Windows
Analysis Report
3ZD5tEC5DH.exe
Overview
General Information
Sample name: | 3ZD5tEC5DH.exerenamed because original name is a hash value |
Original sample name: | 149131a90f99225e6c7e28a06164dd9a.exe |
Analysis ID: | 1519286 |
MD5: | 149131a90f99225e6c7e28a06164dd9a |
SHA1: | f9d0e7ae3bed79498bf4da92c0ef9568d4e5595e |
SHA256: | 6b176bab868dc372496ab3c6ce97518d276c17143f77ae15c992970c1efdf21f |
Tags: | exeuser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 3ZD5tEC5DH.exe (PID: 404 cmdline:
"C:\Users\ user\Deskt op\3ZD5tEC 5DH.exe" MD5: 149131A90F99225E6C7E28A06164DD9A) - conhost.exe (PID: 972 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - RegAsm.exe (PID: 5396 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["offensivedzvju.shop", "gutterydhowi.shop", "stogeneratmns.shop", "lootebarrkeyn.shop", "vozmeatillu.shop", "ghostreedmnu.shop", "drawzhotdog.shop", "fragnantbui.shop", "reinforcenh.shop"], "Build id": "FATE99--"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:37.940927+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49710 | 104.21.4.136 | 443 | TCP |
2024-09-26T09:58:38.867301+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:58:39.963391+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:40.955377+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49714 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:41.923134+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49715 | 172.67.162.108 | 443 | TCP |
2024-09-26T09:58:42.899946+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49716 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:43.844049+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49717 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:44.808684+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49718 | 172.67.208.139 | 443 | TCP |
2024-09-26T09:58:47.045311+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49720 | 172.67.189.2 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:37.940927+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49710 | 104.21.4.136 | 443 | TCP |
2024-09-26T09:58:38.867301+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:58:39.963391+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:40.955377+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49714 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:41.923134+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49715 | 172.67.162.108 | 443 | TCP |
2024-09-26T09:58:42.899946+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49716 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:43.844049+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49717 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:44.808684+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49718 | 172.67.208.139 | 443 | TCP |
2024-09-26T09:58:47.045311+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49720 | 172.67.189.2 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:41.445111+0200 | 2056157 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49715 | 172.67.162.108 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:42.419788+0200 | 2056155 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49716 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:38.424964+0200 | 2056163 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49711 | 188.114.97.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:37.420292+0200 | 2056165 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49710 | 104.21.4.136 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:39.502747+0200 | 2056161 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:44.319186+0200 | 2056151 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49718 | 172.67.208.139 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:43.400411+0200 | 2056153 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49717 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:40.443849+0200 | 2056159 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49714 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:40.957085+0200 | 2056156 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 58108 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:41.924937+0200 | 2056154 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 65346 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:37.948460+0200 | 2056162 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 62281 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:36.830747+0200 | 2056164 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 59886 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:36.812587+0200 | 2056048 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 52018 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:38.871156+0200 | 2056160 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 63504 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:43.845719+0200 | 2056150 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 55477 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:42.902228+0200 | 2056152 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 65127 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:39.967673+0200 | 2056158 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 50739 | 1.1.1.1 | 53 | UDP |
Click to jump to signature section
AV Detection |
---|
Source: | URL Reputation: | ||
Source: | URL Reputation: | ||
Source: | URL Reputation: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 3_2_00447600 | |
Source: | Code function: | 3_2_0044A7E0 | |
Source: | Code function: | 3_2_0040FEBC | |
Source: | Code function: | 3_2_0040EFFC | |
Source: | Code function: | 3_2_0040EFFC | |
Source: | Code function: | 3_2_00415078 | |
Source: | Code function: | 3_2_00401000 | |
Source: | Code function: | 3_2_004450E0 | |
Source: | Code function: | 3_2_004340F5 | |
Source: | Code function: | 3_2_004340F5 | |
Source: | Code function: | 3_2_00407120 | |
Source: | Code function: | 3_2_0042A274 | |
Source: | Code function: | 3_2_0042A274 | |
Source: | Code function: | 3_2_0040D2C0 | |
Source: | Code function: | 3_2_0042A2F9 | |
Source: | Code function: | 3_2_0042A2F9 | |
Source: | Code function: | 3_2_00442280 | |
Source: | Code function: | 3_2_0042A345 | |
Source: | Code function: | 3_2_0042A345 | |
Source: | Code function: | 3_2_0042A345 | |
Source: | Code function: | 3_2_00431370 | |
Source: | Code function: | 3_2_0040A3C0 | |
Source: | Code function: | 3_2_0040A3C0 | |
Source: | Code function: | 3_2_0042C390 | |
Source: | Code function: | 3_2_0042C390 | |
Source: | Code function: | 3_2_00449390 | |
Source: | Code function: | 3_2_00449390 | |
Source: | Code function: | 3_2_00424490 | |
Source: | Code function: | 3_2_004204A0 | |
Source: | Code function: | 3_2_004204A0 | |
Source: | Code function: | 3_2_0042D56C | |
Source: | Code function: | 3_2_0043B510 | |
Source: | Code function: | 3_2_0041E52C | |
Source: | Code function: | 3_2_0042D58E | |
Source: | Code function: | 3_2_0042F5B7 | |
Source: | Code function: | 3_2_004146B5 | |
Source: | Code function: | 3_2_0040F7E0 | |
Source: | Code function: | 3_2_004327B0 | |
Source: | Code function: | 3_2_004327B0 | |
Source: | Code function: | 3_2_004327B0 | |
Source: | Code function: | 3_2_004327B0 | |
Source: | Code function: | 3_2_004327B0 | |
Source: | Code function: | 3_2_004327B0 | |
Source: | Code function: | 3_2_004327B0 | |
Source: | Code function: | 3_2_004327B0 | |
Source: | Code function: | 3_2_004327B0 | |
Source: | Code function: | 3_2_004327B0 | |
Source: | Code function: | 3_2_0041A880 | |
Source: | Code function: | 3_2_0042C891 | |
Source: | Code function: | 3_2_0042C891 | |
Source: | Code function: | 3_2_00444970 | |
Source: | Code function: | 3_2_004489F0 | |
Source: | Code function: | 3_2_00434A2F | |
Source: | Code function: | 3_2_00445AD0 | |
Source: | Code function: | 3_2_00413AE6 | |
Source: | Code function: | 3_2_00413AE6 | |
Source: | Code function: | 3_2_00413AE6 | |
Source: | Code function: | 3_2_0042BB00 | |
Source: | Code function: | 3_2_00427B0F | |
Source: | Code function: | 3_2_00430BD0 | |
Source: | Code function: | 3_2_00448BE0 | |
Source: | Code function: | 3_2_0044AC00 | |
Source: | Code function: | 3_2_00404C10 | |
Source: | Code function: | 3_2_00426CA0 | |
Source: | Code function: | 3_2_0041DD64 | |
Source: | Code function: | 3_2_0041DD64 | |
Source: | Code function: | 3_2_00405D20 | |
Source: | Code function: | 3_2_00434DF6 | |
Source: | Code function: | 3_2_00445D80 | |
Source: | Code function: | 3_2_0044AD90 | |
Source: | Code function: | 3_2_00449E60 | |
Source: | Code function: | 3_2_00414E26 | |
Source: | Code function: | 3_2_00414E26 | |
Source: | Code function: | 3_2_00447EDE | |
Source: | Code function: | 3_2_0044AF10 | |
Source: | Code function: | 3_2_0044AF10 | |
Source: | Code function: | 3_2_00426F20 | |
Source: | Code function: | 3_2_0041CFF0 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 3_2_00439000 |
Source: | Code function: | 3_2_00439000 |
System Summary |
---|
Source: | Large array initialization: |
Source: | Code function: | 3_2_00410480 | |
Source: | Code function: | 3_2_00447600 | |
Source: | Code function: | 3_2_0040FEBC | |
Source: | Code function: | 3_2_0044004B | |
Source: | Code function: | 3_2_00401000 | |
Source: | Code function: | 3_2_0044B020 | |
Source: | Code function: | 3_2_004450E0 | |
Source: | Code function: | 3_2_004340F5 | |
Source: | Code function: | 3_2_004091F0 | |
Source: | Code function: | 3_2_004012A7 | |
Source: | Code function: | 3_2_0042A345 | |
Source: | Code function: | 3_2_0044B300 | |
Source: | Code function: | 3_2_0040A3C0 | |
Source: | Code function: | 3_2_0042C390 | |
Source: | Code function: | 3_2_00449390 | |
Source: | Code function: | 3_2_00407470 | |
Source: | Code function: | 3_2_0040B470 | |
Source: | Code function: | 3_2_0040E470 | |
Source: | Code function: | 3_2_00405400 | |
Source: | Code function: | 3_2_00411420 | |
Source: | Code function: | 3_2_0042D56C | |
Source: | Code function: | 3_2_0041E52C | |
Source: | Code function: | 3_2_0042D58E | |
Source: | Code function: | 3_2_00437620 | |
Source: | Code function: | 3_2_00409737 | |
Source: | Code function: | 3_2_00403790 | |
Source: | Code function: | 3_2_004327B0 | |
Source: | Code function: | 3_2_00408810 | |
Source: | Code function: | 3_2_0042C891 | |
Source: | Code function: | 3_2_00449970 | |
Source: | Code function: | 3_2_0040A910 | |
Source: | Code function: | 3_2_00409A02 | |
Source: | Code function: | 3_2_00445AD0 | |
Source: | Code function: | 3_2_00449B60 | |
Source: | Code function: | 3_2_0042BB00 | |
Source: | Code function: | 3_2_00427B0F | |
Source: | Code function: | 3_2_00438C00 | |
Source: | Code function: | 3_2_0043FD0E | |
Source: | Code function: | 3_2_00449E60 | |
Source: | Code function: | 3_2_00407E70 | |
Source: | Code function: | 3_2_00447EDE | |
Source: | Code function: | 3_2_0042DEF8 | |
Source: | Code function: | 3_2_0043EF50 | |
Source: | Code function: | 3_2_0040AFD0 | |
Source: | Code function: | 3_2_0042DFE0 | |
Source: | Code function: | 3_2_0040BF80 | |
Source: | Code function: | 3_2_00448F80 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 3_2_004381AA |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 3_2_0045535F | |
Source: | Code function: | 3_2_0043733A | |
Source: | Code function: | 3_2_004533F5 | |
Source: | Code function: | 3_2_00453401 |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 3_2_00447560 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_026A2151 |
Source: | Memory written: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 PowerShell | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 2 Clipboard Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 12 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Deobfuscate/Decode Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 4 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | ReversingLabs | ByteCode-MSIL.Trojan.Zilla |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
fragnantbui.shop | 188.114.96.3 | true | true | unknown | |
performenj.shop | 172.67.189.2 | true | true | unknown | |
gutterydhowi.shop | 104.21.4.136 | true | true | unknown | |
steamcommunity.com | 104.102.49.254 | true | false | unknown | |
offensivedzvju.shop | 188.114.96.3 | true | true | unknown | |
stogeneratmns.shop | 188.114.96.3 | true | true | unknown | |
reinforcenh.shop | 172.67.208.139 | true | true | unknown | |
drawzhotdog.shop | 172.67.162.108 | true | true | unknown | |
ghostreedmnu.shop | 188.114.97.3 | true | true | unknown | |
vozmeatillu.shop | 188.114.96.3 | true | true | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown | |
lootebarrkeyn.shop | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.4.136 | gutterydhowi.shop | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.189.2 | performenj.shop | United States | 13335 | CLOUDFLARENETUS | true | |
188.114.97.3 | ghostreedmnu.shop | European Union | 13335 | CLOUDFLARENETUS | true | |
172.67.162.108 | drawzhotdog.shop | United States | 13335 | CLOUDFLARENETUS | true | |
188.114.96.3 | fragnantbui.shop | European Union | 13335 | CLOUDFLARENETUS | true | |
104.102.49.254 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | false | |
172.67.208.139 | reinforcenh.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1519286 |
Start date and time: | 2024-09-26 09:57:44 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 3ZD5tEC5DH.exerenamed because original name is a hash value |
Original Sample Name: | 149131a90f99225e6c7e28a06164dd9a.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@4/2@11/7 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 93.184.221.240
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, wu.azureedge.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: 3ZD5tEC5DH.exe
Time | Type | Description |
---|---|---|
03:58:35 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.4.136 | Get hash | malicious | LummaC | Browse | ||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
172.67.189.2 | Get hash | malicious | LummaC | Browse | ||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
188.114.97.3 | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
gutterydhowi.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
steamcommunity.com | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer, MicroClip | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
performenj.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer, MicroClip | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
fragnantbui.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla, RedLine | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla, RedLine | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla, RedLine | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla, RedLine | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | UltraVNC | Browse |
| ||
Get hash | malicious | UltraVNC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Process: | C:\Users\user\Desktop\3ZD5tEC5DH.exe |
File Type: | |
Category: | modified |
Size (bytes): | 425 |
Entropy (8bit): | 5.353683843266035 |
Encrypted: | false |
SSDEEP: | 12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk |
MD5: | 859802284B12C59DDBB85B0AC64C08F0 |
SHA1: | 4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE |
SHA-256: | FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B |
SHA-512: | 8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\3ZD5tEC5DH.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33 |
Entropy (8bit): | 2.2845972159140855 |
Encrypted: | false |
SSDEEP: | 3:i6vvRyMivvRya:iKvHivD |
MD5: | 45B4C82B8041BF0F9CCED0D6A18D151A |
SHA1: | B4DAD3FFFEF507CBB78671EE620BB495F8CE22F1 |
SHA-256: | 7CFA461ED1FC8611AB74878EDB1FBBDE3596F5D042946A42A7F31EB6D462E628 |
SHA-512: | B29C3696A8A311EFAF9B9709BA082FF2C8D45A6912D79BC1DE7FEEFBEF8F8DDEFCD6650B5E1165D0A79800C8AED399E2B11BC2431E3837DD8587516BDE50EAB5 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.989600940155032 |
TrID: |
|
File name: | 3ZD5tEC5DH.exe |
File size: | 374'784 bytes |
MD5: | 149131a90f99225e6c7e28a06164dd9a |
SHA1: | f9d0e7ae3bed79498bf4da92c0ef9568d4e5595e |
SHA256: | 6b176bab868dc372496ab3c6ce97518d276c17143f77ae15c992970c1efdf21f |
SHA512: | d6f611d974402adba0548c6f15527f2d7f45e2e5a3466ff2d1b93fcd9eb5ae22a96468e8d4c8d428167a0801f2e1f4a702384878a4fec230f79529ba975b309a |
SSDEEP: | 6144:+aiiJ6qfl9snkFV8FDU+CEMltZVMUwMDp8Aj/TmbGIenjfa9ckFuzyNQhsqayCcp:+aiiJjynkFVnTzl0Aj/TmbNenLnSQhsq |
TLSH: | 8F84235093E1168BD2242A324C87129D83E3FE74F0CE5FE5A365EA376EEE70410D975A |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c.f................................. ........@.. ....................... ............`................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x45ccee |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66F463BB [Wed Sep 25 19:25:47 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5cc94 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5e000 | 0x5b8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x60000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x5cb5c | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x5acf4 | 0x5ae00 | b78669443bdf65ef8228d4a29be393ff | False | 0.9938585367950481 | data | 7.995705798028068 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x5e000 | 0x5b8 | 0x600 | e0c57c891752f78d44441c65570fe51e | False | 0.4381510416666667 | data | 4.119761219082767 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x60000 | 0xc | 0x200 | 93175a635d4731115c9b1e1c282e8f9e | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x5e0a0 | 0x324 | data | 0.4552238805970149 | ||
RT_MANIFEST | 0x5e3c8 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:58:36.812587+0200 | 2056048 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lootebarrkeyn .shop) | 1 | 192.168.2.6 | 52018 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:58:36.830747+0200 | 2056164 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop) | 1 | 192.168.2.6 | 59886 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:58:37.420292+0200 | 2056165 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) | 1 | 192.168.2.6 | 49710 | 104.21.4.136 | 443 | TCP |
2024-09-26T09:58:37.940927+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49710 | 104.21.4.136 | 443 | TCP |
2024-09-26T09:58:37.940927+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49710 | 104.21.4.136 | 443 | TCP |
2024-09-26T09:58:37.948460+0200 | 2056162 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop) | 1 | 192.168.2.6 | 62281 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:58:38.424964+0200 | 2056163 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) | 1 | 192.168.2.6 | 49711 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:58:38.867301+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49711 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:58:38.867301+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49711 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:58:38.871156+0200 | 2056160 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop) | 1 | 192.168.2.6 | 63504 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:58:39.502747+0200 | 2056161 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) | 1 | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:39.963391+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:39.963391+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:39.967673+0200 | 2056158 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop) | 1 | 192.168.2.6 | 50739 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:58:40.443849+0200 | 2056159 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) | 1 | 192.168.2.6 | 49714 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:40.955377+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49714 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:40.955377+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49714 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:40.957085+0200 | 2056156 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop) | 1 | 192.168.2.6 | 58108 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:58:41.445111+0200 | 2056157 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) | 1 | 192.168.2.6 | 49715 | 172.67.162.108 | 443 | TCP |
2024-09-26T09:58:41.923134+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49715 | 172.67.162.108 | 443 | TCP |
2024-09-26T09:58:41.923134+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49715 | 172.67.162.108 | 443 | TCP |
2024-09-26T09:58:41.924937+0200 | 2056154 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop) | 1 | 192.168.2.6 | 65346 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:58:42.419788+0200 | 2056155 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) | 1 | 192.168.2.6 | 49716 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:42.899946+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49716 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:42.899946+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49716 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:42.902228+0200 | 2056152 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop) | 1 | 192.168.2.6 | 65127 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:58:43.400411+0200 | 2056153 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) | 1 | 192.168.2.6 | 49717 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:43.844049+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49717 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:43.844049+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49717 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:58:43.845719+0200 | 2056150 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop) | 1 | 192.168.2.6 | 55477 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:58:44.319186+0200 | 2056151 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) | 1 | 192.168.2.6 | 49718 | 172.67.208.139 | 443 | TCP |
2024-09-26T09:58:44.808684+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49718 | 172.67.208.139 | 443 | TCP |
2024-09-26T09:58:44.808684+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49718 | 172.67.208.139 | 443 | TCP |
2024-09-26T09:58:47.045311+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49720 | 172.67.189.2 | 443 | TCP |
2024-09-26T09:58:47.045311+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49720 | 172.67.189.2 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2024 09:58:36.849387884 CEST | 49710 | 443 | 192.168.2.6 | 104.21.4.136 |
Sep 26, 2024 09:58:36.849456072 CEST | 443 | 49710 | 104.21.4.136 | 192.168.2.6 |
Sep 26, 2024 09:58:36.849543095 CEST | 49710 | 443 | 192.168.2.6 | 104.21.4.136 |
Sep 26, 2024 09:58:36.873667955 CEST | 49710 | 443 | 192.168.2.6 | 104.21.4.136 |
Sep 26, 2024 09:58:36.873712063 CEST | 443 | 49710 | 104.21.4.136 | 192.168.2.6 |
Sep 26, 2024 09:58:37.420162916 CEST | 443 | 49710 | 104.21.4.136 | 192.168.2.6 |
Sep 26, 2024 09:58:37.420291901 CEST | 49710 | 443 | 192.168.2.6 | 104.21.4.136 |
Sep 26, 2024 09:58:37.424108982 CEST | 49710 | 443 | 192.168.2.6 | 104.21.4.136 |
Sep 26, 2024 09:58:37.424139977 CEST | 443 | 49710 | 104.21.4.136 | 192.168.2.6 |
Sep 26, 2024 09:58:37.424410105 CEST | 443 | 49710 | 104.21.4.136 | 192.168.2.6 |
Sep 26, 2024 09:58:37.478691101 CEST | 49710 | 443 | 192.168.2.6 | 104.21.4.136 |
Sep 26, 2024 09:58:37.500996113 CEST | 49710 | 443 | 192.168.2.6 | 104.21.4.136 |
Sep 26, 2024 09:58:37.500996113 CEST | 49710 | 443 | 192.168.2.6 | 104.21.4.136 |
Sep 26, 2024 09:58:37.501169920 CEST | 443 | 49710 | 104.21.4.136 | 192.168.2.6 |
Sep 26, 2024 09:58:37.940941095 CEST | 443 | 49710 | 104.21.4.136 | 192.168.2.6 |
Sep 26, 2024 09:58:37.941045046 CEST | 443 | 49710 | 104.21.4.136 | 192.168.2.6 |
Sep 26, 2024 09:58:37.941133976 CEST | 49710 | 443 | 192.168.2.6 | 104.21.4.136 |
Sep 26, 2024 09:58:37.943594933 CEST | 49710 | 443 | 192.168.2.6 | 104.21.4.136 |
Sep 26, 2024 09:58:37.943659067 CEST | 443 | 49710 | 104.21.4.136 | 192.168.2.6 |
Sep 26, 2024 09:58:37.963782072 CEST | 49711 | 443 | 192.168.2.6 | 188.114.97.3 |
Sep 26, 2024 09:58:37.963818073 CEST | 443 | 49711 | 188.114.97.3 | 192.168.2.6 |
Sep 26, 2024 09:58:37.963903904 CEST | 49711 | 443 | 192.168.2.6 | 188.114.97.3 |
Sep 26, 2024 09:58:37.964637041 CEST | 49711 | 443 | 192.168.2.6 | 188.114.97.3 |
Sep 26, 2024 09:58:37.964647055 CEST | 443 | 49711 | 188.114.97.3 | 192.168.2.6 |
Sep 26, 2024 09:58:38.424792051 CEST | 443 | 49711 | 188.114.97.3 | 192.168.2.6 |
Sep 26, 2024 09:58:38.424963951 CEST | 49711 | 443 | 192.168.2.6 | 188.114.97.3 |
Sep 26, 2024 09:58:38.439033031 CEST | 49711 | 443 | 192.168.2.6 | 188.114.97.3 |
Sep 26, 2024 09:58:38.439075947 CEST | 443 | 49711 | 188.114.97.3 | 192.168.2.6 |
Sep 26, 2024 09:58:38.439420938 CEST | 443 | 49711 | 188.114.97.3 | 192.168.2.6 |
Sep 26, 2024 09:58:38.440654039 CEST | 49711 | 443 | 192.168.2.6 | 188.114.97.3 |
Sep 26, 2024 09:58:38.440707922 CEST | 49711 | 443 | 192.168.2.6 | 188.114.97.3 |
Sep 26, 2024 09:58:38.440752983 CEST | 443 | 49711 | 188.114.97.3 | 192.168.2.6 |
Sep 26, 2024 09:58:38.867326975 CEST | 443 | 49711 | 188.114.97.3 | 192.168.2.6 |
Sep 26, 2024 09:58:38.867429972 CEST | 443 | 49711 | 188.114.97.3 | 192.168.2.6 |
Sep 26, 2024 09:58:38.867517948 CEST | 49711 | 443 | 192.168.2.6 | 188.114.97.3 |
Sep 26, 2024 09:58:38.867711067 CEST | 49711 | 443 | 192.168.2.6 | 188.114.97.3 |
Sep 26, 2024 09:58:38.867733955 CEST | 443 | 49711 | 188.114.97.3 | 192.168.2.6 |
Sep 26, 2024 09:58:38.867747068 CEST | 49711 | 443 | 192.168.2.6 | 188.114.97.3 |
Sep 26, 2024 09:58:38.867753983 CEST | 443 | 49711 | 188.114.97.3 | 192.168.2.6 |
Sep 26, 2024 09:58:38.887285948 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:38.887335062 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:38.887397051 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:38.889820099 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:38.889837027 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:39.502541065 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:39.502747059 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:39.504498959 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:39.504511118 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:39.504760981 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:39.506138086 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:39.506158113 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:39.506220102 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:39.963419914 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:39.963551998 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:39.963643074 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:39.963872910 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:39.963900089 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:39.963920116 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:39.963927031 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:39.982302904 CEST | 49714 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:39.982367039 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:39.982440948 CEST | 49714 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:39.983043909 CEST | 49714 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:39.983062029 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:40.443552017 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:40.443849087 CEST | 49714 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:40.445590973 CEST | 49714 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:40.445621967 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:40.445899010 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:40.447316885 CEST | 49714 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:40.447360992 CEST | 49714 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:40.447407961 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:40.955430984 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:40.955538988 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:40.955607891 CEST | 49714 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:40.955784082 CEST | 49714 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:40.955810070 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:40.955825090 CEST | 49714 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:40.955831051 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:40.979926109 CEST | 49715 | 443 | 192.168.2.6 | 172.67.162.108 |
Sep 26, 2024 09:58:40.979979038 CEST | 443 | 49715 | 172.67.162.108 | 192.168.2.6 |
Sep 26, 2024 09:58:40.980057955 CEST | 49715 | 443 | 192.168.2.6 | 172.67.162.108 |
Sep 26, 2024 09:58:40.980416059 CEST | 49715 | 443 | 192.168.2.6 | 172.67.162.108 |
Sep 26, 2024 09:58:40.980437040 CEST | 443 | 49715 | 172.67.162.108 | 192.168.2.6 |
Sep 26, 2024 09:58:41.444890022 CEST | 443 | 49715 | 172.67.162.108 | 192.168.2.6 |
Sep 26, 2024 09:58:41.445111036 CEST | 49715 | 443 | 192.168.2.6 | 172.67.162.108 |
Sep 26, 2024 09:58:41.459846973 CEST | 49715 | 443 | 192.168.2.6 | 172.67.162.108 |
Sep 26, 2024 09:58:41.459888935 CEST | 443 | 49715 | 172.67.162.108 | 192.168.2.6 |
Sep 26, 2024 09:58:41.460275888 CEST | 443 | 49715 | 172.67.162.108 | 192.168.2.6 |
Sep 26, 2024 09:58:41.472843885 CEST | 49715 | 443 | 192.168.2.6 | 172.67.162.108 |
Sep 26, 2024 09:58:41.475655079 CEST | 49715 | 443 | 192.168.2.6 | 172.67.162.108 |
Sep 26, 2024 09:58:41.475692034 CEST | 443 | 49715 | 172.67.162.108 | 192.168.2.6 |
Sep 26, 2024 09:58:41.923167944 CEST | 443 | 49715 | 172.67.162.108 | 192.168.2.6 |
Sep 26, 2024 09:58:41.923300028 CEST | 443 | 49715 | 172.67.162.108 | 192.168.2.6 |
Sep 26, 2024 09:58:41.923376083 CEST | 49715 | 443 | 192.168.2.6 | 172.67.162.108 |
Sep 26, 2024 09:58:41.923573971 CEST | 49715 | 443 | 192.168.2.6 | 172.67.162.108 |
Sep 26, 2024 09:58:41.923590899 CEST | 443 | 49715 | 172.67.162.108 | 192.168.2.6 |
Sep 26, 2024 09:58:41.923612118 CEST | 49715 | 443 | 192.168.2.6 | 172.67.162.108 |
Sep 26, 2024 09:58:41.923618078 CEST | 443 | 49715 | 172.67.162.108 | 192.168.2.6 |
Sep 26, 2024 09:58:41.939810038 CEST | 49716 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:41.939866066 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:41.939959049 CEST | 49716 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:41.940361023 CEST | 49716 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:41.940378904 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:42.419709921 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:42.419787884 CEST | 49716 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:42.429162025 CEST | 49716 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:42.429184914 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:42.429452896 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:42.430577993 CEST | 49716 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:42.430608034 CEST | 49716 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:42.430659056 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:42.899972916 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:42.900079966 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:42.900175095 CEST | 49716 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:42.900412083 CEST | 49716 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:42.900460005 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:42.900490046 CEST | 49716 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:42.900506973 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:42.918766022 CEST | 49717 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:42.918833017 CEST | 443 | 49717 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:42.918912888 CEST | 49717 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:42.919437885 CEST | 49717 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:42.919449091 CEST | 443 | 49717 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:43.400226116 CEST | 443 | 49717 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:43.400410891 CEST | 49717 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:43.402456045 CEST | 49717 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:43.402473927 CEST | 443 | 49717 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:43.402793884 CEST | 443 | 49717 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:43.404257059 CEST | 49717 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:43.404294014 CEST | 49717 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:43.404361010 CEST | 443 | 49717 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:43.844053984 CEST | 443 | 49717 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:43.844160080 CEST | 443 | 49717 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:43.844253063 CEST | 49717 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:43.844546080 CEST | 49717 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:43.844546080 CEST | 49717 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 26, 2024 09:58:43.844567060 CEST | 443 | 49717 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:43.844578028 CEST | 443 | 49717 | 188.114.96.3 | 192.168.2.6 |
Sep 26, 2024 09:58:43.858867884 CEST | 49718 | 443 | 192.168.2.6 | 172.67.208.139 |
Sep 26, 2024 09:58:43.858923912 CEST | 443 | 49718 | 172.67.208.139 | 192.168.2.6 |
Sep 26, 2024 09:58:43.859020948 CEST | 49718 | 443 | 192.168.2.6 | 172.67.208.139 |
Sep 26, 2024 09:58:43.859379053 CEST | 49718 | 443 | 192.168.2.6 | 172.67.208.139 |
Sep 26, 2024 09:58:43.859401941 CEST | 443 | 49718 | 172.67.208.139 | 192.168.2.6 |
Sep 26, 2024 09:58:44.319098949 CEST | 443 | 49718 | 172.67.208.139 | 192.168.2.6 |
Sep 26, 2024 09:58:44.319185972 CEST | 49718 | 443 | 192.168.2.6 | 172.67.208.139 |
Sep 26, 2024 09:58:44.333034992 CEST | 49718 | 443 | 192.168.2.6 | 172.67.208.139 |
Sep 26, 2024 09:58:44.333059072 CEST | 443 | 49718 | 172.67.208.139 | 192.168.2.6 |
Sep 26, 2024 09:58:44.333312035 CEST | 443 | 49718 | 172.67.208.139 | 192.168.2.6 |
Sep 26, 2024 09:58:44.345961094 CEST | 49718 | 443 | 192.168.2.6 | 172.67.208.139 |
Sep 26, 2024 09:58:44.345982075 CEST | 49718 | 443 | 192.168.2.6 | 172.67.208.139 |
Sep 26, 2024 09:58:44.346097946 CEST | 443 | 49718 | 172.67.208.139 | 192.168.2.6 |
Sep 26, 2024 09:58:44.808388948 CEST | 443 | 49718 | 172.67.208.139 | 192.168.2.6 |
Sep 26, 2024 09:58:44.808480024 CEST | 443 | 49718 | 172.67.208.139 | 192.168.2.6 |
Sep 26, 2024 09:58:44.808613062 CEST | 49718 | 443 | 192.168.2.6 | 172.67.208.139 |
Sep 26, 2024 09:58:44.808640003 CEST | 49718 | 443 | 192.168.2.6 | 172.67.208.139 |
Sep 26, 2024 09:58:44.808655977 CEST | 443 | 49718 | 172.67.208.139 | 192.168.2.6 |
Sep 26, 2024 09:58:44.808670044 CEST | 49718 | 443 | 192.168.2.6 | 172.67.208.139 |
Sep 26, 2024 09:58:44.808675051 CEST | 443 | 49718 | 172.67.208.139 | 192.168.2.6 |
Sep 26, 2024 09:58:44.817842007 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:44.817914009 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:44.817997932 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:44.818289042 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:44.818325043 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:45.467680931 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:45.467847109 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:45.477921963 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:45.477952003 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:45.478240967 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:45.479790926 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:45.527405024 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:45.976089954 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:45.976114988 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:45.976129055 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:45.976247072 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:45.976284027 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:45.976342916 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:46.076517105 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:46.076546907 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:46.076710939 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:46.076739073 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:46.076785088 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:46.081887960 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:46.081955910 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:46.081973076 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:46.082001925 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:46.082017899 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:46.082046032 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:46.082133055 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:46.082146883 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:46.082159042 CEST | 49719 | 443 | 192.168.2.6 | 104.102.49.254 |
Sep 26, 2024 09:58:46.082165956 CEST | 443 | 49719 | 104.102.49.254 | 192.168.2.6 |
Sep 26, 2024 09:58:46.098612070 CEST | 49720 | 443 | 192.168.2.6 | 172.67.189.2 |
Sep 26, 2024 09:58:46.098674059 CEST | 443 | 49720 | 172.67.189.2 | 192.168.2.6 |
Sep 26, 2024 09:58:46.098813057 CEST | 49720 | 443 | 192.168.2.6 | 172.67.189.2 |
Sep 26, 2024 09:58:46.099143028 CEST | 49720 | 443 | 192.168.2.6 | 172.67.189.2 |
Sep 26, 2024 09:58:46.099160910 CEST | 443 | 49720 | 172.67.189.2 | 192.168.2.6 |
Sep 26, 2024 09:58:46.588026047 CEST | 443 | 49720 | 172.67.189.2 | 192.168.2.6 |
Sep 26, 2024 09:58:46.588193893 CEST | 49720 | 443 | 192.168.2.6 | 172.67.189.2 |
Sep 26, 2024 09:58:46.590251923 CEST | 49720 | 443 | 192.168.2.6 | 172.67.189.2 |
Sep 26, 2024 09:58:46.590266943 CEST | 443 | 49720 | 172.67.189.2 | 192.168.2.6 |
Sep 26, 2024 09:58:46.590517998 CEST | 443 | 49720 | 172.67.189.2 | 192.168.2.6 |
Sep 26, 2024 09:58:46.591792107 CEST | 49720 | 443 | 192.168.2.6 | 172.67.189.2 |
Sep 26, 2024 09:58:46.591792107 CEST | 49720 | 443 | 192.168.2.6 | 172.67.189.2 |
Sep 26, 2024 09:58:46.591871023 CEST | 443 | 49720 | 172.67.189.2 | 192.168.2.6 |
Sep 26, 2024 09:58:47.045320034 CEST | 443 | 49720 | 172.67.189.2 | 192.168.2.6 |
Sep 26, 2024 09:58:47.045413017 CEST | 443 | 49720 | 172.67.189.2 | 192.168.2.6 |
Sep 26, 2024 09:58:47.045497894 CEST | 49720 | 443 | 192.168.2.6 | 172.67.189.2 |
Sep 26, 2024 09:58:47.045881033 CEST | 49720 | 443 | 192.168.2.6 | 172.67.189.2 |
Sep 26, 2024 09:58:47.045881033 CEST | 49720 | 443 | 192.168.2.6 | 172.67.189.2 |
Sep 26, 2024 09:58:47.045907974 CEST | 443 | 49720 | 172.67.189.2 | 192.168.2.6 |
Sep 26, 2024 09:58:47.045918941 CEST | 443 | 49720 | 172.67.189.2 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2024 09:58:36.812587023 CEST | 52018 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 26, 2024 09:58:36.821825981 CEST | 53 | 52018 | 1.1.1.1 | 192.168.2.6 |
Sep 26, 2024 09:58:36.830746889 CEST | 59886 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 26, 2024 09:58:36.844813108 CEST | 53 | 59886 | 1.1.1.1 | 192.168.2.6 |
Sep 26, 2024 09:58:37.948460102 CEST | 62281 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 26, 2024 09:58:37.962512016 CEST | 53 | 62281 | 1.1.1.1 | 192.168.2.6 |
Sep 26, 2024 09:58:38.871155977 CEST | 63504 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 26, 2024 09:58:38.886204958 CEST | 53 | 63504 | 1.1.1.1 | 192.168.2.6 |
Sep 26, 2024 09:58:39.967673063 CEST | 50739 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 26, 2024 09:58:39.981395960 CEST | 53 | 50739 | 1.1.1.1 | 192.168.2.6 |
Sep 26, 2024 09:58:40.957084894 CEST | 58108 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 26, 2024 09:58:40.978657961 CEST | 53 | 58108 | 1.1.1.1 | 192.168.2.6 |
Sep 26, 2024 09:58:41.924937010 CEST | 65346 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 26, 2024 09:58:41.938756943 CEST | 53 | 65346 | 1.1.1.1 | 192.168.2.6 |
Sep 26, 2024 09:58:42.902228117 CEST | 65127 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 26, 2024 09:58:42.916310072 CEST | 53 | 65127 | 1.1.1.1 | 192.168.2.6 |
Sep 26, 2024 09:58:43.845719099 CEST | 55477 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 26, 2024 09:58:43.857887030 CEST | 53 | 55477 | 1.1.1.1 | 192.168.2.6 |
Sep 26, 2024 09:58:44.810002089 CEST | 56248 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 26, 2024 09:58:44.817159891 CEST | 53 | 56248 | 1.1.1.1 | 192.168.2.6 |
Sep 26, 2024 09:58:46.085145950 CEST | 49442 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 26, 2024 09:58:46.097533941 CEST | 53 | 49442 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 26, 2024 09:58:36.812587023 CEST | 192.168.2.6 | 1.1.1.1 | 0xc6c0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:58:36.830746889 CEST | 192.168.2.6 | 1.1.1.1 | 0x2a90 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:58:37.948460102 CEST | 192.168.2.6 | 1.1.1.1 | 0x3b7d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:58:38.871155977 CEST | 192.168.2.6 | 1.1.1.1 | 0x2fd0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:58:39.967673063 CEST | 192.168.2.6 | 1.1.1.1 | 0x55d0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:58:40.957084894 CEST | 192.168.2.6 | 1.1.1.1 | 0xf439 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:58:41.924937010 CEST | 192.168.2.6 | 1.1.1.1 | 0x473a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:58:42.902228117 CEST | 192.168.2.6 | 1.1.1.1 | 0x8492 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:58:43.845719099 CEST | 192.168.2.6 | 1.1.1.1 | 0xa923 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:58:44.810002089 CEST | 192.168.2.6 | 1.1.1.1 | 0x3a8e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:58:46.085145950 CEST | 192.168.2.6 | 1.1.1.1 | 0x98c7 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 26, 2024 09:58:36.821825981 CEST | 1.1.1.1 | 192.168.2.6 | 0xc6c0 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:58:36.844813108 CEST | 1.1.1.1 | 192.168.2.6 | 0x2a90 | No error (0) | 104.21.4.136 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:36.844813108 CEST | 1.1.1.1 | 192.168.2.6 | 0x2a90 | No error (0) | 172.67.132.32 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:37.962512016 CEST | 1.1.1.1 | 192.168.2.6 | 0x3b7d | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:37.962512016 CEST | 1.1.1.1 | 192.168.2.6 | 0x3b7d | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:38.886204958 CEST | 1.1.1.1 | 192.168.2.6 | 0x2fd0 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:38.886204958 CEST | 1.1.1.1 | 192.168.2.6 | 0x2fd0 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:39.981395960 CEST | 1.1.1.1 | 192.168.2.6 | 0x55d0 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:39.981395960 CEST | 1.1.1.1 | 192.168.2.6 | 0x55d0 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:40.978657961 CEST | 1.1.1.1 | 192.168.2.6 | 0xf439 | No error (0) | 172.67.162.108 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:40.978657961 CEST | 1.1.1.1 | 192.168.2.6 | 0xf439 | No error (0) | 104.21.58.182 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:41.938756943 CEST | 1.1.1.1 | 192.168.2.6 | 0x473a | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:41.938756943 CEST | 1.1.1.1 | 192.168.2.6 | 0x473a | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:42.916310072 CEST | 1.1.1.1 | 192.168.2.6 | 0x8492 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:42.916310072 CEST | 1.1.1.1 | 192.168.2.6 | 0x8492 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:43.857887030 CEST | 1.1.1.1 | 192.168.2.6 | 0xa923 | No error (0) | 172.67.208.139 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:43.857887030 CEST | 1.1.1.1 | 192.168.2.6 | 0xa923 | No error (0) | 104.21.77.130 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:44.817159891 CEST | 1.1.1.1 | 192.168.2.6 | 0x3a8e | No error (0) | 104.102.49.254 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:46.097533941 CEST | 1.1.1.1 | 192.168.2.6 | 0x98c7 | No error (0) | 172.67.189.2 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:46.097533941 CEST | 1.1.1.1 | 192.168.2.6 | 0x98c7 | No error (0) | 104.21.51.224 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:51.973336935 CEST | 1.1.1.1 | 192.168.2.6 | 0x995d | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 26, 2024 09:58:51.973336935 CEST | 1.1.1.1 | 192.168.2.6 | 0x995d | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49710 | 104.21.4.136 | 443 | 5396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:58:37 UTC | 264 | OUT | |
2024-09-26 07:58:37 UTC | 8 | OUT | |
2024-09-26 07:58:37 UTC | 782 | IN | |
2024-09-26 07:58:37 UTC | 15 | IN | |
2024-09-26 07:58:37 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49711 | 188.114.97.3 | 443 | 5396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:58:38 UTC | 264 | OUT | |
2024-09-26 07:58:38 UTC | 8 | OUT | |
2024-09-26 07:58:38 UTC | 778 | IN | |
2024-09-26 07:58:38 UTC | 15 | IN | |
2024-09-26 07:58:38 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | 5396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:58:39 UTC | 266 | OUT | |
2024-09-26 07:58:39 UTC | 8 | OUT | |
2024-09-26 07:58:39 UTC | 764 | IN | |
2024-09-26 07:58:39 UTC | 15 | IN | |
2024-09-26 07:58:39 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49714 | 188.114.96.3 | 443 | 5396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:58:40 UTC | 263 | OUT | |
2024-09-26 07:58:40 UTC | 8 | OUT | |
2024-09-26 07:58:40 UTC | 794 | IN | |
2024-09-26 07:58:40 UTC | 15 | IN | |
2024-09-26 07:58:40 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 49715 | 172.67.162.108 | 443 | 5396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:58:41 UTC | 263 | OUT | |
2024-09-26 07:58:41 UTC | 8 | OUT | |
2024-09-26 07:58:41 UTC | 766 | IN | |
2024-09-26 07:58:41 UTC | 15 | IN | |
2024-09-26 07:58:41 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 49716 | 188.114.96.3 | 443 | 5396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:58:42 UTC | 263 | OUT | |
2024-09-26 07:58:42 UTC | 8 | OUT | |
2024-09-26 07:58:42 UTC | 768 | IN | |
2024-09-26 07:58:42 UTC | 15 | IN | |
2024-09-26 07:58:42 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.6 | 49717 | 188.114.96.3 | 443 | 5396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:58:43 UTC | 265 | OUT | |
2024-09-26 07:58:43 UTC | 8 | OUT | |
2024-09-26 07:58:43 UTC | 772 | IN | |
2024-09-26 07:58:43 UTC | 15 | IN | |
2024-09-26 07:58:43 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.6 | 49718 | 172.67.208.139 | 443 | 5396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:58:44 UTC | 263 | OUT | |
2024-09-26 07:58:44 UTC | 8 | OUT | |
2024-09-26 07:58:44 UTC | 770 | IN | |
2024-09-26 07:58:44 UTC | 15 | IN | |
2024-09-26 07:58:44 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.6 | 49719 | 104.102.49.254 | 443 | 5396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:58:45 UTC | 219 | OUT | |
2024-09-26 07:58:45 UTC | 1870 | IN | |
2024-09-26 07:58:45 UTC | 14514 | IN | |
2024-09-26 07:58:46 UTC | 16384 | IN | |
2024-09-26 07:58:46 UTC | 3768 | IN | |
2024-09-26 07:58:46 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.6 | 49720 | 172.67.189.2 | 443 | 5396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:58:46 UTC | 262 | OUT | |
2024-09-26 07:58:46 UTC | 8 | OUT | |
2024-09-26 07:58:47 UTC | 768 | IN | |
2024-09-26 07:58:47 UTC | 15 | IN | |
2024-09-26 07:58:47 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:58:33 |
Start date: | 26/09/2024 |
Path: | C:\Users\user\Desktop\3ZD5tEC5DH.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1e0000 |
File size: | 374'784 bytes |
MD5 hash: | 149131A90F99225E6C7E28A06164DD9A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 03:58:33 |
Start date: | 26/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 03:58:35 |
Start date: | 26/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x950000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 37.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 24% |
Total number of Nodes: | 25 |
Total number of Limit Nodes: | 1 |
Graph
Callgraph
Function 026A2151 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01330 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01268 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01270 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 1.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 75% |
Total number of Nodes: | 36 |
Total number of Limit Nodes: | 8 |
Graph
Function 00410480 Relevance: 25.4, Strings: 20, Instructions: 435COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040FEBC Relevance: 13.2, Strings: 10, Instructions: 710COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D2C0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 159threadCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447600 Relevance: 6.9, Strings: 5, Instructions: 614COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EFFC Relevance: 6.8, Strings: 5, Instructions: 550COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A7E0 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ED90 Relevance: 1.6, APIs: 1, Instructions: 87libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444282 Relevance: 1.6, APIs: 1, Instructions: 51memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041E52C Relevance: 38.6, Strings: 30, Instructions: 1100COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00439000 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043FD0E Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 403memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401000 Relevance: 11.9, Strings: 8, Instructions: 1867COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00427B0F Relevance: 10.8, Strings: 8, Instructions: 813COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041DD64 Relevance: 10.6, Strings: 8, Instructions: 613COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004012A7 Relevance: 8.4, Strings: 6, Instructions: 940COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C891 Relevance: 8.3, Strings: 6, Instructions: 837COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004204A0 Relevance: 6.9, Strings: 5, Instructions: 683COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042BB00 Relevance: 6.7, Strings: 5, Instructions: 428COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F7E0 Relevance: 6.6, Strings: 5, Instructions: 400COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A345 Relevance: 4.3, Strings: 3, Instructions: 529COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426F20 Relevance: 4.2, Strings: 3, Instructions: 405COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408810 Relevance: 4.1, Strings: 3, Instructions: 395COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004450E0 Relevance: 3.1, Strings: 2, Instructions: 576COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D56C Relevance: 3.1, Strings: 2, Instructions: 553COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403790 Relevance: 2.9, Strings: 2, Instructions: 445COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041CFF0 Relevance: 2.9, Strings: 2, Instructions: 428COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D58E Relevance: 2.9, Strings: 2, Instructions: 396COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C390 Relevance: 2.9, Strings: 2, Instructions: 361COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434DF6 Relevance: 2.8, Strings: 2, Instructions: 301COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437620 Relevance: 2.7, Strings: 2, Instructions: 225COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A2F9 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A274 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AF10 Relevance: 2.6, Strings: 2, Instructions: 87COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405400 Relevance: 1.8, Strings: 1, Instructions: 570COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426CA0 Relevance: 1.8, APIs: 1, Instructions: 255comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449390 Relevance: 1.6, Strings: 1, Instructions: 384COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00431370 Relevance: 1.6, Strings: 1, Instructions: 383COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DEF8 Relevance: 1.6, Strings: 1, Instructions: 338COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434A2F Relevance: 1.6, Strings: 1, Instructions: 305COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448BE0 Relevance: 1.5, Strings: 1, Instructions: 287COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B300 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B020 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A910 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445AD0 Relevance: 1.5, Strings: 1, Instructions: 233COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414E26 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004489F0 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444970 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E470 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DFE0 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AC00 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AD90 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00424490 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040BF80 Relevance: .9, Instructions: 852COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B470 Relevance: .7, Instructions: 670COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407470 Relevance: .7, Instructions: 657COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449E60 Relevance: .6, Instructions: 592COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407E70 Relevance: .6, Instructions: 592COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409737 Relevance: .5, Instructions: 536COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447EDE Relevance: .5, Instructions: 476COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A3C0 Relevance: .4, Instructions: 448COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409A02 Relevance: .3, Instructions: 334COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AFD0 Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449970 Relevance: .3, Instructions: 304COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004146B5 Relevance: .3, Instructions: 277COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413AE6 Relevance: .3, Instructions: 274COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448F80 Relevance: .3, Instructions: 263COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00415078 Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F5B7 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004091F0 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043EF50 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438C00 Relevance: .2, Instructions: 185COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405D20 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449B60 Relevance: .1, Instructions: 142COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411420 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404C10 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043B510 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004381AA Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430BD0 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445D80 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407120 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A880 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442280 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004361D5 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 165memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|