Windows
Analysis Report
Black Myth Wukong Sigma Downloader.zip
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w11x64_office
rundll32.exe (PID: 696 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: C87FA6FC1D294962EABE44509FE1921C)
Sigma.exe (PID: 6808 cmdline:
"C:\Users\ user\Deskt op\Black M yth Wukong Sigma Dow nloader\Si gma.exe" MD5: FEF6B28CE1384A402B6F2EB2162C07AC) conhost.exe (PID: 6816 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 9698384842DA735D80D278A427A229AB) cmd.exe (PID: 7060 cmdline:
C:\Windows \system32\ cmd.exe /c cls MD5: 428CEC6B0034E0F183EB5BAE887BE480) WerFault.exe (PID: 6012 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 808 -s 736 MD5: 5A849C27C4796C1A7C22C572D8EAF95D)
OpenConsole.exe (PID: 6852 cmdline:
"C:\Progra m Files\Wi ndowsApps\ Microsoft. WindowsTer minal_1.21 .3231.0_x6 4__8wekyb3 d8bbwe\Ope nConsole.e xe" -Embed ding MD5: 10A3C05A139428FB6D17A11B9A257516)
WindowsTerminal.exe (PID: 6880 cmdline:
"C:\Progra m Files\Wi ndowsApps\ Microsoft. WindowsTer minal_1.21 .3231.0_x6 4__8wekyb3 d8bbwe\Win dowsTermin al.exe" -E mbedding MD5: F870908D432E534A3F0E93C18D1D9EE7)
- cleanup
- • AV Detection
- • Cryptography
- • Spreading
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Binary or memory string: | memstr_c32065fe-6 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | IP Address: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Process created: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | Static file information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 11 Security Software Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 12 Virtualization/Sandbox Evasion | LSASS Memory | 12 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Rundll32 | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 11 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
52% | Virustotal | Browse | ||
55% | ReversingLabs | Win64.Trojan.Suschil |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
api.steampowered.com | 104.71.182.190 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.71.182.190 | api.steampowered.com | United States | 16625 | AKAMAI-ASUS | false |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654174 |
Start date and time: | 2025-04-02 02:56:47 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Black Myth Wukong Sigma Downloader.zip |
Detection: | MAL |
Classification: | mal52.evad.winZIP@8/11@1/2 |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe, We rFault.exe, RuntimeBroker.exe, SystemSettingsBroker.exe, SIH Client.exe, appidcertstorechec k.exe, conhost.exe, svchost.ex e - Excluded IPs from analysis (wh
itelisted): 172.64.149.23, 104 .18.38.233, 20.189.173.21, 4.2 45.163.56, 20.190.163.20 - Excluded domains from analysis
(whitelisted): crt.comodoca.c om.cdn.cloudflare.net, watson. events.data.microsoft.com, sls cr.update.microsoft.com, login .live.com, blobcollectorcommon .trafficmanager.net, onedsblob prdwus16.westus.cloudapp.azure .com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp .microsoft.com, crt.comodoca.c om - Not all processes where analyz
ed, report is missing behavior information - Report size exceeded maximum c
apacity and may have missing b ehavior information. - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtDeviceIoControlFile calls found. - Report size getting too big, t
oo many NtEnumerateKey calls f ound. - Report size getting too big, t
oo many NtOpenKey calls found. - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtProtectVirtualMemory calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
20:58:58 | API Interceptor | |
20:59:44 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.71.182.190 | Get hash | malicious | Vidar | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | LummaC Stealer | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Vidar | Browse | |||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
api.steampowered.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Vidar | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.1373530365658393 |
Encrypted: | false |
SSDEEP: | 192:So65it508D6xfKTVjfuu7F614lrJuoCm+pgxHL9:Z6sta8D6xfKTVjfuu7F614lrJVGyL |
MD5: | 2548F4DFF38ED2693FD55E85F819182C |
SHA1: | 66E5F9D79A0C9F6B2E86D77FEDE0B7652FC73AC0 |
SHA-256: | CD034802374D923ADCDBDBE3990B4518B5EF4151D972909EE0F4FD31DC219374 |
SHA-512: | E0881D359A1E8D9C862CB4D54B630C7D31F36FFB29EEB09F7A8B833268DC4460A8FEA7D207676EB336B6B34188FA803DA0DAFA37969959602D4DA76BBABB9EA9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 306748 |
Entropy (8bit): | 1.3661022678684078 |
Encrypted: | false |
SSDEEP: | 384:v+8GAowALVAJqM73EyPsq+nIPZApYzv1/z+Fr8B1BzCriZK1uJZsy:v+qALVAJqM70y0q+nIPZApKdhK16f |
MD5: | 9C2FAE1689C004715390EAA3EDB5980D |
SHA1: | 9C9E8B58F9877C2DBCF39C9E7EA235458BD95D99 |
SHA-256: | CFEE7315CCFCDC9D0CFA2F99C35F4A3483CE833AC241FC44A8351A7F99026821 |
SHA-512: | 8815B26F9E3283CC20B8F9B599E3BABCC81D53C85D10DEE53EB7D3276E961A7245FE8898DD58A9521E79A6F47AA9D73167DBBFD83960E533DBA4C621E210D2F8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11028 |
Entropy (8bit): | 3.747666367532872 |
Encrypted: | false |
SSDEEP: | 192:RHl7CwNzawaMKxaMy9IMLu9X9iaMy9IMLu9X9ca4uGo9R6Y0HVcFgmfctYppr/8c:RHlnNzawaMKxaMYIMINiaMYIMINca4Pw |
MD5: | 86C7AC2E52FA1B3B311A2971D0A6F712 |
SHA1: | 99643620533340A9F77213CF13C156720D570F49 |
SHA-256: | ED40F77A2FE143D5516038AAFE8963848A4AC09CC2C5C9790D1DE3176A6EDE13 |
SHA-512: | 9C6F58B30EC8E0B81C0FD418E9C6E3E75B1227B62421F74F2BAEDBF866878281DA25E1EB9EBC1DE4514E4D6DA39FD951338CF37945D796449AC4ACE5FF200D68 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7283 |
Entropy (8bit): | 4.815769238047287 |
Encrypted: | false |
SSDEEP: | 192:uItqy64+VM1HyL3/g9eT8OpByO7MsT5VDk9cadsfGznV6yCccmfL:QX2tVUccmfL |
MD5: | 8AE12A55D554766B6D681812C9ED7C94 |
SHA1: | FCCD70A2D7066EC796620571179CE71B580FA0D4 |
SHA-256: | 4FCE86E3A5F428A4D8C7C30E1544E86A9F6CF4B7D587B6FEF0DBAED34AFA8FBD |
SHA-512: | D43195D8A9A7FA50F12F0CC464622D7B06D25B1B520FBBB22EB4DC6858E9B7F490B821830A7E16F73215FB88291AE45E8F748C99AB75202C496A5531CF6BBAAE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1923 |
Entropy (8bit): | 4.050816653534426 |
Encrypted: | false |
SSDEEP: | 24:NqxpqbJi3i/2/upfvVObUpkf/O/upiXqPKviTCEh3WwUwd1pQ/SAiw/BwVih2E:aFS/2anYbUp7aoBlI3UADQLiMapE |
MD5: | 7D17062107BB3B08436E2C8674EA4436 |
SHA1: | E9F69AB04DBBBF2C12B23DD9088109010475E52A |
SHA-256: | 894FB5EF8822AE2BA2ABB89C2EA7332535B2B2CB6F1B7B63439D1D565108F1AC |
SHA-512: | 579746CCA2D576D7746F2B627890CFE259F9A93499A52D5D61E51967C32A0818D112E4AB1646E7A48B11186772E6583A4EB885AEBB244142D0116382FF574624 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1923 |
Entropy (8bit): | 4.050816653534426 |
Encrypted: | false |
SSDEEP: | 24:NqxpqbJi3i/2/upfvVObUpkf/O/upiXqPKviTCEh3WwUwd1pQ/SAiw/BwVih2E:aFS/2anYbUp7aoBlI3UADQLiMapE |
MD5: | 7D17062107BB3B08436E2C8674EA4436 |
SHA1: | E9F69AB04DBBBF2C12B23DD9088109010475E52A |
SHA-256: | 894FB5EF8822AE2BA2ABB89C2EA7332535B2B2CB6F1B7B63439D1D565108F1AC |
SHA-512: | 579746CCA2D576D7746F2B627890CFE259F9A93499A52D5D61E51967C32A0818D112E4AB1646E7A48B11186772E6583A4EB885AEBB244142D0116382FF574624 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 163 |
Entropy (8bit): | 5.074817553158053 |
Encrypted: | false |
SSDEEP: | 3:NyE2dKQbBssh2XkI0eicCGRyD4huVKBKbBOot1YqdDAEBUMdWMdIqC:NmIQbBNhxIVicJpyBFt+5EBNdBnC |
MD5: | A88ADBF16875B7635DBD7A6E6CF20D23 |
SHA1: | B6DB4EEFAA39A75E09056882248F4C193000437B |
SHA-256: | 86A8390B4675FE11F5F4AED15195F586DFEB29F36631FE085620C1939A3B7894 |
SHA-512: | D3D84BFCE2CB695226431D9771D9F23D15B14E3EF5441DF30217B8DD66183A613CB1FEA179643C316C6601EDFECB01E2211D738C30992C13133D07782E3966BD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 163 |
Entropy (8bit): | 5.074817553158053 |
Encrypted: | false |
SSDEEP: | 3:NyE2dKQbBssh2XkI0eicCGRyD4huVKBKbBOot1YqdDAEBUMdWMdIqC:NmIQbBNhxIVicJpyBFt+5EBNdBnC |
MD5: | A88ADBF16875B7635DBD7A6E6CF20D23 |
SHA1: | B6DB4EEFAA39A75E09056882248F4C193000437B |
SHA-256: | 86A8390B4675FE11F5F4AED15195F586DFEB29F36631FE085620C1939A3B7894 |
SHA-512: | D3D84BFCE2CB695226431D9771D9F23D15B14E3EF5441DF30217B8DD66183A613CB1FEA179643C316C6601EDFECB01E2211D738C30992C13133D07782E3966BD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4461 |
Entropy (8bit): | 5.0468960121765205 |
Encrypted: | false |
SSDEEP: | 48:0pDlRmeHnRwZDabs+J3osJipD6RtNHnRwZDabsiHqJEmRsohH9JipD6RtNHnRwZc:GLBCaZJOi3Ca+J1gi3Ca+JkZ |
MD5: | 561FB4E7BF468917F28E68FA3F293D59 |
SHA1: | 82E0A737313C67B696FD7026AFC40EE637AA76DD |
SHA-256: | FD36517943E02EB2B6EB9DEE043EDAE9FC9F7116D95413DFBE0A400223D9FFE8 |
SHA-512: | A4139E42493ADCBF93FD634973B3F6361666392F6A7051757A275E6037B5647830E5E0DAFB0F280CF6B8145E996FACB1A974345EC87D5073A473B260BF51F9D8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4461 |
Entropy (8bit): | 5.0468960121765205 |
Encrypted: | false |
SSDEEP: | 48:0pDlRmeHnRwZDabs+J3osJipD6RtNHnRwZDabsiHqJEmRsohH9JipD6RtNHnRwZc:GLBCaZJOi3Ca+J1gi3Ca+JkZ |
MD5: | 561FB4E7BF468917F28E68FA3F293D59 |
SHA1: | 82E0A737313C67B696FD7026AFC40EE637AA76DD |
SHA-256: | FD36517943E02EB2B6EB9DEE043EDAE9FC9F7116D95413DFBE0A400223D9FFE8 |
SHA-512: | A4139E42493ADCBF93FD634973B3F6361666392F6A7051757A275E6037B5647830E5E0DAFB0F280CF6B8145E996FACB1A974345EC87D5073A473B260BF51F9D8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Black Myth Wukong Sigma Downloader\Sigma.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12478 |
Entropy (8bit): | 4.228608924835732 |
Encrypted: | false |
SSDEEP: | 192:YU5iCu4B/a8Rwy+uDQ80au6tgqDnkOOYbqQK3BXXaCehmqfA/vMHQnnm21uqajz4:3aJ5 |
MD5: | 3A06251FE258A858D6713DF6067DFA94 |
SHA1: | 5B2490553286E3A63B4281CCC3C2A9AC1C84258D |
SHA-256: | 99CAE25845C25CE3D152EA12993A1283A9A409019DFC103F6273A4FE74359D37 |
SHA-512: | 56BFDE660E8348478BFA5D8FECFFC74B1398FFD1E7D7B159A273D918EA3B35A9CC2F5DC112E4DC92D1BB5DD596C15E981BA336165377BA6AEFC762BFC404F2A8 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.996770301859017 |
TrID: |
|
File name: | Black Myth Wukong Sigma Downloader.zip |
File size: | 5'993'588 bytes |
MD5: | 20f570224521e29be00f00760eb19908 |
SHA1: | cb6a2f265e8b1f1af579fe2c8891af0fed54376a |
SHA256: | 7d77f7e3bc6e29e690679416e1bfd9eec3d4c38d5f62fd57cbfbd5ea2eed8f4a |
SHA512: | 554864980a6009914b16435a07f3892d8277b235915220f10db12a9fa17f479788bb71ab99ef204e3e01f8ae610923a18a55bf4c9cbf7e9ba6d376d13c026d33 |
SSDEEP: | 98304:y92MnCktXhi/mziR92lYuXT9yyESogtzt50QWLGtvd9Rtahx8enkGIYRc2G5xOl6:y92CFXhRQ9kPElgV4QWId9DaL8eXa2GF |
TLSH: | 895633AB4B5956BD26ABF32C282E82F6CF09D10C3C564C60109EF5F533DA8C5D6CAD16 |
File Content Preview: | PK.........rzZI)...q[.........Sigma.exe...x.U..\..N..TG@.$.H..A..5........... .FPF.t..E.N$..V.=..g.u.>u6.Q6.N...H"....Wl..3! ..9.V..D.7.....}..n.{......{.{....q...c1....?.w..|........J...n1.o..2..R{..Ew........s."...;.K.....cwO.l...yw.....C.q..W.....L..9. |
Icon Hash: | 03f1b9752babe989 |
Download Network PCAP: filtered – full
- Total Packets: 92
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 02:59:26.594815016 CEST | 60844 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:26.594857931 CEST | 443 | 60844 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:26.595065117 CEST | 60844 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:26.601934910 CEST | 60844 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:26.601953983 CEST | 443 | 60844 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:26.793041945 CEST | 443 | 60844 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:26.798414946 CEST | 60844 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:26.798444033 CEST | 443 | 60844 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:26.800014019 CEST | 443 | 60844 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:26.800124884 CEST | 60844 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:26.814357996 CEST | 60844 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:26.814416885 CEST | 443 | 60844 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:26.814524889 CEST | 60844 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:38.983381987 CEST | 60851 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:38.983469009 CEST | 443 | 60851 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:38.983567953 CEST | 60851 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:38.984242916 CEST | 60852 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:38.984267950 CEST | 443 | 60852 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:38.984330893 CEST | 60852 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:38.987277985 CEST | 60851 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:38.987313986 CEST | 443 | 60851 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:38.988971949 CEST | 60852 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:38.988996983 CEST | 443 | 60852 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.000649929 CEST | 60871 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.000715017 CEST | 443 | 60871 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.000905991 CEST | 60871 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.001158953 CEST | 60872 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.001255989 CEST | 443 | 60872 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.001338959 CEST | 60872 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.001667976 CEST | 60873 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.001713991 CEST | 443 | 60873 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.001770973 CEST | 60873 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.001943111 CEST | 60874 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.002012014 CEST | 443 | 60874 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.002084970 CEST | 60874 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.004466057 CEST | 60871 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.004498959 CEST | 443 | 60871 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.004605055 CEST | 60873 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.004623890 CEST | 443 | 60873 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.004673958 CEST | 60872 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.004715919 CEST | 60874 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.004717112 CEST | 443 | 60872 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.004754066 CEST | 443 | 60874 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.007493019 CEST | 60875 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.007580042 CEST | 443 | 60875 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.007688999 CEST | 60875 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.008029938 CEST | 60876 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.008055925 CEST | 443 | 60876 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.008127928 CEST | 60876 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.008248091 CEST | 60877 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.008287907 CEST | 443 | 60877 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.008358955 CEST | 60877 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.008613110 CEST | 60878 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.008620977 CEST | 443 | 60878 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.008671045 CEST | 60878 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.009021044 CEST | 60879 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.009061098 CEST | 443 | 60879 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.009118080 CEST | 60879 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.010874987 CEST | 60877 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.010880947 CEST | 60876 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.010896921 CEST | 443 | 60877 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.010922909 CEST | 443 | 60876 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.010987043 CEST | 60879 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.011018991 CEST | 443 | 60879 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.012023926 CEST | 60878 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.012037992 CEST | 443 | 60878 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.012351990 CEST | 60875 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.012382030 CEST | 443 | 60875 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.012788057 CEST | 60880 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.012819052 CEST | 443 | 60880 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.012902021 CEST | 60880 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.013892889 CEST | 60880 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.013919115 CEST | 443 | 60880 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.172477961 CEST | 443 | 60852 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.174427986 CEST | 443 | 60851 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.175148964 CEST | 60852 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.175177097 CEST | 443 | 60852 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.175790071 CEST | 60851 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.175803900 CEST | 443 | 60851 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.176326036 CEST | 443 | 60852 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.176402092 CEST | 60852 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.177263975 CEST | 443 | 60851 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.177334070 CEST | 60851 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.179435968 CEST | 60852 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.179476976 CEST | 443 | 60852 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.179538012 CEST | 60852 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.179662943 CEST | 60851 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.179704905 CEST | 443 | 60851 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.179761887 CEST | 60851 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.197964907 CEST | 443 | 60871 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.199631929 CEST | 60871 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.199692011 CEST | 443 | 60871 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.200582027 CEST | 443 | 60877 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.200980902 CEST | 443 | 60873 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.201828957 CEST | 60877 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.201858044 CEST | 443 | 60877 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.202527046 CEST | 60873 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.202543020 CEST | 443 | 60873 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.202544928 CEST | 443 | 60872 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.202907085 CEST | 443 | 60877 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.202982903 CEST | 60877 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.203674078 CEST | 443 | 60871 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.203754902 CEST | 60871 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.203834057 CEST | 60872 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.203871965 CEST | 443 | 60872 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.204217911 CEST | 443 | 60873 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.204286098 CEST | 60873 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.204982996 CEST | 443 | 60872 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.205061913 CEST | 60872 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.206274033 CEST | 60877 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.206320047 CEST | 443 | 60877 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.206398010 CEST | 60877 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.206705093 CEST | 60871 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.206743002 CEST | 60872 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.206793070 CEST | 443 | 60872 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.206834078 CEST | 443 | 60871 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.206852913 CEST | 60873 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.206859112 CEST | 60872 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.206897974 CEST | 60871 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.206907034 CEST | 443 | 60873 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.206959963 CEST | 60873 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.207365990 CEST | 443 | 60875 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.207613945 CEST | 443 | 60874 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.208583117 CEST | 60875 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.208645105 CEST | 443 | 60875 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.209184885 CEST | 60874 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.209198952 CEST | 443 | 60874 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.209245920 CEST | 443 | 60876 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.209563017 CEST | 443 | 60879 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.209635019 CEST | 443 | 60878 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.210235119 CEST | 443 | 60875 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.210335016 CEST | 60875 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.210390091 CEST | 443 | 60880 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.210782051 CEST | 443 | 60874 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.210850000 CEST | 60874 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.212090015 CEST | 60876 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.212106943 CEST | 443 | 60876 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.212908030 CEST | 60879 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.212930918 CEST | 443 | 60879 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.213017941 CEST | 60878 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.213027000 CEST | 443 | 60878 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.213162899 CEST | 60880 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.213181973 CEST | 443 | 60880 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.213700056 CEST | 443 | 60876 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.213774920 CEST | 60876 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.214503050 CEST | 443 | 60879 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.214585066 CEST | 60879 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.214608908 CEST | 443 | 60878 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.214648008 CEST | 443 | 60880 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.214675903 CEST | 60878 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.214713097 CEST | 60880 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.217849970 CEST | 60876 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.217912912 CEST | 443 | 60876 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.218040943 CEST | 60878 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.218050003 CEST | 60876 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.218051910 CEST | 60879 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.218091965 CEST | 443 | 60878 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.218096018 CEST | 60875 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.218111038 CEST | 443 | 60879 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.218146086 CEST | 443 | 60875 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.218148947 CEST | 60878 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.218178988 CEST | 60879 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.218200922 CEST | 60875 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.218420982 CEST | 60874 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.218506098 CEST | 443 | 60874 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.218534946 CEST | 60880 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.218571901 CEST | 60874 | 443 | 192.168.2.24 | 104.71.182.190 |
Apr 2, 2025 02:59:39.218590021 CEST | 443 | 60880 | 104.71.182.190 | 192.168.2.24 |
Apr 2, 2025 02:59:39.218641043 CEST | 60880 | 443 | 192.168.2.24 | 104.71.182.190 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 02:59:26.484397888 CEST | 55516 | 53 | 192.168.2.24 | 1.1.1.1 |
Apr 2, 2025 02:59:26.585645914 CEST | 53 | 55516 | 1.1.1.1 | 192.168.2.24 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 2, 2025 02:59:26.484397888 CEST | 192.168.2.24 | 1.1.1.1 | 0x51ad | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 2, 2025 02:59:26.585645914 CEST | 1.1.1.1 | 192.168.2.24 | 0x51ad | No error (0) | 104.71.182.190 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 20:57:53 |
Start date: | 01/04/2025 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6421e0000 |
File size: | 90'112 bytes |
MD5 hash: | C87FA6FC1D294962EABE44509FE1921C |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 15 |
Start time: | 20:58:56 |
Start date: | 01/04/2025 |
Path: | C:\Users\user\Desktop\Black Myth Wukong Sigma Downloader\Sigma.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a08a0000 |
File size: | 8'707'584 bytes |
MD5 hash: | FEF6B28CE1384A402B6F2EB2162C07AC |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 16 |
Start time: | 20:58:56 |
Start date: | 01/04/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7bdef0000 |
File size: | 1'040'384 bytes |
MD5 hash: | 9698384842DA735D80D278A427A229AB |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 17 |
Start time: | 20:58:56 |
Start date: | 01/04/2025 |
Path: | C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\OpenConsole.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6948f0000 |
File size: | 1'261'096 bytes |
MD5 hash: | 10A3C05A139428FB6D17A11B9A257516 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 18 |
Start time: | 20:58:57 |
Start date: | 01/04/2025 |
Path: | C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff708400000 |
File size: | 720'432 bytes |
MD5 hash: | F870908D432E534A3F0E93C18D1D9EE7 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 20 |
Start time: | 20:58:59 |
Start date: | 01/04/2025 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff647b30000 |
File size: | 323'584 bytes |
MD5 hash: | 428CEC6B0034E0F183EB5BAE887BE480 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 23 |
Start time: | 20:59:39 |
Start date: | 01/04/2025 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7b4d40000 |
File size: | 628'208 bytes |
MD5 hash: | 5A849C27C4796C1A7C22C572D8EAF95D |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |