Click to jump to signature section
Source: https://potentioallykeos.shop/api | Avira URL Cloud: Label: malware |
Source: https://interactiedovspm.shop/api | Avira URL Cloud: Label: malware |
Source: https://potentioallykeos.shop/ | Avira URL Cloud: Label: malware |
Source: https://interactiedovspm.shop/ | Avira URL Cloud: Label: malware |
Source: https://largerryskwhq.shop/api | Avira URL Cloud: Label: malware |
Source: https://potentioallykeos.shop/ql | Avira URL Cloud: Label: malware |
Source: interactiedovspm.shop | Virustotal: Detection: 20% | Perma Link |
Source: charecteristicdxp.shop | Virustotal: Detection: 20% | Perma Link |
Source: largerryskwhq.shop | Virustotal: Detection: 8% | Perma Link |
Source: potentioallykeos.shop | Virustotal: Detection: 20% | Perma Link |
Source: https://potentioallykeos.shop/ | Virustotal: Detection: 19% | Perma Link |
Source: https://interactiedovspm.shop/api | Virustotal: Detection: 22% | Perma Link |
Source: https://interactiedovspm.shop/ | Virustotal: Detection: 20% | Perma Link |
Source: https://potentioallykeos.shop/api | Virustotal: Detection: 22% | Perma Link |
Source: https://largerryskwhq.shop/api | Virustotal: Detection: 16% | Perma Link |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then jmp eax | 2_2_0040C4A6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movzx edi, byte ptr [ecx+esi] | 2_2_00404060 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movzx eax, word ptr [esi+ecx] | 2_2_00431060 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, ebp | 2_2_00407020 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+20h] | 2_2_00425833 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movzx ebx, byte ptr [ecx] | 2_2_0041E0E3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esp+04h] | 2_2_0040A8F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov word ptr [eax], cx | 2_2_004188F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 2_2_004368B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp byte ptr [ebx], 00000000h | 2_2_00410961 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+00000878h] | 2_2_0041B966 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h | 2_2_00420100 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then push esi | 2_2_004199C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov dword ptr [esi+0Ch], 00000000h | 2_2_004101D2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+00000108h] | 2_2_004241B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp dword ptr [edx], 77A9E0C4h | 2_2_00436A60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp dword ptr [eax], 44CAAEB6h | 2_2_0041922D |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movzx edx, byte ptr [esi+edi] | 2_2_004032C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+00000108h] | 2_2_004241B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_004132B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 2_2_0041FB40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+18h] | 2_2_0041CB50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ebx, dword ptr [esp+50h] | 2_2_0041F318 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov byte ptr [ecx], al | 2_2_004143E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp word ptr [edi+eax], 0000h | 2_2_004143E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 2_2_004143E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 2_2_004143E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi] | 2_2_0040BB80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 2_2_0042A4E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+70h] | 2_2_00411501 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esp+00000878h] | 2_2_0041A502 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov word ptr [edx], cx | 2_2_0041A502 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi] | 2_2_00412D3E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then add ebp, dword ptr [esp+0Ch] | 2_2_004205C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+1Ch] | 2_2_0040B5F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov edx, dword ptr [esp+04h] | 2_2_0040B5F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov dword ptr [esp], 00000000h | 2_2_00412DB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h | 2_2_00436E60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h | 2_2_00418690 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, ebx | 2_2_00434E94 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esi+04h] | 2_2_0040E726 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esi+04h] | 2_2_0040E726 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+00000108h] | 2_2_0042473C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_0041E7D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_0041E7D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov word ptr [eax], cx | 2_2_00413F95 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov byte ptr [eax], dl | 2_2_0040DFAA |
Source: Network traffic | Suricata IDS: 2055293 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (charecteristicdxp .shop) : 192.168.2.5:50915 -> 1.1.1.1:53 |
Source: Network traffic | Suricata IDS: 2055300 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (interactiedovspm .shop in TLS SNI) : 192.168.2.5:49705 -> 104.21.42.119:443 |
Source: Network traffic | Suricata IDS: 2055299 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (interactiedovspm .shop) : 192.168.2.5:61958 -> 1.1.1.1:53 |
Source: Network traffic | Suricata IDS: 2055301 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (potentioallykeos .shop) : 192.168.2.5:49359 -> 1.1.1.1:53 |
Source: Network traffic | Suricata IDS: 2055294 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (charecteristicdxp .shop in TLS SNI) : 192.168.2.5:49710 -> 172.67.186.145:443 |
Source: Network traffic | Suricata IDS: 2055294 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (charecteristicdxp .shop in TLS SNI) : 192.168.2.5:49707 -> 172.67.186.145:443 |
Source: Network traffic | Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49710 -> 172.67.186.145:443 |
Source: Network traffic | Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49710 -> 172.67.186.145:443 |
Source: Network traffic | Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49707 -> 172.67.186.145:443 |
Source: Network traffic | Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 188.114.96.3:443 |
Source: Network traffic | Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49707 -> 172.67.186.145:443 |
Source: Network traffic | Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 188.114.96.3:443 |
Source: Network traffic | Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 104.21.42.119:443 |
Source: Network traffic | Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.42.119:443 |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: largerryskwhq.shop |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: interactiedovspm.shop |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: charecteristicdxp.shop |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=l3aD5kQNFAFJ0us2znHMtBViGKtZ6731N4ENSaRLwLI-1724836330-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 50Host: charecteristicdxp.shop |
Source: setup.exe | String found in binary or memory: https://auth.docker.com/ |
Source: BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://charecteristicdxp.shop/ |
Source: BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://charecteristicdxp.shop/. |
Source: BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://charecteristicdxp.shop/L |
Source: BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://charecteristicdxp.shop/api |
Source: setup.exe | String found in binary or memory: https://github.com/golang/protobuf/issues/1609): |
Source: BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://interactiedovspm.shop/ |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://largerryskwhq.shop/ |
Source: BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002E68000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://largerryskwhq.shop/api |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://largerryskwhq.shop/api3 |
Source: setup.exe | String found in binary or memory: https://management.azure.commismatching |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://potentioallykeos.shop/ |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://potentioallykeos.shop/api |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://potentioallykeos.shop/ql |
Source: setup.exe | String found in binary or memory: https://protobuf.dev/reference/go/faq#namespace-conflictmlkem768: |
Source: BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002E7E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2172380819.0000000002F00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: BitLockerToGo.exe, 00000002.00000003.2172380819.0000000002F00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |
Source: unknown | Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown | Network traffic detected: HTTP traffic on port 49707 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49705 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49704 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49707 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49705 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49704 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0040C4A6 | 2_2_0040C4A6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0040AE60 | 2_2_0040AE60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00405840 | 2_2_00405840 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00433040 | 2_2_00433040 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00407020 | 2_2_00407020 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0040102B | 2_2_0040102B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00425833 | 2_2_00425833 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0041E0E3 | 2_2_0041E0E3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00407964 | 2_2_00407964 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00412115 | 2_2_00412115 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_004199C0 | 2_2_004199C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_004139D1 | 2_2_004139D1 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_004241B0 | 2_2_004241B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00435A60 | 2_2_00435A60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0041922D | 2_2_0041922D |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0042F2E0 | 2_2_0042F2E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0040CA90 | 2_2_0040CA90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00437290 | 2_2_00437290 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_004241B0 | 2_2_004241B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0041CB50 | 2_2_0041CB50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00435B50 | 2_2_00435B50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0040D370 | 2_2_0040D370 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00406300 | 2_2_00406300 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00410311 | 2_2_00410311 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_004143E2 | 2_2_004143E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00408BF0 | 2_2_00408BF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0040BB80 | 2_2_0040BB80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_004043B0 | 2_2_004043B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00435C30 | 2_2_00435C30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00411501 | 2_2_00411501 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0041A502 | 2_2_0041A502 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_004125CD | 2_2_004125CD |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_004125CD | 2_2_004125CD |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00437580 | 2_2_00437580 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_004075B0 | 2_2_004075B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00404E50 | 2_2_00404E50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0041BEE0 | 2_2_0041BEE0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00434E94 | 2_2_00434E94 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0041DEBD | 2_2_0041DEBD |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00435F40 | 2_2_00435F40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0041C720 | 2_2_0041C720 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0042E720 | 2_2_0042E720 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_00435730 | 2_2_00435730 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 2_2_0042473C | 2_2_0042473C |
Source: 00000000.00000002.2149222057.0000000003968000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research |
Source: unknown | Process created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe" | |
Source: C:\Users\user\Desktop\setup.exe | Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" | |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 1420 | |
Source: C:\Users\user\Desktop\setup.exe | Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: acgenral.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: msacm32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: winmmbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: winmmbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Section loaded: pdh.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002E68000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW(J |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: BitLockerToGo.exe, 00000002.00000003.2155014336.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000002.2184777123.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2181952678.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW4" |
Source: setup.exe, 00000000.00000002.2144815394.00000000008FA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: weiggheticulop.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: consciousourwi.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: southedhiscuso.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: deicedosmzj.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: cagedwifedsozm.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: charecteristicdxp.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: interactiedovspm.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: potentioallykeos.shop |
Source: setup.exe, 00000000.00000002.2147235754.00000000034F2000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: largerryskwhq.shop |
Source: C:\Users\user\Desktop\setup.exe | Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: A70008 | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 401000 | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 438000 | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 43B000 | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 44A000 | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Queries volume information: C:\Users\user\Desktop\setup.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Queries volume information: C:\Windows VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Queries volume information: C:\Windows\AppReadiness VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe | Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation | Jump to behavior |