Source: https://potentioallykeos.shop/api |
Avira URL Cloud: Label: malware |
Source: https://interactiedovspm.shop/api |
Avira URL Cloud: Label: malware |
Source: https://potentioallykeos.shop/ |
Avira URL Cloud: Label: malware |
Source: https://interactiedovspm.shop/ |
Avira URL Cloud: Label: malware |
Source: https://largerryskwhq.shop/api |
Avira URL Cloud: Label: malware |
Source: https://potentioallykeos.shop/ql |
Avira URL Cloud: Label: malware |
Source: interactiedovspm.shop |
Virustotal: Detection: 20% |
Perma Link |
Source: charecteristicdxp.shop |
Virustotal: Detection: 20% |
Perma Link |
Source: largerryskwhq.shop |
Virustotal: Detection: 8% |
Perma Link |
Source: potentioallykeos.shop |
Virustotal: Detection: 20% |
Perma Link |
Source: https://potentioallykeos.shop/ |
Virustotal: Detection: 19% |
Perma Link |
Source: https://interactiedovspm.shop/api |
Virustotal: Detection: 22% |
Perma Link |
Source: https://interactiedovspm.shop/ |
Virustotal: Detection: 20% |
Perma Link |
Source: https://potentioallykeos.shop/api |
Virustotal: Detection: 22% |
Perma Link |
Source: https://largerryskwhq.shop/api |
Virustotal: Detection: 16% |
Perma Link |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
2_2_0040C4A6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
2_2_00404060 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
2_2_00431060 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, ebp |
2_2_00407020 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
2_2_00425833 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [ecx] |
2_2_0041E0E3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+04h] |
2_2_0040A8F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_004188F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
2_2_004368B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [ebx], 00000000h |
2_2_00410961 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+00000878h] |
2_2_0041B966 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
2_2_00420100 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then push esi |
2_2_004199C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esi+0Ch], 00000000h |
2_2_004101D2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000108h] |
2_2_004241B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edx], 77A9E0C4h |
2_2_00436A60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [eax], 44CAAEB6h |
2_2_0041922D |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
2_2_004032C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000108h] |
2_2_004241B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_004132B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
2_2_0041FB40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+18h] |
2_2_0041CB50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, dword ptr [esp+50h] |
2_2_0041F318 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [ecx], al |
2_2_004143E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [edi+eax], 0000h |
2_2_004143E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
2_2_004143E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
2_2_004143E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
2_2_0040BB80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
2_2_0042A4E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+70h] |
2_2_00411501 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+00000878h] |
2_2_0041A502 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [edx], cx |
2_2_0041A502 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
2_2_00412D3E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then add ebp, dword ptr [esp+0Ch] |
2_2_004205C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+1Ch] |
2_2_0040B5F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, dword ptr [esp+04h] |
2_2_0040B5F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
2_2_00412DB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h |
2_2_00436E60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
2_2_00418690 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, ebx |
2_2_00434E94 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+04h] |
2_2_0040E726 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+04h] |
2_2_0040E726 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000108h] |
2_2_0042473C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0041E7D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0041E7D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_00413F95 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [eax], dl |
2_2_0040DFAA |
Source: Network traffic |
Suricata IDS: 2055293 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (charecteristicdxp .shop) : 192.168.2.5:50915 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2055300 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (interactiedovspm .shop in TLS SNI) : 192.168.2.5:49705 -> 104.21.42.119:443 |
Source: Network traffic |
Suricata IDS: 2055299 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (interactiedovspm .shop) : 192.168.2.5:61958 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2055301 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (potentioallykeos .shop) : 192.168.2.5:49359 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2055294 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (charecteristicdxp .shop in TLS SNI) : 192.168.2.5:49710 -> 172.67.186.145:443 |
Source: Network traffic |
Suricata IDS: 2055294 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (charecteristicdxp .shop in TLS SNI) : 192.168.2.5:49707 -> 172.67.186.145:443 |
Source: Network traffic |
Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49710 -> 172.67.186.145:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49710 -> 172.67.186.145:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49707 -> 172.67.186.145:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49707 -> 172.67.186.145:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 104.21.42.119:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.42.119:443 |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: largerryskwhq.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: interactiedovspm.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: charecteristicdxp.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=l3aD5kQNFAFJ0us2znHMtBViGKtZ6731N4ENSaRLwLI-1724836330-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 50Host: charecteristicdxp.shop |
Source: setup.exe |
String found in binary or memory: https://auth.docker.com/ |
Source: BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://charecteristicdxp.shop/ |
Source: BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://charecteristicdxp.shop/. |
Source: BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://charecteristicdxp.shop/L |
Source: BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://charecteristicdxp.shop/api |
Source: setup.exe |
String found in binary or memory: https://github.com/golang/protobuf/issues/1609): |
Source: BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://interactiedovspm.shop/ |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://largerryskwhq.shop/ |
Source: BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002E68000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://largerryskwhq.shop/api |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://largerryskwhq.shop/api3 |
Source: setup.exe |
String found in binary or memory: https://management.azure.commismatching |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://potentioallykeos.shop/ |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://potentioallykeos.shop/api |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://potentioallykeos.shop/ql |
Source: setup.exe |
String found in binary or memory: https://protobuf.dev/reference/go/faq#namespace-conflictmlkem768: |
Source: BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002E7E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2172380819.0000000002F00000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: BitLockerToGo.exe, 00000002.00000003.2172380819.0000000002F00000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |
Source: unknown |
Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49707 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49705 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49704 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49707 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49705 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49704 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040C4A6 |
2_2_0040C4A6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040AE60 |
2_2_0040AE60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00405840 |
2_2_00405840 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00433040 |
2_2_00433040 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00407020 |
2_2_00407020 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040102B |
2_2_0040102B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00425833 |
2_2_00425833 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041E0E3 |
2_2_0041E0E3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00407964 |
2_2_00407964 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00412115 |
2_2_00412115 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004199C0 |
2_2_004199C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004139D1 |
2_2_004139D1 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004241B0 |
2_2_004241B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00435A60 |
2_2_00435A60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041922D |
2_2_0041922D |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042F2E0 |
2_2_0042F2E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040CA90 |
2_2_0040CA90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00437290 |
2_2_00437290 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004241B0 |
2_2_004241B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041CB50 |
2_2_0041CB50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00435B50 |
2_2_00435B50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040D370 |
2_2_0040D370 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00406300 |
2_2_00406300 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00410311 |
2_2_00410311 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004143E2 |
2_2_004143E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00408BF0 |
2_2_00408BF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040BB80 |
2_2_0040BB80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004043B0 |
2_2_004043B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00435C30 |
2_2_00435C30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00411501 |
2_2_00411501 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041A502 |
2_2_0041A502 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004125CD |
2_2_004125CD |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004125CD |
2_2_004125CD |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00437580 |
2_2_00437580 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004075B0 |
2_2_004075B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00404E50 |
2_2_00404E50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041BEE0 |
2_2_0041BEE0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00434E94 |
2_2_00434E94 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041DEBD |
2_2_0041DEBD |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00435F40 |
2_2_00435F40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041C720 |
2_2_0041C720 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042E720 |
2_2_0042E720 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00435730 |
2_2_00435730 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042473C |
2_2_0042473C |
Source: 00000000.00000002.2149222057.0000000003968000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research |
Source: unknown |
Process created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe" |
|
Source: C:\Users\user\Desktop\setup.exe |
Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" |
|
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 1420 |
|
Source: C:\Users\user\Desktop\setup.exe |
Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: acgenral.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: msacm32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002E68000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW(J |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW4" |
Source: setup.exe, 00000000.00000002.2144815394.00000000008FA000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: weiggheticulop.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: consciousourwi.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: southedhiscuso.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: deicedosmzj.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: cagedwifedsozm.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: charecteristicdxp.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: interactiedovspm.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: potentioallykeos.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: largerryskwhq.shop |
Source: C:\Users\user\Desktop\setup.exe |
Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: A70008 |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 401000 |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 438000 |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 43B000 |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 44A000 |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Queries volume information: C:\Users\user\Desktop\setup.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Queries volume information: C:\Windows VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Queries volume information: C:\Windows\AppReadiness VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation |
Jump to behavior |