Windows
Analysis Report
KjFT0qPTo4.vbs
Overview
General Information
Sample name: | KjFT0qPTo4.vbsrenamed because original name is a hash value |
Original sample name: | 437d16ac6fb62c138841e2ddb216dca0.vbs |
Analysis ID: | 1530695 |
MD5: | 437d16ac6fb62c138841e2ddb216dca0 |
SHA1: | 0c74d149fbd1f4f1a20ba1f962564d02a88d184f |
SHA256: | 2b18564d817f6070f7cdb7f29dc8ba06a96772c7ce0ea72e74c944b089bf7df4 |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- wscript.exe (PID: 3232 cmdline:
C:\Windows \System32\ WScript.ex e "C:\User s\user\Des ktop\KjFT0 qPTo4.vbs" MD5: 045451FA238A75305CC26AC982472367) - temp_executable.exe (PID: 3316 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\temp_e xecutable. exe" MD5: 12E3B467C52A663A7B6F61AF61B63A11) - RegAsm.exe (PID: 3396 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 8FE9545E9F72E460723F484C304314AD)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook_1 | Yara detected FormBook | Joe Security | ||
Windows_Trojan_Formbook_1112e116 | unknown | unknown |
| |
JoeSecurity_FormBook_1 | Yara detected FormBook | Joe Security | ||
Windows_Trojan_Formbook_1112e116 | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook_1 | Yara detected FormBook | Joe Security | ||
Windows_Trojan_Formbook_1112e116 | unknown | unknown |
| |
JoeSecurity_FormBook_1 | Yara detected FormBook | Joe Security | ||
Windows_Trojan_Formbook_1112e116 | unknown | unknown |
|
System Summary |
---|
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: Michael Haag: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Software Vulnerabilities |
---|
Source: | Child: |
Networking |
---|
Source: | Initial file: |
Source: | HTTP traffic detected: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | COM Object queried: | Jump to behavior | ||
Source: | COM Object queried: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 3_2_0042C563 | |
Source: | Code function: | 3_2_022F07AC | |
Source: | Code function: | 3_2_022EFAE8 | |
Source: | Code function: | 3_2_022EFB68 | |
Source: | Code function: | 3_2_022EF9F0 | |
Source: | Code function: | 3_2_022EFDC0 | |
Source: | Code function: | 3_2_022F0060 | |
Source: | Code function: | 3_2_022F0078 | |
Source: | Code function: | 3_2_022F0048 | |
Source: | Code function: | 3_2_022F00C4 | |
Source: | Code function: | 3_2_022F10D0 | |
Source: | Code function: | 3_2_022F010C | |
Source: | Code function: | 3_2_022F1148 | |
Source: | Code function: | 3_2_022F01D4 | |
Source: | Code function: | 3_2_022EFA20 | |
Source: | Code function: | 3_2_022EFA50 | |
Source: | Code function: | 3_2_022EFAB8 | |
Source: | Code function: | 3_2_022EFAD0 | |
Source: | Code function: | 3_2_022EFB50 | |
Source: | Code function: | 3_2_022EFBB8 | |
Source: | Code function: | 3_2_022EFBE8 | |
Source: | Code function: | 3_2_022EF8CC | |
Source: | Code function: | 3_2_022EF938 | |
Source: | Code function: | 3_2_022F1930 | |
Source: | Code function: | 3_2_022EF900 | |
Source: | Code function: | 3_2_022EFE24 | |
Source: | Code function: | 3_2_022EFEA0 | |
Source: | Code function: | 3_2_022EFED0 | |
Source: | Code function: | 3_2_022EFF34 | |
Source: | Code function: | 3_2_022EFFB4 | |
Source: | Code function: | 3_2_022EFFFC | |
Source: | Code function: | 3_2_022EFC30 | |
Source: | Code function: | 3_2_022EFC60 | |
Source: | Code function: | 3_2_022EFC48 | |
Source: | Code function: | 3_2_022F0C40 | |
Source: | Code function: | 3_2_022EFC90 | |
Source: | Code function: | 3_2_022EFD5C | |
Source: | Code function: | 3_2_022EFD8C | |
Source: | Code function: | 3_2_022F1D80 |
Source: | Code function: | 2_2_002C9970 | |
Source: | Code function: | 2_2_002C8148 | |
Source: | Code function: | 2_2_002C1A60 | |
Source: | Code function: | 2_2_002C16D0 | |
Source: | Code function: | 3_2_00402350 | |
Source: | Code function: | 3_2_0042EB83 | |
Source: | Code function: | 3_2_0040FCFB | |
Source: | Code function: | 3_2_00404486 | |
Source: | Code function: | 3_2_0040FD03 | |
Source: | Code function: | 3_2_00402E60 | |
Source: | Code function: | 3_2_004166B3 | |
Source: | Code function: | 3_2_0040FF23 | |
Source: | Code function: | 3_2_0040DFA3 | |
Source: | Code function: | 3_2_023A1238 | |
Source: | Code function: | 3_2_022FE2E9 | |
Source: | Code function: | 3_2_02302305 | |
Source: | Code function: | 3_2_0234A37B | |
Source: | Code function: | 3_2_02307353 | |
Source: | Code function: | 3_2_023A63BF | |
Source: | Code function: | 3_2_022FF3CF | |
Source: | Code function: | 3_2_023263DB | |
Source: | Code function: | 3_2_0232D005 | |
Source: | Code function: | 3_2_0231905A | |
Source: | Code function: | 3_2_02303040 | |
Source: | Code function: | 3_2_022FE0C6 | |
Source: | Code function: | 3_2_0234A634 | |
Source: | Code function: | 3_2_023A2622 | |
Source: | Code function: | 3_2_02304680 | |
Source: | Code function: | 3_2_0230E6C1 | |
Source: | Code function: | 3_2_0230C7BC | |
Source: | Code function: | 3_2_0238579A | |
Source: | Code function: | 3_2_023357C3 | |
Source: | Code function: | 3_2_0233D47D | |
Source: | Code function: | 3_2_02335485 | |
Source: | Code function: | 3_2_02311489 | |
Source: | Code function: | 3_2_0230351F | |
Source: | Code function: | 3_2_02346540 | |
Source: | Code function: | 3_2_0231C5F0 | |
Source: | Code function: | 3_2_023B3A83 | |
Source: | Code function: | 3_2_02327B00 | |
Source: | Code function: | 3_2_023ACBA4 | |
Source: | Code function: | 3_2_0238DBDA | |
Source: | Code function: | 3_2_022FFBD7 | |
Source: | Code function: | 3_2_0232286D | |
Source: | Code function: | 3_2_0230C85C | |
Source: | Code function: | 3_2_0239F8EE | |
Source: | Code function: | 3_2_02385955 | |
Source: | Code function: | 3_2_023029B2 | |
Source: | Code function: | 3_2_023A098E | |
Source: | Code function: | 3_2_023169FE | |
Source: | Code function: | 3_2_02332E2F | |
Source: | Code function: | 3_2_0231EE4C | |
Source: | Code function: | 3_2_02310F3F | |
Source: | Code function: | 3_2_0232DF7C | |
Source: | Code function: | 3_2_02330D3B | |
Source: | Code function: | 3_2_0230CD5B | |
Source: | Code function: | 3_2_0239FDDD |
Source: | Initial sample: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: |
Source: | Code function: | 3_2_004030E2 | |
Source: | Code function: | 3_2_0041488F | |
Source: | Code function: | 3_2_00401967 | |
Source: | Code function: | 3_2_0040213D | |
Source: | Code function: | 3_2_00415AE9 | |
Source: | Code function: | 3_2_0040D514 | |
Source: | Code function: | 3_2_0040D514 | |
Source: | Code function: | 3_2_004154BA | |
Source: | Code function: | 3_2_00418DE6 | |
Source: | Code function: | 3_2_0040D514 | |
Source: | Code function: | 3_2_004116BC | |
Source: | Code function: | 3_2_00413FCE | |
Source: | Code function: | 3_2_022FDFB4 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Persistence and Installation Behavior |
---|
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior |
Source: | File created: | Jump to dropped file |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 3_2_02340101 |
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 3_2_02340101 |
Source: | Code function: | 3_2_022F07AC |
Source: | Code function: | 3_2_023026F8 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 121 Scripting | Valid Accounts | 1 Native API | 121 Scripting | 1 DLL Side-Loading | 1 Disable or Modify Tools | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Exploitation for Client Execution | 1 DLL Side-Loading | 311 Process Injection | 11 Deobfuscate/Decode Files or Information | LSASS Memory | 12 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 3 Obfuscated Files or Information | Security Account Manager | 1 Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Install Root Certificate | NTDS | 2 Security Software Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 1 Process Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Timestomp | Cached Domain Credentials | 41 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 1 Application Window Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Modify Registry | Proc Filesystem | 1 Remote System Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 41 Virtualization/Sandbox Evasion | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 311 Process Injection | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Dropper.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
5% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
transfer.adttemp.com.br | 104.196.109.209 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true | unknown | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.196.109.209 | transfer.adttemp.com.br | United States | 15169 | GOOGLEUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1530695 |
Start date and time: | 2024-10-10 12:21:56 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | KjFT0qPTo4.vbsrenamed because original name is a hash value |
Original Sample Name: | 437d16ac6fb62c138841e2ddb216dca0.vbs |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winVBS@5/1@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Time | Type | Description |
---|---|---|
06:22:51 | API Interceptor | |
06:22:53 | API Interceptor | |
06:23:34 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | RevengeRAT | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72704 |
Entropy (8bit): | 5.975176572454892 |
Encrypted: | false |
SSDEEP: | 1536:8lE1kIo9cMtk/KI1t4uvPRMydDBg5sV+opzh:8lE1po9cMtsKI1t4uvPRMydDaNqN |
MD5: | 12E3B467C52A663A7B6F61AF61B63A11 |
SHA1: | 6336F4CA9EC8105A0A3E32EDE0F2AAAE4DCAA7D7 |
SHA-256: | 4B9B842F44FA8925E7CA3608DB8ABA660C02E3E1162DAAF458DD4D8021C04B50 |
SHA-512: | 06FF931A16B55D792DF380B0174077E8D7DD324D062A34D4E13CE57F2F92C50CCBECC62CAE87598D2D11689C0223E4496241B476826EF7EAF5714EBE44AD12DB |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 4.433021692985713 |
TrID: |
|
File name: | KjFT0qPTo4.vbs |
File size: | 139'132 bytes |
MD5: | 437d16ac6fb62c138841e2ddb216dca0 |
SHA1: | 0c74d149fbd1f4f1a20ba1f962564d02a88d184f |
SHA256: | 2b18564d817f6070f7cdb7f29dc8ba06a96772c7ce0ea72e74c944b089bf7df4 |
SHA512: | 4dc2a180b770cf82c84d93cf649b530af33681d4f7d9c727aca6c44c1547a0dc078c6439a7980f1a726a874f1618aacb6d85b80d00e87c4caff6fd4e87cedccb |
SSDEEP: | 1536:6gda9TX8Jsk6YRN9qJgcs61wwmpxR8IFVU7H7HL830IkmdhJ6N40QO8BRC1bqbuy:gzYVx161wwXHuuIq1rsuG/fN |
TLSH: | B5D37363DF069E1441970E7C8B065727BC6C85B8B3F9EED8E6E6480148F9726606B7CC |
File Content Preview: | ' Main Script Logic for Processing Base64 Data....Option Explicit....Dim base64Data..base64Data = "));;;qQ@@@@M@@@@@@@@E@@@@@@@@//8@@@@Lg@@@@@@@@@@@@@@@@@@Q@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@g@@@@ |
Icon Hash: | 68d69b8f86ab9a86 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 10, 2024 12:22:54.829889059 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:54.829976082 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:54.830053091 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:54.838200092 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:54.838277102 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.461716890 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.461935997 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.468152046 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.468206882 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.468703985 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.593528032 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.635441065 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.707839012 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.708163023 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.708173037 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.708211899 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.708337069 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.708403111 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.708483934 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.726053953 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.726068974 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.726100922 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.726125002 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.726186037 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.796356916 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.796555996 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.796576977 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.796638966 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.796638966 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.796705961 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.797261000 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.797312021 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.797466993 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.797532082 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.797605991 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.797687054 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.798615932 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.798665047 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.798680067 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.798701048 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.798758984 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.814595938 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.814646006 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.814769983 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.814836025 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.814913034 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.884644032 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.884763956 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.884792089 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.884819984 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.885020018 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.885303020 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.885380983 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.886868000 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.886924982 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.887279987 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.887351990 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.887583971 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.887644053 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.887764931 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.887835979 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.888137102 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.888194084 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.888775110 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.888845921 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.888906002 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.888966084 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.889523983 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.889588118 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.889653921 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.889714003 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.889801025 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.889863014 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.891766071 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.891935110 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.910001993 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.910145998 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.910221100 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.910221100 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.910284042 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.973754883 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.973854065 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.973915100 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.973953962 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.974024057 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.974040031 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.974086046 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.974143982 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.974157095 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.974275112 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.974330902 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.974344015 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.974396944 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.974455118 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.974467993 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.974859953 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.974919081 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.974932909 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.975003004 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.975059032 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.975074053 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.975466967 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.975532055 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.975544930 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.975621939 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.975676060 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.975689888 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.976140022 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.976198912 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.976212025 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.976289034 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.976356030 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.976368904 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.976936102 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.977000952 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.977014065 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.977269888 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.977327108 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.977339983 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.977411985 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.977475882 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.977488041 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.977552891 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.977612019 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.977626085 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.978255987 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.978317976 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.978331089 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.978401899 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.978458881 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.978471994 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.978986025 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.979042053 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.979052067 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.979067087 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.979103088 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.979682922 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.979737997 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.979746103 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.979758024 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.979796886 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.979810953 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.979860067 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.980600119 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.980654955 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.991270065 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.991350889 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.991626024 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.991683006 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.991904020 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.991969109 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.992408991 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.992471933 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:55.992527962 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:55.992594957 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.061491966 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.061638117 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.061692953 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.061755896 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.061815023 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.061825037 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.061847925 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.061901093 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.062093019 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.062199116 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.062217951 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.062526941 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.062597990 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.062613964 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.062649012 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.062700987 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.062716007 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.062963963 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.063034058 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.063045979 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.063291073 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.063345909 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.063359022 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.063512087 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.063571930 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.063587904 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.063620090 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.063673019 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.063694000 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.064377069 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.064439058 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.064459085 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.064965010 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.065027952 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.065042019 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.065886021 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.065951109 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.065964937 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.066715956 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.066783905 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.066797972 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.067589998 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.067655087 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.067668915 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.067852974 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.067912102 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.067925930 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.068463087 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.068531036 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.068546057 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.069154024 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.069214106 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.069228888 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.079720020 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.079930067 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.079992056 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.080454111 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.080663919 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.080725908 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.150254965 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.150480986 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.150542974 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.150592089 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.150614023 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.150650024 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.150650978 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.150684118 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.150712013 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.150729895 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.150743008 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.150878906 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.150938988 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.151086092 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.151087046 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.151155949 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.151197910 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.151262045 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.151281118 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.151338100 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.151350021 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.151591063 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.151655912 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.151694059 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.151750088 CEST | 443 | 49163 | 104.196.109.209 | 192.168.2.22 |
Oct 10, 2024 12:22:56.151804924 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Oct 10, 2024 12:22:56.214586973 CEST | 49163 | 443 | 192.168.2.22 | 104.196.109.209 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 10, 2024 12:22:54.797350883 CEST | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
Oct 10, 2024 12:22:54.815954924 CEST | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 10, 2024 12:22:54.797350883 CEST | 192.168.2.22 | 8.8.8.8 | 0x684c | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 10, 2024 12:22:54.815954924 CEST | 8.8.8.8 | 192.168.2.22 | 0x684c | No error (0) | 104.196.109.209 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49163 | 104.196.109.209 | 443 | 3316 | C:\Users\user\AppData\Local\Temp\temp_executable.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-10 10:22:55 UTC | 93 | OUT | |
2024-10-10 10:22:55 UTC | 313 | IN | |
2024-10-10 10:22:55 UTC | 7687 | IN | |
2024-10-10 10:22:55 UTC | 505 | IN | |
2024-10-10 10:22:55 UTC | 7495 | IN | |
2024-10-10 10:22:55 UTC | 697 | IN | |
2024-10-10 10:22:55 UTC | 7303 | IN | |
2024-10-10 10:22:55 UTC | 889 | IN | |
2024-10-10 10:22:55 UTC | 7111 | IN | |
2024-10-10 10:22:55 UTC | 1081 | IN | |
2024-10-10 10:22:55 UTC | 6919 | IN | |
2024-10-10 10:22:55 UTC | 1273 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 06:22:51 |
Start date: | 10/10/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xff960000 |
File size: | 168'960 bytes |
MD5 hash: | 045451FA238A75305CC26AC982472367 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 06:22:53 |
Start date: | 10/10/2024 |
Path: | C:\Users\user\AppData\Local\Temp\temp_executable.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x12f0000 |
File size: | 72'704 bytes |
MD5 hash: | 12E3B467C52A663A7B6F61AF61B63A11 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 06:22:55 |
Start date: | 10/10/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xeb0000 |
File size: | 64'704 bytes |
MD5 hash: | 8FE9545E9F72E460723F484C304314AD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 19.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 24.6% |
Total number of Nodes: | 57 |
Total number of Limit Nodes: | 1 |
Graph
Function 002C9970 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C8148 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002CA464 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 267processCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C962C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 264processCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C9650 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C9638 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C9680 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002CA8B0 Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C9668 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C9698 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002CAFE1 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C16D0 Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002C1A60 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 1.2% |
Dynamic/Decrypted Code Coverage: | 4.2% |
Signature Coverage: | 7.4% |
Total number of Nodes: | 95 |
Total number of Limit Nodes: | 7 |
Graph
Function 0042C563 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 022F07AC Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFAE8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFB68 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EF9F0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFDC0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C8D3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042C883 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042C923 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 023026F8 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02340101 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F0060 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F0078 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F0048 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F00C4 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F10D0 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F010C Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F1148 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F01D4 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFA20 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFA50 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFAB8 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFAD0 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFB50 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFBB8 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFBE8 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EF8CC Relevance: .0, Instructions: 6COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EF938 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F1930 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EF900 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFE24 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFEA0 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFED0 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFF34 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFFB4 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFFFC Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFC30 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFC60 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFC48 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F0C40 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFC90 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFD5C Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022EFD8C Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F1D80 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0232FCC9 Relevance: 6.3, APIs: 4, Instructions: 257COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|