Clicky

Detection Date Name MD5 Info Behavior Graph Classification File Icon
slider slider
26.07.2017 09:42:59
136022B0196EFEA41764736FE74F32E9
slider slider
26.07.2017 04:05:54
D724D8CC6420F06E8A48752F0DA11C66
slider slider
25.07.2017 15:31:53
658165EFB856135E30408FD6B089393D
slider slider
25.07.2017 10:35:02
5A5F5BBF527EF5DB6DE63F5F5B2B6805
slider slider
24.07.2017 15:13:28
C4CB28912969BAF1F515F40CC7DD6727
slider slider
24.07.2017 11:37:38
D6B883F155CFBAD3DA1269B7CA0F2D28
behavior_graph main Behavior Graph ID: 31385 Sample:  xme.gif.exe Startdate:  24/07/2017 Architecture:  WINDOWS Score:  100 0 xme.gif.exe main->0      started     20reducedSig Signatures exceeded maximum capacity for this level. 7 signatures have been hidden. 20sig Allocates memory in foreign processes 3480sig Contains functionality to inject code into remote processes 490sig Contains functionality to inject threads in other processes 21reducedSig Signatures exceeded maximum capacity for this level. 7 signatures have been hidden. 21sig Allocates memory in foreign processes 3481sig Contains functionality to inject code into remote processes 491sig Contains functionality to inject threads in other processes 23reducedSig Signatures exceeded maximum capacity for this level. 9 signatures have been hidden. 23sig Allocates memory in foreign processes 522d1e208128sig Detected TCP or UDP traffic on non-standard ports 206d1e206474sig Performs DNS lookups 2185sig Writes to foreign memory regions 2186sig Writes to foreign memory regions 28sig Allocates memory in foreign processes 1568sig Creates a thread in another existing process (thread injection) 4418sig Injects code into the Windows Explorer (explorer.exe) 215reducedSig Signatures exceeded maximum capacity for this level. 10 signatures have been hidden. 216reducedSig Signatures exceeded maximum capacity for this level. 10 signatures have been hidden. 217reducedSig Signatures exceeded maximum capacity for this level. 10 signatures have been hidden. 218reducedSig Signatures exceeded maximum capacity for this level. 10 signatures have been hidden. 219reducedSig Signatures exceeded maximum capacity for this level. 10 signatures have been hidden. 220reducedSig Signatures exceeded maximum capacity for this level. 10 signatures have been hidden. 222reducedSig Signatures exceeded maximum capacity for this level. 10 signatures have been hidden. 223reducedSig Signatures exceeded maximum capacity for this level. 10 signatures have been hidden. 225reducedSig Signatures exceeded maximum capacity for this level. 10 signatures have been hidden. 229reducedSig Signatures exceeded maximum capacity for this level. 4 signatures have been hidden. 215sig Allocates memory in foreign processes 216sig Allocates memory in foreign processes 217sig Allocates memory in foreign processes 218sig Allocates memory in foreign processes 219sig Allocates memory in foreign processes 220sig Allocates memory in foreign processes 222sig Allocates memory in foreign processes 223sig Allocates memory in foreign processes 225sig Allocates memory in foreign processes 229sig Allocates memory in foreign processes d1e208128reduced Connected ips exeeded maximum capacity for this level. 4 connected ips have been hidden. d1e208128 v1.eakalra.ru 217.23.1.27, 1281 WorldStream Netherlands d1e208128->522d1e208128sig d1e206474 2 similar packets combined: v1.eakalra.ru d1e206474->206d1e206474sig d1e206446 v1.op17.ru 0->20reducedSig 0->20sig 0->3480sig 0->490sig 1 xme.gif.exe 1 0->1      started     1->21reducedSig 1->21sig 1->3481sig 1->491sig 3 svchost.exe 1 2 1->3      started     3->23reducedSig 3->23sig 3->d1e208128reduced 3->d1e208128 3->d1e206474 3->d1e206446 5 csrss.exe 3->5 injected 6 csrss.exe 3->6 injected 4 smss.exe 3->4 injected 5->2185sig 8 WmiPrvSE.exe 5->8 injected 6->2186sig 8->28sig 8->1568sig 8->4418sig 10reduced Processes exeeded maximum capacity for this level. 13 processes have been hidden. 8->10reduced injected 15 svchost.exe 8->15 injected 16 svchost.exe 8->16 injected 17 svchost.exe 8->17 injected 18 svchost.exe 8->18 injected 19 svchost.exe 8->19 injected 20 svchost.exe 8->20 injected 22 svchost.exe 8->22 injected 23 svchost.exe 8->23 injected 25 svchost.exe 8->25 injected 29 WmiPrvSE.exe 8->29 injected 15->215reducedSig 15->215sig 16->216reducedSig 16->216sig 17->217reducedSig 17->217sig 18->218reducedSig 18->218sig 19->219reducedSig 19->219sig 20->220reducedSig 20->220sig 22->222reducedSig 22->222sig 23->223reducedSig 23->223sig 25->225reducedSig 25->225sig 29->229reducedSig 29->229sig process0 signatures0 process1 signatures1 process3 dnsIp3 signatures3 process4 signatures4 process8 signatures8 process10 signatures10 fileCreated1 fileCreated3 fileCreated8
slider slider
24.07.2017 11:36:50
E39C7D9140FE1EED02638CA11D4C6CBE
slider slider
24.07.2017 10:45:48
F940B9D3DDE54293D1403A867E871232
slider slider
24.07.2017 02:09:54
A3BC4CB8D97BE087340170B74BC76AE8
slider slider
22.07.2017 16:15:18
BA1CFD4AE063356B71E173424B8AB94B
slider slider
21.07.2017 20:34:55
473C41D6E158185DEB3410334A11724A
slider slider
20.07.2017 23:30:56
DD1D0C21CA952FAEBD7DFC8E4E87B95A