Windows
Analysis Report
gZzI6gTYn4.exe
Overview
General Information
Sample name: | gZzI6gTYn4.exerenamed because original name is a hash value |
Original sample name: | f2fdf50927663d80056fc0bcd576c461.exe |
Analysis ID: | 1520447 |
MD5: | f2fdf50927663d80056fc0bcd576c461 |
SHA1: | e4a3effdbe933a92869c2b859f2bea4b9f89729a |
SHA256: | 7af5384d5927029f94ff0639272716c837b7ae7fb6f855f67c6d7a74004c67e7 |
Tags: | exeuser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- gZzI6gTYn4.exe (PID: 6984 cmdline:
"C:\Users\ user\Deskt op\gZzI6gT Yn4.exe" MD5: F2FDF50927663D80056FC0BCD576C461) - conhost.exe (PID: 7004 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - RegAsm.exe (PID: 6244 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["vozmeatillu.shop", "gutterydhowi.shop", "fragnantbui.shop", "offensivedzvju.shop", "reinforcenh.shop", "stogeneratmns.shop", "drawzhotdog.shop", "ghostreedmnu.shop", "lootebarrkeyn.shop"], "Build id": "FATE99--"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:18.058775+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49730 | 104.21.4.136 | 443 | TCP |
2024-09-27T11:16:19.009337+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49731 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:19.915533+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49732 | 188.114.97.3 | 443 | TCP |
2024-09-27T11:16:20.852879+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49733 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:21.793147+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 172.67.162.108 | 443 | TCP |
2024-09-27T11:16:22.759818+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49735 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:23.881986+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:24.820981+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49737 | 104.21.77.130 | 443 | TCP |
2024-09-27T11:16:27.023133+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49739 | 172.67.128.144 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:18.058775+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49730 | 104.21.4.136 | 443 | TCP |
2024-09-27T11:16:19.009337+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49731 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:19.915533+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49732 | 188.114.97.3 | 443 | TCP |
2024-09-27T11:16:20.852879+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49733 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:21.793147+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 172.67.162.108 | 443 | TCP |
2024-09-27T11:16:22.759818+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49735 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:23.881986+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:24.820981+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49737 | 104.21.77.130 | 443 | TCP |
2024-09-27T11:16:27.023133+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49739 | 172.67.128.144 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:21.356055+0200 | 2056157 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49734 | 172.67.162.108 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:22.305456+0200 | 2056155 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49735 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:18.559269+0200 | 2056163 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49731 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:17.599316+0200 | 2056165 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49730 | 104.21.4.136 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:19.489492+0200 | 2056161 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49732 | 188.114.97.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:24.395791+0200 | 2056151 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49737 | 104.21.77.130 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:23.245653+0200 | 2056153 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:20.406819+0200 | 2056159 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49733 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:20.854662+0200 | 2056156 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 56294 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:21.793913+0200 | 2056154 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 55540 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:18.070792+0200 | 2056162 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 50969 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:17.117434+0200 | 2056164 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 52923 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:17.101770+0200 | 2056048 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 59470 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:19.012822+0200 | 2056160 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 65266 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:23.910047+0200 | 2056150 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 50904 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:22.761643+0200 | 2056152 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49372 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:19.917534+0200 | 2056158 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 58169 | 1.1.1.1 | 53 | UDP |
Click to jump to signature section
AV Detection |
---|
Source: | URL Reputation: | ||
Source: | URL Reputation: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 2_2_0040F042 | |
Source: | Code function: | 2_2_0040D470 | |
Source: | Code function: | 2_2_0040F807 | |
Source: | Code function: | 2_2_00447AC9 | |
Source: | Code function: | 2_2_00447AC9 | |
Source: | Code function: | 2_2_00447D38 | |
Source: | Code function: | 2_2_00447E1B | |
Source: | Code function: | 2_2_00401000 | |
Source: | Code function: | 2_2_0044B010 | |
Source: | Code function: | 2_2_00425030 | |
Source: | Code function: | 2_2_0040C1C0 | |
Source: | Code function: | 2_2_0044B1A0 | |
Source: | Code function: | 2_2_00427230 | |
Source: | Code function: | 2_2_004452E0 | |
Source: | Code function: | 2_2_004142E4 | |
Source: | Code function: | 2_2_0044B320 | |
Source: | Code function: | 2_2_00407450 | |
Source: | Code function: | 2_2_00412450 | |
Source: | Code function: | 2_2_00412450 | |
Source: | Code function: | 2_2_00412450 | |
Source: | Code function: | 2_2_00412450 | |
Source: | Code function: | 2_2_00442410 | |
Source: | Code function: | 2_2_0044B430 | |
Source: | Code function: | 2_2_004314A0 | |
Source: | Code function: | 2_2_004404AB | |
Source: | Code function: | 2_2_0044A510 | |
Source: | Code function: | 2_2_00435519 | |
Source: | Code function: | 2_2_00433623 | |
Source: | Code function: | 2_2_00449620 | |
Source: | Code function: | 2_2_00434629 | |
Source: | Code function: | 2_2_0040F63A | |
Source: | Code function: | 2_2_00414692 | |
Source: | Code function: | 2_2_0041E71A | |
Source: | Code function: | 2_2_0041E71A | |
Source: | Code function: | 2_2_0040F7E3 | |
Source: | Code function: | 2_2_00432830 | |
Source: | Code function: | 2_2_00432830 | |
Source: | Code function: | 2_2_00432830 | |
Source: | Code function: | 2_2_00432830 | |
Source: | Code function: | 2_2_00432830 | |
Source: | Code function: | 2_2_004338C0 | |
Source: | Code function: | 2_2_004338C0 | |
Source: | Code function: | 2_2_004338C0 | |
Source: | Code function: | 2_2_004338C0 | |
Source: | Code function: | 2_2_004338C0 | |
Source: | Code function: | 2_2_004338C0 | |
Source: | Code function: | 2_2_004338C0 | |
Source: | Code function: | 2_2_004338C0 | |
Source: | Code function: | 2_2_004408E6 | |
Source: | Code function: | 2_2_00444970 | |
Source: | Code function: | 2_2_00429978 | |
Source: | Code function: | 2_2_00434990 | |
Source: | Code function: | 2_2_00434990 | |
Source: | Code function: | 2_2_00434990 | |
Source: | Code function: | 2_2_00420A70 | |
Source: | Code function: | 2_2_00440A70 | |
Source: | Code function: | 2_2_0040FA20 | |
Source: | Code function: | 2_2_0040FA20 | |
Source: | Code function: | 2_2_0040FA20 | |
Source: | Code function: | 2_2_0042CAD0 | |
Source: | Code function: | 2_2_0042CAD0 | |
Source: | Code function: | 2_2_00421AD0 | |
Source: | Code function: | 2_2_00444BC0 | |
Source: | Code function: | 2_2_0041AB90 | |
Source: | Code function: | 2_2_00448B90 | |
Source: | Code function: | 2_2_00430CC0 | |
Source: | Code function: | 2_2_00405CF0 | |
Source: | Code function: | 2_2_00404CB0 | |
Source: | Code function: | 2_2_00449D22 | |
Source: | Code function: | 2_2_00445DE0 | |
Source: | Code function: | 2_2_00448D80 | |
Source: | Code function: | 2_2_0042FE26 | |
Source: | Code function: | 2_2_0042FE26 | |
Source: | Code function: | 2_2_00413EEC | |
Source: | Code function: | 2_2_00413EEC | |
Source: | Code function: | 2_2_0043FE90 | |
Source: | Code function: | 2_2_00426FC0 | |
Source: | Code function: | 2_2_0041FFD8 | |
Source: | Code function: | 2_2_0042DFE0 | |
Source: | Code function: | 2_2_0043BFF0 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 2_2_00439BD0 |
Source: | Code function: | 2_2_00439BD0 |
Source: | Code function: | 2_2_0043A777 |
System Summary |
---|
Source: | Large array initialization: |
Source: | Code function: | 0_2_00EF0C40 | |
Source: | Code function: | 2_2_004103A8 | |
Source: | Code function: | 2_2_00447D38 | |
Source: | Code function: | 2_2_00401000 | |
Source: | Code function: | 2_2_004480B0 | |
Source: | Code function: | 2_2_00449120 | |
Source: | Code function: | 2_2_0040C1C0 | |
Source: | Code function: | 2_2_0042D250 | |
Source: | Code function: | 2_2_0040A231 | |
Source: | Code function: | 2_2_0044A230 | |
Source: | Code function: | 2_2_004012C7 | |
Source: | Code function: | 2_2_004452E0 | |
Source: | Code function: | 2_2_00415352 | |
Source: | Code function: | 2_2_00407450 | |
Source: | Code function: | 2_2_00405470 | |
Source: | Code function: | 2_2_00409402 | |
Source: | Code function: | 2_2_004404AB | |
Source: | Code function: | 2_2_0044A510 | |
Source: | Code function: | 2_2_004115B0 | |
Source: | Code function: | 2_2_0041D610 | |
Source: | Code function: | 2_2_00449620 | |
Source: | Code function: | 2_2_0040A6E0 | |
Source: | Code function: | 2_2_0040B6B0 | |
Source: | Code function: | 2_2_0043F700 | |
Source: | Code function: | 2_2_0041E71A | |
Source: | Code function: | 2_2_0044B720 | |
Source: | Code function: | 2_2_00428833 | |
Source: | Code function: | 2_2_004338C0 | |
Source: | Code function: | 2_2_004408E6 | |
Source: | Code function: | 2_2_004038A0 | |
Source: | Code function: | 2_2_00434990 | |
Source: | Code function: | 2_2_0040ABA0 | |
Source: | Code function: | 2_2_0042EBBC | |
Source: | Code function: | 2_2_00437CD0 | |
Source: | Code function: | 2_2_00449D22 | |
Source: | Code function: | 2_2_00407E50 | |
Source: | Code function: | 2_2_00427E6C | |
Source: | Code function: | 2_2_00437F30 | |
Source: | Code function: | 2_2_0042DFE0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 2_2_0043910C |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 2_2_00438B85 |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 2_2_004476D0 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_02932145 |
Source: | Memory written: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Screen Capture | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 12 System Information Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Deobfuscate/Decode Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 4 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
66% | ReversingLabs | ByteCode-MSIL.Spyware.Lummastealer |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
fragnantbui.shop | 188.114.96.3 | true | true | unknown | |
gutterydhowi.shop | 104.21.4.136 | true | true | unknown | |
steamcommunity.com | 104.102.49.254 | true | false | unknown | |
offensivedzvju.shop | 188.114.97.3 | true | true | unknown | |
stogeneratmns.shop | 188.114.96.3 | true | true | unknown | |
reinforcenh.shop | 104.21.77.130 | true | true | unknown | |
drawzhotdog.shop | 172.67.162.108 | true | true | unknown | |
ghostreedmnu.shop | 188.114.96.3 | true | true | unknown | |
vozmeatillu.shop | 188.114.96.3 | true | true | unknown | |
ballotnwu.site | 172.67.128.144 | true | true | unknown | |
lootebarrkeyn.shop | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true |
| unknown | |
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
true |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.77.130 | reinforcenh.shop | United States | 13335 | CLOUDFLARENETUS | true | |
104.21.4.136 | gutterydhowi.shop | United States | 13335 | CLOUDFLARENETUS | true | |
188.114.97.3 | offensivedzvju.shop | European Union | 13335 | CLOUDFLARENETUS | true | |
172.67.162.108 | drawzhotdog.shop | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.128.144 | ballotnwu.site | United States | 13335 | CLOUDFLARENETUS | true | |
188.114.96.3 | fragnantbui.shop | European Union | 13335 | CLOUDFLARENETUS | true | |
104.102.49.254 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520447 |
Start date and time: | 2024-09-27 11:15:24 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 3 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | gZzI6gTYn4.exerenamed because original name is a hash value |
Original Sample Name: | f2fdf50927663d80056fc0bcd576c461.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@4/2@11/7 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: gZzI6gTYn4.exe
Time | Type | Description |
---|---|---|
05:16:16 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.77.130 | Get hash | malicious | Amadey, GO Backdoor | Browse |
| |
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
104.21.4.136 | Get hash | malicious | LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse | ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse | |||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
188.114.97.3 | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
offensivedzvju.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
gutterydhowi.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
steamcommunity.com | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
fragnantbui.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Cobalt Strike, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Cobalt Strike, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Cobalt Strike, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
|
Process: | C:\Users\user\Desktop\gZzI6gTYn4.exe |
File Type: | |
Category: | modified |
Size (bytes): | 425 |
Entropy (8bit): | 5.353683843266035 |
Encrypted: | false |
SSDEEP: | 12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk |
MD5: | 859802284B12C59DDBB85B0AC64C08F0 |
SHA1: | 4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE |
SHA-256: | FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B |
SHA-512: | 8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\gZzI6gTYn4.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33 |
Entropy (8bit): | 2.2845972159140855 |
Encrypted: | false |
SSDEEP: | 3:i6vvRyMivvRya:iKvHivD |
MD5: | 45B4C82B8041BF0F9CCED0D6A18D151A |
SHA1: | B4DAD3FFFEF507CBB78671EE620BB495F8CE22F1 |
SHA-256: | 7CFA461ED1FC8611AB74878EDB1FBBDE3596F5D042946A42A7F31EB6D462E628 |
SHA-512: | B29C3696A8A311EFAF9B9709BA082FF2C8D45A6912D79BC1DE7FEEFBEF8F8DDEFCD6650B5E1165D0A79800C8AED399E2B11BC2431E3837DD8587516BDE50EAB5 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.98896500834466 |
TrID: |
|
File name: | gZzI6gTYn4.exe |
File size: | 375'296 bytes |
MD5: | f2fdf50927663d80056fc0bcd576c461 |
SHA1: | e4a3effdbe933a92869c2b859f2bea4b9f89729a |
SHA256: | 7af5384d5927029f94ff0639272716c837b7ae7fb6f855f67c6d7a74004c67e7 |
SHA512: | 0c6ed639c044cc22f2f53ba4bd40011efaeeab61d9b03e4c0a15480cdd874a678d1d7c36dd3c78699a7f29692104cb2954906f50cf67b81d8a392b37b0f122d7 |
SSDEEP: | 6144:oyb/4fldXvqrKLs4n/43+rkCSQ7w2AxoKwwHmQQt6nSbEyUWRa/wBNG9S3/Yw86o:zcKKu3+QxBwQI6SbEyp0/GNp3H86T0 |
TLSH: | 27842390B3C04978D73F417E50732879A9B8FDBAEEB609CDD580621E072A672F146DB4 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................>.... ........@.. ....................... ............`................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x45ce3e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66F5AE1A [Thu Sep 26 18:55:22 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5cde8 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5e000 | 0x5c8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x60000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x5ccb0 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x5ae44 | 0x5b000 | 1eb48f2f23d576636d87889b53239878 | False | 0.993657709478022 | data | 7.995242302577597 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x5e000 | 0x5c8 | 0x600 | a589a4206018b0dca6ae47d5c97f9001 | False | 0.4375 | data | 4.119926545451393 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x60000 | 0xc | 0x200 | ef500bd10f72fd04b5e7aed0b41ff3fd | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x5e0a0 | 0x334 | data | 0.4426829268292683 | ||
RT_MANIFEST | 0x5e3d8 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-27T11:16:17.101770+0200 | 2056048 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lootebarrkeyn .shop) | 1 | 192.168.2.4 | 59470 | 1.1.1.1 | 53 | UDP |
2024-09-27T11:16:17.117434+0200 | 2056164 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop) | 1 | 192.168.2.4 | 52923 | 1.1.1.1 | 53 | UDP |
2024-09-27T11:16:17.599316+0200 | 2056165 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) | 1 | 192.168.2.4 | 49730 | 104.21.4.136 | 443 | TCP |
2024-09-27T11:16:18.058775+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49730 | 104.21.4.136 | 443 | TCP |
2024-09-27T11:16:18.058775+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49730 | 104.21.4.136 | 443 | TCP |
2024-09-27T11:16:18.070792+0200 | 2056162 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop) | 1 | 192.168.2.4 | 50969 | 1.1.1.1 | 53 | UDP |
2024-09-27T11:16:18.559269+0200 | 2056163 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) | 1 | 192.168.2.4 | 49731 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:19.009337+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49731 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:19.009337+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49731 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:19.012822+0200 | 2056160 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop) | 1 | 192.168.2.4 | 65266 | 1.1.1.1 | 53 | UDP |
2024-09-27T11:16:19.489492+0200 | 2056161 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) | 1 | 192.168.2.4 | 49732 | 188.114.97.3 | 443 | TCP |
2024-09-27T11:16:19.915533+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49732 | 188.114.97.3 | 443 | TCP |
2024-09-27T11:16:19.915533+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49732 | 188.114.97.3 | 443 | TCP |
2024-09-27T11:16:19.917534+0200 | 2056158 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop) | 1 | 192.168.2.4 | 58169 | 1.1.1.1 | 53 | UDP |
2024-09-27T11:16:20.406819+0200 | 2056159 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) | 1 | 192.168.2.4 | 49733 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:20.852879+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49733 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:20.852879+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49733 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:20.854662+0200 | 2056156 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop) | 1 | 192.168.2.4 | 56294 | 1.1.1.1 | 53 | UDP |
2024-09-27T11:16:21.356055+0200 | 2056157 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) | 1 | 192.168.2.4 | 49734 | 172.67.162.108 | 443 | TCP |
2024-09-27T11:16:21.793147+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49734 | 172.67.162.108 | 443 | TCP |
2024-09-27T11:16:21.793147+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49734 | 172.67.162.108 | 443 | TCP |
2024-09-27T11:16:21.793913+0200 | 2056154 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop) | 1 | 192.168.2.4 | 55540 | 1.1.1.1 | 53 | UDP |
2024-09-27T11:16:22.305456+0200 | 2056155 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) | 1 | 192.168.2.4 | 49735 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:22.759818+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49735 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:22.759818+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49735 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:22.761643+0200 | 2056152 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop) | 1 | 192.168.2.4 | 49372 | 1.1.1.1 | 53 | UDP |
2024-09-27T11:16:23.245653+0200 | 2056153 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) | 1 | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:23.881986+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:23.881986+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
2024-09-27T11:16:23.910047+0200 | 2056150 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop) | 1 | 192.168.2.4 | 50904 | 1.1.1.1 | 53 | UDP |
2024-09-27T11:16:24.395791+0200 | 2056151 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) | 1 | 192.168.2.4 | 49737 | 104.21.77.130 | 443 | TCP |
2024-09-27T11:16:24.820981+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49737 | 104.21.77.130 | 443 | TCP |
2024-09-27T11:16:24.820981+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49737 | 104.21.77.130 | 443 | TCP |
2024-09-27T11:16:27.023133+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49739 | 172.67.128.144 | 443 | TCP |
2024-09-27T11:16:27.023133+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49739 | 172.67.128.144 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 11:16:17.136641979 CEST | 49730 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 27, 2024 11:16:17.136693001 CEST | 443 | 49730 | 104.21.4.136 | 192.168.2.4 |
Sep 27, 2024 11:16:17.136774063 CEST | 49730 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 27, 2024 11:16:17.139940977 CEST | 49730 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 27, 2024 11:16:17.139955044 CEST | 443 | 49730 | 104.21.4.136 | 192.168.2.4 |
Sep 27, 2024 11:16:17.599225044 CEST | 443 | 49730 | 104.21.4.136 | 192.168.2.4 |
Sep 27, 2024 11:16:17.599315882 CEST | 49730 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 27, 2024 11:16:17.602829933 CEST | 49730 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 27, 2024 11:16:17.602840900 CEST | 443 | 49730 | 104.21.4.136 | 192.168.2.4 |
Sep 27, 2024 11:16:17.603137970 CEST | 443 | 49730 | 104.21.4.136 | 192.168.2.4 |
Sep 27, 2024 11:16:17.642851114 CEST | 49730 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 27, 2024 11:16:17.653002024 CEST | 49730 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 27, 2024 11:16:17.653037071 CEST | 49730 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 27, 2024 11:16:17.653107882 CEST | 443 | 49730 | 104.21.4.136 | 192.168.2.4 |
Sep 27, 2024 11:16:18.058787107 CEST | 443 | 49730 | 104.21.4.136 | 192.168.2.4 |
Sep 27, 2024 11:16:18.058886051 CEST | 443 | 49730 | 104.21.4.136 | 192.168.2.4 |
Sep 27, 2024 11:16:18.058954954 CEST | 49730 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 27, 2024 11:16:18.068094015 CEST | 49730 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 27, 2024 11:16:18.068121910 CEST | 443 | 49730 | 104.21.4.136 | 192.168.2.4 |
Sep 27, 2024 11:16:18.084466934 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:18.084528923 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:18.084620953 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:18.084906101 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:18.084924936 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:18.559137106 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:18.559268951 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:18.604198933 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:18.604232073 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:18.604598999 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:18.605871916 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:18.605900049 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:18.605971098 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.009354115 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.009444952 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.009515047 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:19.009737015 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:19.009761095 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.009772062 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:19.009778976 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.028042078 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 27, 2024 11:16:19.028076887 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.028156996 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 27, 2024 11:16:19.028491020 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 27, 2024 11:16:19.028501987 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.489367962 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.489491940 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 27, 2024 11:16:19.491270065 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 27, 2024 11:16:19.491283894 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.491550922 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.492974043 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 27, 2024 11:16:19.493012905 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 27, 2024 11:16:19.493041992 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.915591002 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.915837049 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.915910006 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 27, 2024 11:16:19.915990114 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 27, 2024 11:16:19.916035891 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.916064978 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 27, 2024 11:16:19.916080952 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.933520079 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:19.933592081 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:19.933680058 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:19.934009075 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:19.934041977 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:20.406665087 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:20.406819105 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:20.408745050 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:20.408773899 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:20.409077883 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:20.410226107 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:20.410263062 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:20.410310984 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:20.852891922 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:20.852998018 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:20.853075981 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:20.853306055 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:20.853322983 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:20.853342056 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:20.853348017 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:20.867274046 CEST | 49734 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 27, 2024 11:16:20.867292881 CEST | 443 | 49734 | 172.67.162.108 | 192.168.2.4 |
Sep 27, 2024 11:16:20.867366076 CEST | 49734 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 27, 2024 11:16:20.867696047 CEST | 49734 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 27, 2024 11:16:20.867707014 CEST | 443 | 49734 | 172.67.162.108 | 192.168.2.4 |
Sep 27, 2024 11:16:21.355879068 CEST | 443 | 49734 | 172.67.162.108 | 192.168.2.4 |
Sep 27, 2024 11:16:21.356055021 CEST | 49734 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 27, 2024 11:16:21.371876001 CEST | 49734 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 27, 2024 11:16:21.371922970 CEST | 443 | 49734 | 172.67.162.108 | 192.168.2.4 |
Sep 27, 2024 11:16:21.372286081 CEST | 443 | 49734 | 172.67.162.108 | 192.168.2.4 |
Sep 27, 2024 11:16:21.381237030 CEST | 49734 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 27, 2024 11:16:21.381278038 CEST | 49734 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 27, 2024 11:16:21.381376982 CEST | 443 | 49734 | 172.67.162.108 | 192.168.2.4 |
Sep 27, 2024 11:16:21.790282011 CEST | 443 | 49734 | 172.67.162.108 | 192.168.2.4 |
Sep 27, 2024 11:16:21.790509939 CEST | 443 | 49734 | 172.67.162.108 | 192.168.2.4 |
Sep 27, 2024 11:16:21.790601969 CEST | 49734 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 27, 2024 11:16:21.790707111 CEST | 49734 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 27, 2024 11:16:21.790707111 CEST | 49734 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 27, 2024 11:16:21.790771961 CEST | 443 | 49734 | 172.67.162.108 | 192.168.2.4 |
Sep 27, 2024 11:16:21.790798903 CEST | 443 | 49734 | 172.67.162.108 | 192.168.2.4 |
Sep 27, 2024 11:16:21.816788912 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:21.816832066 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:21.816912889 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:21.817199945 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:21.817215919 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:22.305351019 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:22.305455923 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:22.307152987 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:22.307163954 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:22.307415009 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:22.308681011 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:22.308706045 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:22.308741093 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:22.759819984 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:22.759928942 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:22.760020971 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:22.760313988 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:22.760338068 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:22.760349989 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:22.760355949 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:22.777270079 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:22.777306080 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:22.777390957 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:22.777832985 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:22.777842999 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:23.245515108 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:23.245652914 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:23.247993946 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:23.248028040 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:23.248290062 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:23.249866962 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:23.249866962 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:23.249943018 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:23.882044077 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:23.882287979 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:23.882411003 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:23.891047001 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:23.891047955 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 27, 2024 11:16:23.891125917 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:23.891158104 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Sep 27, 2024 11:16:23.926038980 CEST | 49737 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 27, 2024 11:16:23.926103115 CEST | 443 | 49737 | 104.21.77.130 | 192.168.2.4 |
Sep 27, 2024 11:16:23.926184893 CEST | 49737 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 27, 2024 11:16:23.926613092 CEST | 49737 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 27, 2024 11:16:23.926624060 CEST | 443 | 49737 | 104.21.77.130 | 192.168.2.4 |
Sep 27, 2024 11:16:24.395603895 CEST | 443 | 49737 | 104.21.77.130 | 192.168.2.4 |
Sep 27, 2024 11:16:24.395791054 CEST | 49737 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 27, 2024 11:16:24.397910118 CEST | 49737 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 27, 2024 11:16:24.397938013 CEST | 443 | 49737 | 104.21.77.130 | 192.168.2.4 |
Sep 27, 2024 11:16:24.398792982 CEST | 443 | 49737 | 104.21.77.130 | 192.168.2.4 |
Sep 27, 2024 11:16:24.400116920 CEST | 49737 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 27, 2024 11:16:24.400156975 CEST | 49737 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 27, 2024 11:16:24.400286913 CEST | 443 | 49737 | 104.21.77.130 | 192.168.2.4 |
Sep 27, 2024 11:16:24.820945024 CEST | 443 | 49737 | 104.21.77.130 | 192.168.2.4 |
Sep 27, 2024 11:16:24.821047068 CEST | 443 | 49737 | 104.21.77.130 | 192.168.2.4 |
Sep 27, 2024 11:16:24.821168900 CEST | 49737 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 27, 2024 11:16:24.821649075 CEST | 49737 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 27, 2024 11:16:24.821693897 CEST | 443 | 49737 | 104.21.77.130 | 192.168.2.4 |
Sep 27, 2024 11:16:24.821780920 CEST | 49737 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 27, 2024 11:16:24.821796894 CEST | 443 | 49737 | 104.21.77.130 | 192.168.2.4 |
Sep 27, 2024 11:16:24.830847025 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:24.830908060 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:24.830985069 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:24.831361055 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:24.831402063 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:25.472348928 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:25.472436905 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:25.474181890 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:25.474191904 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:25.474467993 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:25.476138115 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:25.523405075 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:25.968822956 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:25.968847036 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:25.968862057 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:25.968940973 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:25.968969107 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:25.968998909 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:25.969019890 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:26.066400051 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:26.066425085 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:26.066472054 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:26.066499949 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:26.066515923 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:26.066541910 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:26.072217941 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:26.072283030 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:26.072294950 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:26.072350025 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:26.072374105 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:26.072392941 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:26.072410107 CEST | 49738 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 27, 2024 11:16:26.072417021 CEST | 443 | 49738 | 104.102.49.254 | 192.168.2.4 |
Sep 27, 2024 11:16:26.092116117 CEST | 49739 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 27, 2024 11:16:26.092156887 CEST | 443 | 49739 | 172.67.128.144 | 192.168.2.4 |
Sep 27, 2024 11:16:26.092211008 CEST | 49739 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 27, 2024 11:16:26.093735933 CEST | 49739 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 27, 2024 11:16:26.093755960 CEST | 443 | 49739 | 172.67.128.144 | 192.168.2.4 |
Sep 27, 2024 11:16:26.567764044 CEST | 443 | 49739 | 172.67.128.144 | 192.168.2.4 |
Sep 27, 2024 11:16:26.567985058 CEST | 49739 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 27, 2024 11:16:26.569741964 CEST | 49739 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 27, 2024 11:16:26.569761038 CEST | 443 | 49739 | 172.67.128.144 | 192.168.2.4 |
Sep 27, 2024 11:16:26.569998980 CEST | 443 | 49739 | 172.67.128.144 | 192.168.2.4 |
Sep 27, 2024 11:16:26.571363926 CEST | 49739 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 27, 2024 11:16:26.571399927 CEST | 49739 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 27, 2024 11:16:26.571436882 CEST | 443 | 49739 | 172.67.128.144 | 192.168.2.4 |
Sep 27, 2024 11:16:27.023149014 CEST | 443 | 49739 | 172.67.128.144 | 192.168.2.4 |
Sep 27, 2024 11:16:27.023233891 CEST | 443 | 49739 | 172.67.128.144 | 192.168.2.4 |
Sep 27, 2024 11:16:27.023305893 CEST | 49739 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 27, 2024 11:16:27.023511887 CEST | 49739 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 27, 2024 11:16:27.023533106 CEST | 443 | 49739 | 172.67.128.144 | 192.168.2.4 |
Sep 27, 2024 11:16:27.023544073 CEST | 49739 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 27, 2024 11:16:27.023549080 CEST | 443 | 49739 | 172.67.128.144 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 11:16:17.101769924 CEST | 59470 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:16:17.113583088 CEST | 53 | 59470 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 11:16:17.117434025 CEST | 52923 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:16:17.130867958 CEST | 53 | 52923 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 11:16:18.070791960 CEST | 50969 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:16:18.083748102 CEST | 53 | 50969 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 11:16:19.012821913 CEST | 65266 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:16:19.027097940 CEST | 53 | 65266 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 11:16:19.917534113 CEST | 58169 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:16:19.932708025 CEST | 53 | 58169 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 11:16:20.854661942 CEST | 56294 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:16:20.866497040 CEST | 53 | 56294 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 11:16:21.793912888 CEST | 55540 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:16:21.815943003 CEST | 53 | 55540 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 11:16:22.761642933 CEST | 49372 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:16:22.776314974 CEST | 53 | 49372 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 11:16:23.910047054 CEST | 50904 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:16:23.922789097 CEST | 53 | 50904 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 11:16:24.823056936 CEST | 54016 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:16:24.830071926 CEST | 53 | 54016 | 1.1.1.1 | 192.168.2.4 |
Sep 27, 2024 11:16:26.074409008 CEST | 54332 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 27, 2024 11:16:26.090845108 CEST | 53 | 54332 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2024 11:16:17.101769924 CEST | 192.168.2.4 | 1.1.1.1 | 0x78ce | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:16:17.117434025 CEST | 192.168.2.4 | 1.1.1.1 | 0x9fef | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:16:18.070791960 CEST | 192.168.2.4 | 1.1.1.1 | 0xf709 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:16:19.012821913 CEST | 192.168.2.4 | 1.1.1.1 | 0xa710 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:16:19.917534113 CEST | 192.168.2.4 | 1.1.1.1 | 0xf8ec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:16:20.854661942 CEST | 192.168.2.4 | 1.1.1.1 | 0xcb3f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:16:21.793912888 CEST | 192.168.2.4 | 1.1.1.1 | 0x94bf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:16:22.761642933 CEST | 192.168.2.4 | 1.1.1.1 | 0x4b51 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:16:23.910047054 CEST | 192.168.2.4 | 1.1.1.1 | 0xe3e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:16:24.823056936 CEST | 192.168.2.4 | 1.1.1.1 | 0xe4f9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:16:26.074409008 CEST | 192.168.2.4 | 1.1.1.1 | 0x8688 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2024 11:16:17.113583088 CEST | 1.1.1.1 | 192.168.2.4 | 0x78ce | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 11:16:17.130867958 CEST | 1.1.1.1 | 192.168.2.4 | 0x9fef | No error (0) | 104.21.4.136 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:17.130867958 CEST | 1.1.1.1 | 192.168.2.4 | 0x9fef | No error (0) | 172.67.132.32 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:18.083748102 CEST | 1.1.1.1 | 192.168.2.4 | 0xf709 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:18.083748102 CEST | 1.1.1.1 | 192.168.2.4 | 0xf709 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:19.027097940 CEST | 1.1.1.1 | 192.168.2.4 | 0xa710 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:19.027097940 CEST | 1.1.1.1 | 192.168.2.4 | 0xa710 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:19.932708025 CEST | 1.1.1.1 | 192.168.2.4 | 0xf8ec | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:19.932708025 CEST | 1.1.1.1 | 192.168.2.4 | 0xf8ec | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:20.866497040 CEST | 1.1.1.1 | 192.168.2.4 | 0xcb3f | No error (0) | 172.67.162.108 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:20.866497040 CEST | 1.1.1.1 | 192.168.2.4 | 0xcb3f | No error (0) | 104.21.58.182 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:21.815943003 CEST | 1.1.1.1 | 192.168.2.4 | 0x94bf | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:21.815943003 CEST | 1.1.1.1 | 192.168.2.4 | 0x94bf | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:22.776314974 CEST | 1.1.1.1 | 192.168.2.4 | 0x4b51 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:22.776314974 CEST | 1.1.1.1 | 192.168.2.4 | 0x4b51 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:23.922789097 CEST | 1.1.1.1 | 192.168.2.4 | 0xe3e | No error (0) | 104.21.77.130 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:23.922789097 CEST | 1.1.1.1 | 192.168.2.4 | 0xe3e | No error (0) | 172.67.208.139 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:24.830071926 CEST | 1.1.1.1 | 192.168.2.4 | 0xe4f9 | No error (0) | 104.102.49.254 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:26.090845108 CEST | 1.1.1.1 | 192.168.2.4 | 0x8688 | No error (0) | 172.67.128.144 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 11:16:26.090845108 CEST | 1.1.1.1 | 192.168.2.4 | 0x8688 | No error (0) | 104.21.2.13 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 104.21.4.136 | 443 | 6244 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 09:16:17 UTC | 264 | OUT | |
2024-09-27 09:16:17 UTC | 8 | OUT | |
2024-09-27 09:16:18 UTC | 810 | IN | |
2024-09-27 09:16:18 UTC | 15 | IN | |
2024-09-27 09:16:18 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49731 | 188.114.96.3 | 443 | 6244 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 09:16:18 UTC | 264 | OUT | |
2024-09-27 09:16:18 UTC | 8 | OUT | |
2024-09-27 09:16:19 UTC | 772 | IN | |
2024-09-27 09:16:19 UTC | 15 | IN | |
2024-09-27 09:16:19 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49732 | 188.114.97.3 | 443 | 6244 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 09:16:19 UTC | 266 | OUT | |
2024-09-27 09:16:19 UTC | 8 | OUT | |
2024-09-27 09:16:19 UTC | 774 | IN | |
2024-09-27 09:16:19 UTC | 15 | IN | |
2024-09-27 09:16:19 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49733 | 188.114.96.3 | 443 | 6244 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 09:16:20 UTC | 263 | OUT | |
2024-09-27 09:16:20 UTC | 8 | OUT | |
2024-09-27 09:16:20 UTC | 762 | IN | |
2024-09-27 09:16:20 UTC | 15 | IN | |
2024-09-27 09:16:20 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49734 | 172.67.162.108 | 443 | 6244 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 09:16:21 UTC | 263 | OUT | |
2024-09-27 09:16:21 UTC | 8 | OUT | |
2024-09-27 09:16:21 UTC | 766 | IN | |
2024-09-27 09:16:21 UTC | 15 | IN | |
2024-09-27 09:16:21 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49735 | 188.114.96.3 | 443 | 6244 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 09:16:22 UTC | 263 | OUT | |
2024-09-27 09:16:22 UTC | 8 | OUT | |
2024-09-27 09:16:22 UTC | 784 | IN | |
2024-09-27 09:16:22 UTC | 15 | IN | |
2024-09-27 09:16:22 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | 6244 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 09:16:23 UTC | 265 | OUT | |
2024-09-27 09:16:23 UTC | 8 | OUT | |
2024-09-27 09:16:23 UTC | 778 | IN | |
2024-09-27 09:16:23 UTC | 15 | IN | |
2024-09-27 09:16:23 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49737 | 104.21.77.130 | 443 | 6244 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 09:16:24 UTC | 263 | OUT | |
2024-09-27 09:16:24 UTC | 8 | OUT | |
2024-09-27 09:16:24 UTC | 774 | IN | |
2024-09-27 09:16:24 UTC | 15 | IN | |
2024-09-27 09:16:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49738 | 104.102.49.254 | 443 | 6244 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 09:16:25 UTC | 219 | OUT | |
2024-09-27 09:16:25 UTC | 1870 | IN | |
2024-09-27 09:16:25 UTC | 14514 | IN | |
2024-09-27 09:16:26 UTC | 16384 | IN | |
2024-09-27 09:16:26 UTC | 3765 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49739 | 172.67.128.144 | 443 | 6244 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 09:16:26 UTC | 261 | OUT | |
2024-09-27 09:16:26 UTC | 8 | OUT | |
2024-09-27 09:16:27 UTC | 774 | IN | |
2024-09-27 09:16:27 UTC | 15 | IN | |
2024-09-27 09:16:27 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:16:16 |
Start date: | 27/09/2024 |
Path: | C:\Users\user\Desktop\gZzI6gTYn4.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x4c0000 |
File size: | 375'296 bytes |
MD5 hash: | F2FDF50927663D80056FC0BCD576C461 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 05:16:16 |
Start date: | 27/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 05:16:16 |
Start date: | 27/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd20000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 32.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 30% |
Total number of Nodes: | 20 |
Total number of Limit Nodes: | 0 |
Graph
Callgraph
Function 02932145 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EF0C40 Relevance: .3, Instructions: 320COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EF1218 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EF1220 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 1.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 48.4% |
Total number of Nodes: | 122 |
Total number of Limit Nodes: | 11 |
Graph
Function 0040D470 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 153threadCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00447AC9 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004476D0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00447E1B Relevance: 1.3, Strings: 1, Instructions: 97COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00447D38 Relevance: .5, Instructions: 487COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F807 Relevance: .4, Instructions: 390COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F042 Relevance: .3, Instructions: 268COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044445C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00444470 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00444490 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041E71A Relevance: 30.0, Strings: 23, Instructions: 1251COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00439BD0 Relevance: 29.8, APIs: 6, Strings: 11, Instructions: 99clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00429978 Relevance: 24.3, Strings: 19, Instructions: 551COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004404AB Relevance: 19.9, APIs: 8, Strings: 3, Instructions: 644memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401000 Relevance: 10.7, Strings: 7, Instructions: 1914COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040FA20 Relevance: 7.9, Strings: 6, Instructions: 380COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004338C0 Relevance: 7.5, Strings: 5, Instructions: 1246COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00433623 Relevance: 5.2, Strings: 4, Instructions: 178COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041FFD8 Relevance: 4.2, Strings: 3, Instructions: 450COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00427230 Relevance: 4.2, Strings: 3, Instructions: 429COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00420A70 Relevance: 4.1, Strings: 3, Instructions: 397COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042FE26 Relevance: 4.1, Strings: 3, Instructions: 362COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00421AD0 Relevance: 3.0, Strings: 2, Instructions: 527COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042CAD0 Relevance: 2.8, Strings: 2, Instructions: 344COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00440A70 Relevance: 2.8, Strings: 2, Instructions: 277COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004452E0 Relevance: 1.9, Strings: 1, Instructions: 662COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00413EEC Relevance: 1.8, Strings: 1, Instructions: 559COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00426FC0 Relevance: 1.7, APIs: 1, Instructions: 245comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004314A0 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00449620 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042DFE0 Relevance: 1.6, Strings: 1, Instructions: 313COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00434629 Relevance: 1.6, Strings: 1, Instructions: 303COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00448D80 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00448B90 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00425030 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044B320 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040C1C0 Relevance: .8, Instructions: 778COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407450 Relevance: .7, Instructions: 658COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044A510 Relevance: .4, Instructions: 415COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00449D22 Relevance: .3, Instructions: 334COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004142E4 Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044B430 Relevance: .3, Instructions: 284COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F7E3 Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00445DE0 Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00444970 Relevance: .2, Instructions: 206COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F63A Relevance: .2, Instructions: 176COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00444BC0 Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00405CF0 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044B010 Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044B1A0 Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00435519 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00414692 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043FE90 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404CB0 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043BFF0 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00430CC0 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043910C Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041AB90 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00442410 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|