Windows
Analysis Report
Copy60330548196.exe
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Copy60330548196.exe (PID: 7144 cmdline:
"C:\Users\ user\Deskt op\Copy603 30548196.e xe" MD5: F6059B7E84DE5F51EB7C2BE5874C895E)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process Stats: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 31 Virtualization/Sandbox Evasion | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Software Packing | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 12 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
70% | Virustotal | Browse | ||
61% | ReversingLabs | Win32.Trojan.Jalapeno | ||
100% | Avira | TR/AVI.PWS.Agent.vkkfn | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
14% | Virustotal | Browse | ||
5% | Virustotal | Browse |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
98.142.254.109 | unknown | Canada | 30407 | VELCOMCA | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1526377 |
Start date and time: | 2024-10-05 14:36:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Copy60330548196.exe |
Detection: | MAL |
Classification: | mal76.evad.winEXE@1/0@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target Copy60330548196.exe, PID 7144 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
08:37:15 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
98.142.254.109 | Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Azorult, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, AsyncRAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
VELCOMCA | Get hash | malicious | PureLog Stealer, XWorm | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
|
File type: | |
Entropy (8bit): | 6.26569728928316 |
TrID: |
|
File name: | Copy60330548196.exe |
File size: | 316'280 bytes |
MD5: | f6059b7e84de5f51eb7c2be5874c895e |
SHA1: | b9da6c67e47cb2b21125a1d0b9ba469b3b5ecacd |
SHA256: | 59e7fb46b2712f447bd8e6da840d2000f9f7af01c843a111c851745ec8f6a04d |
SHA512: | 371f44c4f2ad0cc5ee1e7bbf30073001adab40a4b987c7b78954aa776ba8ec1a03d840b974d608b4baf8791be0ea01ffb27d551d0b0e013ecb7a64ad41d94da7 |
SSDEEP: | 3072:+eQrSMOsUMNWi54JwN7L4NnCDDRvLGmrOAOkGt6+duWA/t/SHUebbxCbGgKk12q2:+EMOs5hMstvLGtELbMUTKZLH |
TLSH: | 8564C5837185CC95D1432AF6C8AFC5201274BD8F9562C70E3A47BB2A54E776328AB74F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V3Cf................................. ........@.. ....................................`................................ |
Icon Hash: | 929296929e9e8e73 |
Entrypoint: | 0x41c9ae |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66433356 [Tue May 14 09:48:06 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Signature Valid: | false |
Signature Issuer: | CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 36083DDD2C0C94D360522774BEDA31E2 |
Thumbprint SHA-1: | B140BCEDA70D6A6C48C4258CC83F4ECCC96845C8 |
Thumbprint SHA-256: | B12E1F90FEB1A204409F736836E7BA7F078E40B3A809A73BAC08AEB658627610 |
Serial: | 06E2870844B5FE917E3498FD2526FBCD |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1c960 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1e000 | 0x2f164 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x4a000 | 0x3378 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x4e000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x1a9b4 | 0x1aa00 | b1c3abbf6fe2639ec6cb141808abaaf8 | False | 0.4222051056338028 | data | 5.40304606763096 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x1e000 | 0x2f164 | 0x2f200 | 3096e939c6d52b193e6086d504bc212a | False | 0.36266992705570295 | data | 6.232769275350078 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x4e000 | 0xc | 0x200 | dd2548ee0d7cc6ebf64e7b2f56c57559 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x1e2b0 | 0x709e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | 0.9976066597294485 | ||
RT_ICON | 0x25350 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | 0.17033893292322252 | ||
RT_ICON | 0x35b78 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | 0.271415808282531 | ||
RT_ICON | 0x3f020 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | 0.3012014787430684 | ||
RT_ICON | 0x444a8 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | 0.28259329239489844 | ||
RT_ICON | 0x486d0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.38558091286307056 | ||
RT_ICON | 0x4ac78 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.4598968105065666 | ||
RT_ICON | 0x4bd20 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | 0.5704918032786885 | ||
RT_ICON | 0x4c6a8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.6631205673758865 | ||
RT_GROUP_ICON | 0x4cb10 | 0x84 | data | 0.7272727272727273 | ||
RT_VERSION | 0x4cb94 | 0x3e4 | data | 0.4066265060240964 | ||
RT_MANIFEST | 0x4cf78 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 5, 2024 14:37:16.876754045 CEST | 49712 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:16.882004023 CEST | 80 | 49712 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:37:16.886537075 CEST | 49712 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:16.887181997 CEST | 49712 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:16.892102003 CEST | 80 | 49712 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:37:38.265173912 CEST | 80 | 49712 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:37:38.265813112 CEST | 49712 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:38.281457901 CEST | 49712 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:38.282674074 CEST | 49718 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:38.286364079 CEST | 80 | 49712 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:37:38.287621021 CEST | 80 | 49718 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:37:38.287766933 CEST | 49718 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:38.288201094 CEST | 49718 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:38.293013096 CEST | 80 | 49718 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:37:59.689357996 CEST | 80 | 49718 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:37:59.689439058 CEST | 49718 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:59.690099001 CEST | 49718 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:59.694961071 CEST | 80 | 49718 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:37:59.698225021 CEST | 49719 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:59.703099012 CEST | 80 | 49719 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:37:59.703202009 CEST | 49719 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:59.703378916 CEST | 49719 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:37:59.708358049 CEST | 80 | 49719 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:21.061821938 CEST | 80 | 49719 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:21.061954021 CEST | 49719 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:21.062690020 CEST | 49719 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:21.063421011 CEST | 49721 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:21.067465067 CEST | 80 | 49719 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:21.072371006 CEST | 80 | 49721 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:21.072487116 CEST | 49721 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:21.072741985 CEST | 49721 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:21.077554941 CEST | 80 | 49721 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:42.421756983 CEST | 80 | 49721 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:42.425487995 CEST | 49721 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:42.430447102 CEST | 49721 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:42.430447102 CEST | 49722 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:42.436338902 CEST | 80 | 49721 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:42.436346054 CEST | 80 | 49722 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:42.437060118 CEST | 49722 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:42.437316895 CEST | 49722 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:42.443727970 CEST | 80 | 49722 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:44.614219904 CEST | 49722 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:44.615768909 CEST | 49723 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:44.620698929 CEST | 80 | 49723 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:44.624244928 CEST | 49723 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:44.624437094 CEST | 49723 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:44.629236937 CEST | 80 | 49723 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:44.662103891 CEST | 80 | 49722 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:50.066699982 CEST | 49723 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:50.067410946 CEST | 49724 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:50.072261095 CEST | 80 | 49724 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:50.072350979 CEST | 49724 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:50.072468042 CEST | 49724 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:38:50.077267885 CEST | 80 | 49724 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:38:50.114167929 CEST | 80 | 49723 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:03.833051920 CEST | 80 | 49722 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:03.833132982 CEST | 49722 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:04.348478079 CEST | 49724 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:04.348980904 CEST | 49725 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:04.353825092 CEST | 80 | 49725 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:04.358815908 CEST | 49725 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:04.359067917 CEST | 49725 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:04.363852978 CEST | 80 | 49725 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:04.398180962 CEST | 80 | 49724 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:05.999243975 CEST | 80 | 49723 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:05.999298096 CEST | 49723 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:11.472160101 CEST | 80 | 49724 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:11.472243071 CEST | 49724 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:25.051366091 CEST | 49725 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:25.053122044 CEST | 49726 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:25.058212996 CEST | 80 | 49726 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:25.058299065 CEST | 49726 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:25.058727980 CEST | 49726 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:25.063601971 CEST | 80 | 49726 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:25.098155022 CEST | 80 | 49725 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:25.720228910 CEST | 80 | 49725 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:25.722727060 CEST | 49725 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:28.832509041 CEST | 49726 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:28.833437920 CEST | 49727 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:28.838294983 CEST | 80 | 49727 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:28.838608027 CEST | 49727 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:28.838686943 CEST | 49727 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:28.843482971 CEST | 80 | 49727 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:28.878142118 CEST | 80 | 49726 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:46.422086954 CEST | 80 | 49726 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:46.422159910 CEST | 49726 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:47.363930941 CEST | 49727 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:47.378895998 CEST | 49728 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:47.383696079 CEST | 80 | 49728 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:47.387105942 CEST | 49728 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:47.387105942 CEST | 49728 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:39:47.393265009 CEST | 80 | 49728 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:47.410090923 CEST | 80 | 49727 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:50.208802938 CEST | 80 | 49727 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:39:50.210994959 CEST | 49727 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:05.989334106 CEST | 49728 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:05.991245031 CEST | 49729 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:05.996260881 CEST | 80 | 49729 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:05.996346951 CEST | 49729 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:05.996611118 CEST | 49729 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:06.002192974 CEST | 80 | 49729 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:06.042231083 CEST | 80 | 49728 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:08.395219088 CEST | 49729 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:08.397167921 CEST | 49730 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:08.707602024 CEST | 49729 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:08.807820082 CEST | 80 | 49728 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:08.807878971 CEST | 49728 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:08.809314966 CEST | 80 | 49730 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:08.809338093 CEST | 80 | 49729 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:08.809393883 CEST | 49730 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:08.809647083 CEST | 49730 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:08.814384937 CEST | 80 | 49730 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:27.379720926 CEST | 80 | 49729 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:27.379836082 CEST | 49729 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:30.190354109 CEST | 80 | 49730 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:30.190736055 CEST | 49730 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:30.192279100 CEST | 49730 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:30.197067022 CEST | 80 | 49730 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:30.197110891 CEST | 49731 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:30.201910973 CEST | 80 | 49731 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:30.203203917 CEST | 49731 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:30.203203917 CEST | 49731 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:30.208074093 CEST | 80 | 49731 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:31.630721092 CEST | 49732 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:31.630836010 CEST | 49731 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:31.635699987 CEST | 80 | 49732 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:31.639110088 CEST | 49732 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:31.639199018 CEST | 49732 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:31.643965960 CEST | 80 | 49732 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:31.678495884 CEST | 80 | 49731 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:32.864053011 CEST | 49732 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:32.865248919 CEST | 49733 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:32.870385885 CEST | 80 | 49733 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:32.870451927 CEST | 49733 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:32.870687962 CEST | 49733 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:32.875519991 CEST | 80 | 49733 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:32.910147905 CEST | 80 | 49732 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:51.565490961 CEST | 80 | 49731 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:51.565574884 CEST | 49731 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:53.021241903 CEST | 80 | 49732 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:53.021332026 CEST | 49732 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:54.220679045 CEST | 80 | 49733 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:54.223120928 CEST | 49733 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:54.227174997 CEST | 49733 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:54.231194019 CEST | 49734 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:54.232145071 CEST | 80 | 49733 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:54.236182928 CEST | 80 | 49734 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:54.239132881 CEST | 49734 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:54.239295006 CEST | 49734 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:54.244148970 CEST | 80 | 49734 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:55.239121914 CEST | 49734 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:55.240511894 CEST | 49735 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:55.245496035 CEST | 80 | 49735 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:55.247243881 CEST | 49735 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:55.247243881 CEST | 49735 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:40:55.252278090 CEST | 80 | 49735 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:40:55.286326885 CEST | 80 | 49734 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:41:09.755054951 CEST | 49735 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:09.759051085 CEST | 49736 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:09.765083075 CEST | 80 | 49736 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:41:09.765265942 CEST | 49736 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:09.765383005 CEST | 49736 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:09.770121098 CEST | 80 | 49736 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:41:09.802185059 CEST | 80 | 49735 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:41:13.724348068 CEST | 49736 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:13.724366903 CEST | 49737 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:13.729228020 CEST | 80 | 49737 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:41:13.729407072 CEST | 49737 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:13.729496002 CEST | 49737 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:13.734246969 CEST | 80 | 49737 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:41:13.774209023 CEST | 80 | 49736 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:41:15.626925945 CEST | 80 | 49734 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:41:15.627073050 CEST | 49734 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:16.595592976 CEST | 80 | 49735 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:41:16.595837116 CEST | 49735 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:21.478375912 CEST | 49737 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:21.479027033 CEST | 49738 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:21.483808041 CEST | 80 | 49738 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:41:21.483879089 CEST | 49738 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:21.483968019 CEST | 49738 | 80 | 192.168.2.9 | 98.142.254.109 |
Oct 5, 2024 14:41:21.488687992 CEST | 80 | 49738 | 98.142.254.109 | 192.168.2.9 |
Oct 5, 2024 14:41:21.527508020 CEST | 80 | 49737 | 98.142.254.109 | 192.168.2.9 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 49712 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:37:16.887181997 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.9 | 49718 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:37:38.288201094 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.9 | 49719 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:37:59.703378916 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.9 | 49721 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:38:21.072741985 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.9 | 49722 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:38:42.437316895 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.9 | 49723 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:38:44.624437094 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.9 | 49724 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:38:50.072468042 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.9 | 49725 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:39:04.359067917 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.9 | 49726 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:39:25.058727980 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.9 | 49727 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:39:28.838686943 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.9 | 49728 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:39:47.387105942 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.9 | 49729 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:40:05.996611118 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.9 | 49730 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:40:08.809647083 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.9 | 49731 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:40:30.203203917 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.9 | 49732 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:40:31.639199018 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.9 | 49733 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:40:32.870687962 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.9 | 49734 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:40:54.239295006 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.9 | 49735 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:40:55.247243881 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.9 | 49736 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:41:09.765383005 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.9 | 49737 | 98.142.254.109 | 80 | 7144 | C:\Users\user\Desktop\Copy60330548196.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:41:13.729496002 CEST | 79 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
20 | 192.168.2.9 | 49738 | 98.142.254.109 | 80 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 5, 2024 14:41:21.483968019 CEST | 79 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 08:37:15 |
Start date: | 05/10/2024 |
Path: | C:\Users\user\Desktop\Copy60330548196.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6d0000 |
File size: | 316'280 bytes |
MD5 hash: | F6059B7E84DE5F51EB7C2BE5874C895E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Function 0291183B Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02911848 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0291244C Relevance: 1.3, Strings: 1, Instructions: 95COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02910C01 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02911B59 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02912458 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02911A28 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00DDD76D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00DDD76C Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029108A1 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02910880 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029108C0 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029108B0 Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|