443 | 7412 | C:\Users\user\Desktop\#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-28 15:15:58 UTC | 264 | OUT | |
2025-01-28 15:15:58 UTC | 8 | OUT | |
2025-01-28 15:15:58 UTC | 1135 | IN | |
2025-01-28 15:15:58 UTC | 7 | IN | |
2025-01-28 15:15:58 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49736 | 104.21.60.241 | 443 | 7412 | C:\Users\user\Desktop\#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-28 15:15:59 UTC | 265 | OUT | |
2025-01-28 15:15:59 UTC | 49 | OUT | |
2025-01-28 15:15:59 UTC | 1129 | IN | |
2025-01-28 15:15:59 UTC | 240 | IN | |
2025-01-28 15:15:59 UTC | 901 | IN | |
2025-01-28 15:15:59 UTC | 1369 | IN | |
2025-01-28 15:15:59 UTC | 1369 | IN | |
2025-01-28 15:15:59 UTC | 1369 | IN | |
2025-01-28 15:15:59 UTC | 1369 | IN | |
2025-01-28 15:15:59 UTC | 1369 | IN | |
2025-01-28 15:15:59 UTC | 1369 | IN | |
2025-01-28 15:15:59 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49738 | 104.21.60.241 | 443 | 7412 | C:\Users\user\Desktop\#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-28 15:16:01 UTC | 280 | OUT | |
2025-01-28 15:16:01 UTC | 15331 | OUT | |
2025-01-28 15:16:01 UTC | 2816 | OUT | |
2025-01-28 15:16:13 UTC | 1143 | IN | |
2025-01-28 15:16:13 UTC | 20 | IN | |
2025-01-28 15:16:13 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49743 | 104.21.60.241 | 443 | 7412 | C:\Users\user\Desktop\#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-28 15:16:13 UTC | 275 | OUT | |
2025-01-28 15:16:13 UTC | 8744 | OUT | |
2025-01-28 15:16:25 UTC | 1133 | IN | |
2025-01-28 15:16:25 UTC | 20 | IN | |
2025-01-28 15:16:25 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49744 | 104.21.60.241 | 443 | 7412 | C:\Users\user\Desktop\#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-28 15:16:26 UTC | 278 | OUT | |
2025-01-28 15:16:26 UTC | 15331 | OUT | |
2025-01-28 15:16:26 UTC | 5078 | OUT | |
2025-01-28 15:16:38 UTC | 1137 | IN | |
2025-01-28 15:16:38 UTC | 20 | IN | |
2025-01-28 15:16:38 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49752 | 104.21.60.241 | 443 | 7412 | C:\Users\user\Desktop\#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-28 15:16:40 UTC | 272 | OUT | |
2025-01-28 15:16:40 UTC | 2541 | OUT | |
2025-01-28 15:16:40 UTC | 1130 | IN | |
2025-01-28 15:16:40 UTC | 20 | IN | |
2025-01-28 15:16:40 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49773 | 104.21.60.241 | 443 | 7412 | C:\Users\user\Desktop\#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-28 15:16:43 UTC | 281 | OUT | |
2025-01-28 15:16:43 UTC | 15331 | OUT | |
2025-01-28 15:16:43 UTC | 15331 | OUT | |
2025-01-28 15:16:43 UTC | 15331 | OUT | |
2025-01-28 15:16:43 UTC | 15331 | OUT | |
2025-01-28 15:16:43 UTC | 15331 | OUT | |
2025-01-28 15:16:43 UTC | 15331 | OUT | |
2025-01-28 15:16:43 UTC | 15331 | OUT | |
2025-01-28 15:16:43 UTC | 15331 | OUT | |
2025-01-28 15:16:43 UTC | 15331 | OUT | |
2025-01-28 15:16:43 UTC | 15331 | OUT | |
2025-01-28 15:16:56 UTC | 1140 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49859 | 104.21.60.241 | 443 | 7412 | C:\Users\user\Desktop\#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-28 15:16:57 UTC | 265 | OUT | |
2025-01-28 15:16:57 UTC | 84 | OUT | |
2025-01-28 15:16:57 UTC | 1131 | IN | |
2025-01-28 15:16:57 UTC | 126 | IN | |
2025-01-28 15:16:57 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49865 | 104.26.3.16 | 443 | 7412 | C:\Users\user\Desktop\#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-01-28 15:16:58 UTC | 196 | OUT | |
2025-01-28 15:16:58 UTC | 888 | IN | |
2025-01-28 15:16:58 UTC | 481 | IN | |
2025-01-28 15:16:58 UTC | 1369 | IN | |
2025-01-28 15:16:58 UTC | 1369 | IN | |
2025-01-28 15:16:58 UTC | 1241 | IN | |
2025-01-28 15:16:58 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:15:41 |
Start date: | 28/01/2025 |
Path: | C:\Users\user\Desktop\#Ud835#Udc7a#Ud835#Udc6c#Ud835#Udc7b#Ud835#Udc7c#Ud835#Udc77.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 79'325'044 bytes |
MD5 hash: | F86C1FB3A2C034C4D3D44A96FD9D6093 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 10:16:57 |
Start date: | 28/01/2025 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 433'152 bytes |
MD5 hash: | C32CA4ACFCC635EC1EA6ED8A34DF5FAC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 10:16:57 |
Start date: | 28/01/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|