Edit tour

Windows Analysis Report
Documents of shipment 3-2024.exe

Overview

General Information

Sample name:	Documents of shipment 3-2024.exe
Analysis ID:	1408242
MD5:	779222c4ace4e7726fc76dedb4394b77
SHA1:	da183b07419ffb0fa4b72230cf540e8a09c64a65
SHA256:	664db26a69e4b1efb10289189887c35558bf7ca966eed02f97e523fef83f1205
Tags:	AgentTeslaexe
Infos:

Detection

AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected AgentTesla

Yara detected AntiVM3

.NET source code contains potential unpacker

Contains functionality to log keystrokes (.Net Source)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for sample

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Outbound SMTP Connections

Tries to load missing DLLs

Uses 32bit PE files

Uses SMTP (mail sending)

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Documents of shipment 3-2024.exe (PID: 7472 cmdline: C:\Users\user\Desktop\Documents of shipment 3-2024.exe MD5: 779222C4ACE4E7726FC76DEDB4394B77)

Documents of shipment 3-2024.exe (PID: 7644 cmdline: C:\Users\user\Desktop\Documents of shipment 3-2024.exe MD5: 779222C4ACE4E7726FC76DEDB4394B77)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://asec.ahnlab.com/ko/29133/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.elec-qatar.com", "Username": "mohammed.abrar@elec-qatar.com", "Password": "MHabrar2019@#"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000003.00000002.2487661512.00000000031F6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000003.00000002.2487661512.00000000031EE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000003.00000002.2484776287.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.2484776287.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000003.00000002.2487661512.00000000031A1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.2487661512.00000000031A1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000001.00000002.1247364304.00000000036AE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.1247364304.00000000036AE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Documents of shipment 3-2024.exe PID: 7472	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Documents of shipment 3-2024.exe PID: 7472	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Documents of shipment 3-2024.exe PID: 7472	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Documents of shipment 3-2024.exe PID: 7644	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Documents of shipment 3-2024.exe PID: 7644	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
1.2.Documents of shipment 3-2024.exe.374f338.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.Documents of shipment 3-2024.exe.374f338.2.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
1.2.Documents of shipment 3-2024.exe.374f338.2.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x316c3:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x31735:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x317bf:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x31851:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x318bb:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3192d:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x319c3:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x31a53:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
3.2.Documents of shipment 3-2024.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.Documents of shipment 3-2024.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
3.2.Documents of shipment 3-2024.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x334c3:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33535:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x335bf:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x33651:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x336bb:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3372d:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x337c3:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x33853:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
1.2.Documents of shipment 3-2024.exe.3789d58.3.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.Documents of shipment 3-2024.exe.3789d58.3.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
1.2.Documents of shipment 3-2024.exe.3789d58.3.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x316c3:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x31735:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x317bf:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x31851:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x318bb:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3192d:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x319c3:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x31a53:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x334c3:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x6dce3:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33535:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x6dd55:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x335bf:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x6dddf:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x33651:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x6de71:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x336bb:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x6dedb:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3372d:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x6df4d:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x337c3:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x6dfe3:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x33853:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548 0x6e073:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
1.2.Documents of shipment 3-2024.exe.374f338.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.Documents of shipment 3-2024.exe.374f338.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
1.2.Documents of shipment 3-2024.exe.374f338.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
1.2.Documents of shipment 3-2024.exe.374f338.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x334c3:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x6dee3:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0xa8703:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33535:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x6df55:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0xa8775:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x335bf:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x6dfdf:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0xa87ff:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x33651:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x6e071:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0xa8891:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x336bb:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x6e0db:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0xa88fb:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3372d:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x6e14d:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0xa896d:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x337c3:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x6e1e3:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0xa8a03:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
Click to see the 12 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 50.87.139.143, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Documents of shipment 3-2024.exe, Initiated: true, ProcessId: 7644, Protocol: tcp, SourceIp: 192.168.2.10, SourceIsIpv6: false, SourcePort: 49707

Snort Signatures

ETPRO TROJAN Agent Tesla CnC Exfil Activity - Source IP: 192.168.2.10 - Destination IP: 50.87.139.143

Timestamp:	03/13/24-14:24:42.198173
SID:	2855542
Source Port:	49707
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Agent Tesla Exfil via SMTP - Source IP: 192.168.2.10 - Destination IP: 50.87.139.143

Timestamp:	03/13/24-14:24:42.198173
SID:	2855245
Source Port:	49707
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Agent Tesla Telegram Exfil - Source IP: 192.168.2.10 - Destination IP: 50.87.139.143

Timestamp:	03/13/24-14:24:42.198173
SID:	2851779
Source Port:	49707
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 - Source IP: 192.168.2.10 - Destination IP: 50.87.139.143

Timestamp:	03/13/24-14:24:42.198173
SID:	2840032
Source Port:	49707
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN AgentTesla Exfil Via SMTP - Source IP: 192.168.2.10 - Destination IP: 50.87.139.143

Timestamp:	03/13/24-14:24:42.198070
SID:	2030171
Source Port:	49707
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Win32/Agent Tesla SMTP Activity - Source IP: 192.168.2.10 - Destination IP: 50.87.139.143

Timestamp:	03/13/24-14:24:42.198070
SID:	2839723
Source Port:	49707
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Documents of shipment 3-2024.exe

Avira: detected

Found malware configuration

Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.elec-qatar.com", "Username": "mohammed.abrar@elec-qatar.com", "Password": "MHabrar2019@#"}

Multi AV Scanner detection for submitted file

Source: Documents of shipment 3-2024.exe	ReversingLabs: Detection: 50%
Source: Documents of shipment 3-2024.exe	Virustotal: Detection: 68%			Perma Link

Machine Learning detection for sample

Source: Documents of shipment 3-2024.exe

Joe Sandbox ML: detected

Source: Documents of shipment 3-2024.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: Documents of shipment 3-2024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2855542 ETPRO TROJAN Agent Tesla CnC Exfil Activity 192.168.2.10:49707 -> 50.87.139.143:587
Source: Traffic	Snort IDS: 2855245 ETPRO TROJAN Agent Tesla Exfil via SMTP 192.168.2.10:49707 -> 50.87.139.143:587
Source: Traffic	Snort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.10:49707 -> 50.87.139.143:587
Source: Traffic	Snort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.2.10:49707 -> 50.87.139.143:587
Source: Traffic	Snort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.10:49707 -> 50.87.139.143:587
Source: Traffic	Snort IDS: 2839723 ETPRO TROJAN Win32/Agent Tesla SMTP Activity 192.168.2.10:49707 -> 50.87.139.143:587

Yara detected Generic Downloader

Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.374f338.2.raw.unpack, type: UNPACKEDPE

Source: global traffic

TCP traffic: 192.168.2.10:49707 -> 50.87.139.143:587

Source: Joe Sandbox View

IP Address: 50.87.139.143 50.87.139.143

Source: Joe Sandbox View

ASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US

Source: global traffic

TCP traffic: 192.168.2.10:49707 -> 50.87.139.143:587

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: mail.elec-qatar.com

Source: Documents of shipment 3-2024.exe, 00000003.00000002.2487661512.00000000031F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mail.elec-qatar.com
Source: Documents of shipment 3-2024.exe, 00000001.00000002.1247364304.00000000036AE000.00000004.00000800.00020000.00000000.sdmp, Documents of shipment 3-2024.exe, 00000003.00000002.2484776287.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://account.dyn.com/

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, NmHr1WHWKO.cs	.Net Code: IiB
Source: 1.2.Documents of shipment 3-2024.exe.374f338.2.raw.unpack, NmHr1WHWKO.cs	.Net Code: IiB

System Summary

Malicious sample detected (through community Yara rule)

Source: 1.2.Documents of shipment 3-2024.exe.374f338.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 3.2.Documents of shipment 3-2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 1.2.Documents of shipment 3-2024.exe.374f338.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Documents of shipment 3-2024.exe

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_022883B0	1_2_022883B0
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_022886D8	1_2_022886D8
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_02287330	1_2_02287330
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_02288451	1_2_02288451
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_02287326	1_2_02287326
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_0228736A	1_2_0228736A
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_0228780B	1_2_0228780B
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_067B5BE8	1_2_067B5BE8
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_067B35E1	1_2_067B35E1
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_067B15D0	1_2_067B15D0
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_067B0040	1_2_067B0040
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_067B1840	1_2_067B1840
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_08780040	1_2_08780040
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_08782220	1_2_08782220
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_0878F858	1_2_0878F858
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_0878F849	1_2_0878F849
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_08787379	1_2_08787379
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_08787388	1_2_08787388
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_0878F420	1_2_0878F420
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_015D9378	3_2_015D9378
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_015D9B30	3_2_015D9B30
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_015D4A98	3_2_015D4A98
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_015DCDA8	3_2_015DCDA8
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_015D3E80	3_2_015D3E80
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_015D41C8	3_2_015D41C8
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_066D56C8	3_2_066D56C8
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_066D3F40	3_2_066D3F40
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_066DDCF8	3_2_066DDCF8
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_066DBCF0	3_2_066DBCF0
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_066D2AF8	3_2_066D2AF8
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_066D9AD0	3_2_066D9AD0
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_066D8B80	3_2_066D8B80
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_066D0040	3_2_066D0040
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_066D4FE8	3_2_066D4FE8
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 3_2_066D3248	3_2_066D3248

Source: Documents of shipment 3-2024.exe, 00000001.00000002.1245351308.00000000005FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Documents of shipment 3-2024.exe
Source: Documents of shipment 3-2024.exe, 00000001.00000002.1246801206.000000000251C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameecf3ed1c-5c3b-4038-87a8-401c6c5075d4.exe4 vs Documents of shipment 3-2024.exe
Source: Documents of shipment 3-2024.exe, 00000001.00000002.1249994593.0000000006AE0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Documents of shipment 3-2024.exe
Source: Documents of shipment 3-2024.exe, 00000001.00000002.1247364304.00000000036AE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameecf3ed1c-5c3b-4038-87a8-401c6c5075d4.exe4 vs Documents of shipment 3-2024.exe
Source: Documents of shipment 3-2024.exe, 00000001.00000002.1247364304.00000000036AE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Documents of shipment 3-2024.exe
Source: Documents of shipment 3-2024.exe, 00000003.00000002.2485139424.00000000012F9000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Documents of shipment 3-2024.exe
Source: Documents of shipment 3-2024.exe, 00000003.00000002.2484776287.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameecf3ed1c-5c3b-4038-87a8-401c6c5075d4.exe4 vs Documents of shipment 3-2024.exe
Source: Documents of shipment 3-2024.exe	Binary or memory string: OriginalFilenameZOtz.exe< vs Documents of shipment 3-2024.exe

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: Documents of shipment 3-2024.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 1.2.Documents of shipment 3-2024.exe.374f338.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 3.2.Documents of shipment 3-2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 1.2.Documents of shipment 3-2024.exe.374f338.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers

Source: Documents of shipment 3-2024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, ISZbPXDvPz.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, ISZbPXDvPz.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, nAXAT51m.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, nAXAT51m.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, nAXAT51m.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, nAXAT51m.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, YpS.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, YpS.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, QVE6fvyfY6nuXQ1y2a.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, L1THh1BjLYfAt0yqQB.cs	Security API names: _0020.SetAccessControl
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, L1THh1BjLYfAt0yqQB.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, L1THh1BjLYfAt0yqQB.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@1/1

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Documents of shipment 3-2024.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Mutant created: NULL

Source: Documents of shipment 3-2024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Documents of shipment 3-2024.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Documents of shipment 3-2024.exe	ReversingLabs: Detection: 50%
Source: Documents of shipment 3-2024.exe	Virustotal: Detection: 68%

Source: unknown	Process created: C:\Users\user\Desktop\Documents of shipment 3-2024.exe C:\Users\user\Desktop\Documents of shipment 3-2024.exe
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process created: C:\Users\user\Desktop\Documents of shipment 3-2024.exe C:\Users\user\Desktop\Documents of shipment 3-2024.exe
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process created: C:\Users\user\Desktop\Documents of shipment 3-2024.exe C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles

Jump to behavior

Source: Documents of shipment 3-2024.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Documents of shipment 3-2024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: Documents of shipment 3-2024.exe, --.cs	.Net Code: _0002 System.Reflection.Assembly.Load(byte[])
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, L1THh1BjLYfAt0yqQB.cs	.Net Code: Tp0ZJno33v2Lf4H90qV System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_04A52E20 pushad ; iretd		1_2_04A52E21
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Code function: 1_2_0878331E pushad ; ret		1_2_08783321

Source: Documents of shipment 3-2024.exe

Static PE information: section name: .text entropy: 7.988555037607642

Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, LY9WGgoMp5W6Ls47W9.cs	High entropy of concatenated method names: 'LHi98FWZep', 'p4M9ixVqgj', 'SkT9bYCkfZ', 'm8ebUZW1xs', 'e4BbzQBeaS', 'A4D9ZrhblG', 'FQo92xQ1Pw', 'OI09IHN5Xy', 'RCR9gfoFMQ', 'zoJ9AVHb8u'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, k3Hp3OrSCTWFTJ5OT9.cs	High entropy of concatenated method names: 'KhAMdUc7rt', 'j66MW5j9kH', 'fI2iSAgTgr', 'SVhiCC9uYT', 'jLEixAvbXP', 's2xiu26uwd', 'IP8ioMiZqC', 'acjiTwrbG0', 'ViFi3697NE', 'PV2iRqj6Ku'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, l2N8Wpqy0LebEdWDSs.cs	High entropy of concatenated method names: 'HigjRkng4F', 'XmHjFrOeLy', 'wYijqA7v6x', 'Kuhj7ydvYO', 'D7sj5KI7eT', 'zBijSX88a7', 'Ts5jCiIPET', 'ynojxWaYSm', 'RLNjuRUofN', 'my3jo6wvy7'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, CWfQjmDbvcXPECMA27.cs	High entropy of concatenated method names: 'PPiQsdfL3I', 'jqeQURYsGa', 'BLmeZI1JPr', 'iaue2kv6AB', 'CrpQHDGQDg', 'NNmQFpAbjG', 'zRhQNOscUC', 'mZXQqCrPP3', 'xBEQ7jmGos', 'OI3Qvjf5O7'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, dCmF1Ssthw6NjSeCNU.cs	High entropy of concatenated method names: 'wuje8fgRjf', 'M8xe0m0Rq4', 'DT5ei8K45i', 'JOueMKXdTV', 'oZKeb1BRZk', 'h20e9WQQsq', 'iqdeB9cbtb', 'RsEecqn0GJ', 'mdue622MYu', 'BdHeaEm9SV'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, VSDVbK3tUKZEx3nS90.cs	High entropy of concatenated method names: 'nBW9GJTyr7', 'BKR9mYNHEV', 'Gq49pU7KBU', 'MD29ty2aW5', 'Pr09daVdqJ', 'ooi9XTsLvS', 'O1b9WtTdpG', 'Hos9yGuoaV', 'y8n9JgYaPf', 'i8n9rNFDMq'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, BylFJf2Zhp8SLOP8x1I.cs	High entropy of concatenated method names: 'MAofGHCIZ8', 'fqyfmGsBpO', 'x4qfptxY2q', 'GVKftRrYvL', 'fi0fdnE2Hq', 'Ii6fXNUtBO', 'CEGfWlTvLb', 'rRdfyoPAns', 'LT3fJMvY5C', 'KlcfrADW0I'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, gM2G8n0AHJRGPmLJNN.cs	High entropy of concatenated method names: 'Dispose', 'Tbp2VSQVLP', 'u38I5I2Qcc', 'qNmYYxk13q', 'mAC2UmF1St', 'Uw62zNjSeC', 'ProcessDialogKey', 'QUIIZIvYPF', 'zyII2riUck', 'mokIIfQ7i8'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, LsAxH0IgLQPGa9oup8.cs	High entropy of concatenated method names: 'QSgpuBq8s', 'N0It1JvFI', 'YLFXqZKLO', 'uayWQUmp8', 'GyJJkCFkD', 'sPkr00p24', 'sByXSnf0gWcUhmau8p', 'D67D7Utcg2umaDOtp2', 'xgieN7uPh', 'gktYXVHym'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, bIvYPFVtyIriUck6ok.cs	High entropy of concatenated method names: 'Ua0eKnlxO3', 'o7re57rA7r', 'OBoeSljykt', 'USXeCiYnad', 'SLaeqh1cy2', 'tBEexj65Lw', 'Next', 'Next', 'Next', 'NextBytes'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, rQ7i8GUFLJVmdv8p2Y.cs	High entropy of concatenated method names: 'yhnf2KlrHa', 'xTBfghTtSe', 'rpsfA98TDs', 'YjEf8mQbvV', 'slyf0O2c1m', 'Kb7fM6wFo3', 'ar9fbvUQUL', 'Adae49GATU', 'BN3es1eH8t', 'OUmeVWHRgb'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, lpyWDZv40r0bWpUTjS.cs	High entropy of concatenated method names: 'ToString', 's1PkHhTaO1', 'O2qk5JBcYw', 'I4hkSk6ZHi', 'UBPkCXmZth', 'akckxPH9Jq', 'Q9Fkud5Xep', 'jJSkoKl03u', 'MVIkT1ZrCZ', 'pRtk3HsJgo'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, XTPGhDA3dIlhb64mav.cs	High entropy of concatenated method names: 'k7N29VE6fv', 'sY62BnuXQ1', 'poZ26wYr1m', 'm0d2a2B3Hp', 'E5O2jT9g3W', 'PxX2koTBRF', 'wfMeKR9Xpo0AND7rgS', 'h4HUGaviZk02U9jVKF', 'Fsh222YUnb', 'mQB2gSbxk9'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, QhXs1iicvmrsW3kO07.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'UQjIVXLqqY', 'vUaIUVaJ9Z', 'oL7Iz2k5FG', 'tFYgZohJg8', 'jCvg2cLl60', 'Xl7gIbujGe', 'qQXggF5ybB', 'UpqUDWorkCFlXcm46CV'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, c3WFxXKoTBRFECotHe.cs	High entropy of concatenated method names: 'oq8bnJ3xJI', 'WBXb0cMr4W', 'xPIbMT0Xj5', 'kWyb99kilu', 'CWsbB0G9On', 'tkOMh4lxIa', 'lVfMDhWffe', 'dVOM4wNreg', 'y4mMsf3eLR', 'nNoMVqvNpW'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, L1THh1BjLYfAt0yqQB.cs	High entropy of concatenated method names: 'm8vgnnwCwk', 'QrLg8xsWkL', 'w7cg01PvZL', 'YcggiEp5S6', 'BU7gM800X2', 've3gbAog5e', 'BsSg9CnGOh', 'lrrgBt4Ejt', 'LEggcLNXKu', 'IBMg6Qwjqg'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, QVE6fvyfY6nuXQ1y2a.cs	High entropy of concatenated method names: 'bcN0qkV31Y', 'Bm307QToCk', 'dfZ0vIpE0Y', 'e940Ew7V1B', 'jFM0hFgYMI', 'efS0DabEU8', 'NM404rXAkH', 'JSI0sfCQjs', 'NsE0VbF6qI', 'j4H0UxMEi6'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, RcwQHaEZy6735qurFY.cs	High entropy of concatenated method names: 'P96Q6ZaFsG', 'QZgQatDWSE', 'ToString', 'ukQQ8NnhUm', 'CODQ0tlI8o', 'kaAQiQvCBg', 'icDQMXiLrI', 'VjUQbHHPsF', 'x9JQ963RLi', 'oyVQBAqxqs'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, bwxwKbNIvW51SAID7j.cs	High entropy of concatenated method names: 'qF4Py0fJ41', 'vXtPJpbDqK', 'ARjPKGvtBL', 'MyEP5fffaY', 'BWZPCPboR3', 'RGaPxAaydS', 'Mk7PoLi0hC', 'j9BPTKUrCk', 'cK0PRb2j0M', 'RA8PHmrY6V'
Source: 1.2.Documents of shipment 3-2024.exe.6ae0000.5.raw.unpack, FRq2DkJoZwYr1m60d2.cs	High entropy of concatenated method names: 'LuQitvlipS', 'zJkiXX75u4', 't9FiyKOrMK', 'xF7iJD83OR', 'u6RijvPsJ0', 'DEPiklZZiv', 'QsDiQfe4Xr', 'TCmiePeUSv', 'eyrifNvMAU', 'QqfiYicV9C'

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Documents of shipment 3-2024.exe PID: 7472, type: MEMORYSTR

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Memory allocated: 2280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Memory allocated: 24D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Memory allocated: 22F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Memory allocated: 89E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Memory allocated: 99E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Memory allocated: 9BF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Memory allocated: ABF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Memory allocated: 15D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Memory allocated: 31A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Memory allocated: 30F0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Window / User API: threadDelayed 1291			Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Window / User API: threadDelayed 2893			Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7524	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -10145709240540247s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7764	Thread sleep count: 1291 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -99766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7764	Thread sleep count: 2893 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -99641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -99500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -99391s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -99266s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -99153s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -99047s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -98937s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -98828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -98719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -98609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -98500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -98391s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -98281s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -98172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -98062s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -97953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -97844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -97734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe TID: 7748	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 99766	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 99641	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 99500	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 99391	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 99266	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 99153	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 99047	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 98937	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 98828	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 98719	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 98609	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 98500	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 98391	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 98281	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 98172	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 98062	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 97953	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 97844	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 97734	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: Documents of shipment 3-2024.exe, 00000003.00000002.2486589599.00000000016D4000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Memory written: C:\Users\user\Desktop\Documents of shipment 3-2024.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Process created: C:\Users\user\Desktop\Documents of shipment 3-2024.exe C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Users\user\Desktop\Documents of shipment 3-2024.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Users\user\Desktop\Documents of shipment 3-2024.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.374f338.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Documents of shipment 3-2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.374f338.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2487661512.00000000031F6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2487661512.00000000031EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2484776287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2487661512.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1247364304.00000000036AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Documents of shipment 3-2024.exe PID: 7472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Documents of shipment 3-2024.exe PID: 7644, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\Documents of shipment 3-2024.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.374f338.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Documents of shipment 3-2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.374f338.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2484776287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2487661512.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1247364304.00000000036AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Documents of shipment 3-2024.exe PID: 7472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Documents of shipment 3-2024.exe PID: 7644, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.374f338.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Documents of shipment 3-2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.3789d58.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Documents of shipment 3-2024.exe.374f338.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2487661512.00000000031F6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2487661512.00000000031EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2484776287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2487661512.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1247364304.00000000036AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Documents of shipment 3-2024.exe PID: 7472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Documents of shipment 3-2024.exe PID: 7644, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	121 Windows Management Instrumentation	1 DLL Side-Loading	111 Process Injection	1 Masquerading	1 OS Credential Dumping	111 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	1 Input Capture	1 Process Discovery	Remote Desktop Protocol	1 Input Capture	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	141 Virtualization/Sandbox Evasion	1 Credentials in Registry	141 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	11 Archive Collected Data	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	1 Data from Local System	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	24 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Documents of shipment 3-2024.exe	50%	ReversingLabs	ByteCode-MSIL.Trojan.CrypterX
Documents of shipment 3-2024.exe	68%	Virustotal		Browse
Documents of shipment 3-2024.exe	100%	Avira	HEUR/AGEN.1326958
Documents of shipment 3-2024.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
mail.elec-qatar.com	2%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://mail.elec-qatar.com	0%	Avira URL Cloud	safe
http://mail.elec-qatar.com	2%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mail.elec-qatar.com	50.87.139.143	true	true	2%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://mail.elec-qatar.com	Documents of shipment 3-2024.exe, 00000003.00000002.2487661512.00000000031F6000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://account.dyn.com/	Documents of shipment 3-2024.exe, 00000001.00000002.1247364304.00000000036AE000.00000004.00000800.00020000.00000000.sdmp, Documents of shipment 3-2024.exe, 00000003.00000002.2484776287.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
50.87.139.143	mail.elec-qatar.com	United States		46606	UNIFIEDLAYER-AS-1US	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1408242
Start date and time:	2024-03-13 14:23:49 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Documents of shipment 3-2024.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 194 Number of non-executed functions: 10
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
14:24:36	API Interceptor	22x Sleep call for process: Documents of shipment 3-2024.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
50.87.139.143	SHIPPING DOC.exe	Get hash	malicious	AgentTesla	Browse
	Order 19A20060.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	Proforma Invoice.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	SecuriteInfo.com.Variant.Lazy.463632.16595.14067.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	SHIPPING DOC.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	New order.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	Quotation R2100131410.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	SecuriteInfo.com.Trojan.MSIL.Krypt.2433.31957.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	z92BankingDetails.exe	Get hash	malicious	AgentTesla	Browse
	z14Paymentslip.exe	Get hash	malicious	AgentTesla	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mail.elec-qatar.com	SHIPPING DOC.exe	Get hash	malicious	AgentTesla	Browse	50.87.139.143
	Order 19A20060.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.139.143
	Proforma Invoice.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.139.143
	SecuriteInfo.com.Variant.Lazy.463632.16595.14067.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.139.143
	SHIPPING DOC.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.139.143
	New order.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.139.143
	Quotation R2100131410.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.139.143
	SecuriteInfo.com.Trojan.MSIL.Krypt.2433.31957.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.139.143
	z92BankingDetails.exe	Get hash	malicious	AgentTesla	Browse	50.87.139.143
	z14Paymentslip.exe	Get hash	malicious	AgentTesla	Browse	50.87.139.143

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
UNIFIEDLAYER-AS-1US	SHIPPING DOC.exe	Get hash	malicious	AgentTesla	Browse	50.87.139.143
	http://a.email8.westpac.com.au/?qqd8UFJGTiJENtWiy-VcqIDuBHhkRyDMq&//conventosp.com.br/wp-includes/pomo/DOms/Franconette@dfl.ie	Get hash	malicious	Unknown	Browse	216.172.160.199
	063837646WAYBILLMAR24.exe	Get hash	malicious	RedLine	Browse	162.144.32.209
	DHL EXPRESS.exe	Get hash	malicious	AgentTesla	Browse	162.215.168.66
	PO -70611.bat.exe	Get hash	malicious	AgentTesla	Browse	192.185.16.97
	5059367692.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.253.239
	http://a.email8.westpac.com.au/?qqd8UFJGTiJENtWiy-VcqIDuBHhkRyDMq&//mountainspeak.ca/tmp/pxp/mbu/a.b@mbu.edu	Get hash	malicious	HTMLPhisher	Browse	216.172.172.184
	https://funkmonsters.com/hjsdfwex/hjsahealthy/hjsahealthy/c3BlZWRwZXJrc0BhZHZhbmNlLWF1dG8uY29t	Get hash	malicious	Unknown	Browse	162.241.124.47
	https://tracker.club-os.com/campaign/click?msgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=jehufelfledelrisco.com/@a/jehufelfledelrisco.com/hr@jehufelfledelrisco.com	Get hash	malicious	HTMLPhisher	Browse	162.240.41.48
	https://indd.adobe.com/view/b6974824-548c-4a56-9b4e-2262d37bb22f	Get hash	malicious	Unknown	Browse	192.185.24.249

Process:	C:\Users\user\Desktop\Documents of shipment 3-2024.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.98514165855363
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Documents of shipment 3-2024.exe
File size:	731'648 bytes
MD5:	779222c4ace4e7726fc76dedb4394b77
SHA1:	da183b07419ffb0fa4b72230cf540e8a09c64a65
SHA256:	664db26a69e4b1efb10289189887c35558bf7ca966eed02f97e523fef83f1205
SHA512:	b94ce6cba6aef492335628dc2456f3e7457e5f23ad646c5aa0b9464c9995f9bcd1df206d9d7563c7870566fac104eaaf900677f725041f197773f5d57248e5d0
SSDEEP:	12288:3fHwgqPPhZakohW1yCuTuFBQNfLTiYCDLxBAaOWHMoMYw6WsviE8O1QX9zXiUvlJ:fqajgsCuTSBefLTVn5SMYw6WsqE8T9zB
TLSH:	24F423EAC42DB437C1B909B8F847560253F16D75B021D6DA8E8239D92EE035B528FF27
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."b.e................. ...........>... ...@....@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4b3ea6
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x65F16222 [Wed Mar 13 08:21:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xb3e4c	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xb4000	0x570	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xb6000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xb1eac	0xb2000	258be1690920aef99e3830909da82a84	False	0.9817306004213483	data	7.988555037607642	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xb4000	0x570	0x600	8d17d44fbc11975ce61388c89b7900a7	False	0.4192708333333333	data	4.47083371339975	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xb6000	0xc	0x200	325a3bb3c6c855c387f11af20faa25da	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xb40a0	0x31c	data			0.4371859296482412
RT_MANIFEST	0xb43bc	0x1b4	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators			0.5642201834862385

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
03/13/24-14:24:42.198173	TCP	2855542	ETPRO TROJAN Agent Tesla CnC Exfil Activity	49707	587	192.168.2.10	50.87.139.143
03/13/24-14:24:42.198173	TCP	2855245	ETPRO TROJAN Agent Tesla Exfil via SMTP	49707	587	192.168.2.10	50.87.139.143
03/13/24-14:24:42.198173	TCP	2851779	ETPRO TROJAN Agent Tesla Telegram Exfil	49707	587	192.168.2.10	50.87.139.143
03/13/24-14:24:42.198173	TCP	2840032	ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2	49707	587	192.168.2.10	50.87.139.143
03/13/24-14:24:42.198070	TCP	2030171	ET TROJAN AgentTesla Exfil Via SMTP	49707	587	192.168.2.10	50.87.139.143
03/13/24-14:24:42.198070	TCP	2839723	ETPRO TROJAN Win32/Agent Tesla SMTP Activity	49707	587	192.168.2.10	50.87.139.143

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2024 14:24:40.314382076 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:40.487894058 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:40.487981081 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:40.930562019 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:40.931642056 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:41.105228901 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:41.106221914 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:41.280066967 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:41.280976057 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:41.494463921 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:41.626506090 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:41.626760960 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:41.800048113 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:41.800117016 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:41.800344944 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:42.015531063 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:42.023382902 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:42.023531914 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:42.197031975 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:42.197254896 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:42.198070049 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:42.198173046 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:42.198218107 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:42.198270082 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:24:42.371506929 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:42.371757984 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:42.373305082 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:24:42.428792000 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:26:20.147953987 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:26:20.362382889 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:26:20.522722960 CET	587	49707	50.87.139.143	192.168.2.10
Mar 13, 2024 14:26:20.522852898 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:26:20.523017883 CET	49707	587	192.168.2.10	50.87.139.143
Mar 13, 2024 14:26:20.696252108 CET	587	49707	50.87.139.143	192.168.2.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2024 14:24:40.124645948 CET	51409	53	192.168.2.10	1.1.1.1
Mar 13, 2024 14:24:40.298741102 CET	53	51409	1.1.1.1	192.168.2.10

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 13, 2024 14:24:40.124645948 CET	192.168.2.10	1.1.1.1	0xf43c	Standard query (0)	mail.elec-qatar.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 13, 2024 14:24:40.298741102 CET	1.1.1.1	192.168.2.10	0xf43c	No error (0)	mail.elec-qatar.com		50.87.139.143	A (IP address)	IN (0x0001)	false

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Mar 13, 2024 14:24:40.930562019 CET	587	49707	50.87.139.143	192.168.2.10	220-box2248.bluehost.com ESMTP Exim 4.96.2 #2 Wed, 13 Mar 2024 07:24:40 -0600 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Mar 13, 2024 14:24:40.931642056 CET	49707	587	192.168.2.10	50.87.139.143	EHLO 284992
Mar 13, 2024 14:24:41.105228901 CET	587	49707	50.87.139.143	192.168.2.10	250-box2248.bluehost.com Hello 284992 [191.96.227.194] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Mar 13, 2024 14:24:41.106221914 CET	49707	587	192.168.2.10	50.87.139.143	AUTH login bW9oYW1tZWQuYWJyYXJAZWxlYy1xYXRhci5jb20=
Mar 13, 2024 14:24:41.280066967 CET	587	49707	50.87.139.143	192.168.2.10	334 UGFzc3dvcmQ6
Mar 13, 2024 14:24:41.626506090 CET	587	49707	50.87.139.143	192.168.2.10	235 Authentication succeeded
Mar 13, 2024 14:24:41.626760960 CET	49707	587	192.168.2.10	50.87.139.143	MAIL FROM:<mohammed.abrar@elec-qatar.com>
Mar 13, 2024 14:24:41.800117016 CET	587	49707	50.87.139.143	192.168.2.10	250 OK
Mar 13, 2024 14:24:41.800344944 CET	49707	587	192.168.2.10	50.87.139.143	RCPT TO:<jinhux31@gmail.com>
Mar 13, 2024 14:24:42.023382902 CET	587	49707	50.87.139.143	192.168.2.10	250 Accepted
Mar 13, 2024 14:24:42.023531914 CET	49707	587	192.168.2.10	50.87.139.143	DATA
Mar 13, 2024 14:24:42.197254896 CET	587	49707	50.87.139.143	192.168.2.10	354 Enter message, ending with "." on a line by itself
Mar 13, 2024 14:24:42.198270082 CET	49707	587	192.168.2.10	50.87.139.143	.
Mar 13, 2024 14:24:42.373305082 CET	587	49707	50.87.139.143	192.168.2.10	250 OK id=1rkOb4-00464Y-0L
Mar 13, 2024 14:26:20.147953987 CET	49707	587	192.168.2.10	50.87.139.143	QUIT
Mar 13, 2024 14:26:20.522722960 CET	587	49707	50.87.139.143	192.168.2.10	221 box2248.bluehost.com closing connection

Target ID:	1
Start time:	14:24:36
Start date:	13/03/2024
Path:	C:\Users\user\Desktop\Documents of shipment 3-2024.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Documents of shipment 3-2024.exe
Imagebase:	0xd0000
File size:	731'648 bytes
MD5 hash:	779222C4ACE4E7726FC76DEDB4394B77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1247364304.00000000036AE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1247364304.00000000036AE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	14:24:37
Start date:	13/03/2024
Path:	C:\Users\user\Desktop\Documents of shipment 3-2024.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Documents of shipment 3-2024.exe
Imagebase:	0xde0000
File size:	731'648 bytes
MD5 hash:	779222C4ACE4E7726FC76DEDB4394B77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2487661512.00000000031F6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2487661512.00000000031EE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2484776287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2484776287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2487661512.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2487661512.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	11.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	233
Total number of Limit Nodes:	9

Executed Functions

Function 08782220 Relevance: 5.6, Strings: 4, Instructions: 564
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

~, xrefs: 08782472
4'q, xrefs: 0878264B
pq, xrefs: 08782726
:, xrefs: 087824DC

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: 4'q$:$pq$~
API String ID: 0-4038137657
Opcode ID: ab6deda3e36390e535bc286348140042e962feaca9c49defb8144eb1dcb6b920
Instruction ID: c9c09989dfc5b912e3fd6ab159c6dd03597aa3c9255c006c160398f91656aea6
Opcode Fuzzy Hash: ab6deda3e36390e535bc286348140042e962feaca9c49defb8144eb1dcb6b920
Instruction Fuzzy Hash: F3420375A40218DFDB25DFA9C884A9DBBB2FF48301F1580E9E509AB226DB31DD91DF10

Uniqueness

Uniqueness Score: -1.00%

Function 02287330 Relevance: 4.7, Strings: 3, Instructions: 962
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LRq, xrefs: 02287E7B
LRq, xrefs: 022873BD
\sq, xrefs: 02287593

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: LRq$LRq$\sq
API String ID: 0-3677092283
Opcode ID: 5bc220b70a988f4a5abea2e011bd3f27d396a2d35d7f04870346b13598c196f0
Instruction ID: 0825682f44780f1e5024e0035276a78a6aed87c8c59e0a21980dd369838fb103
Opcode Fuzzy Hash: 5bc220b70a988f4a5abea2e011bd3f27d396a2d35d7f04870346b13598c196f0
Instruction Fuzzy Hash: 6882B075A152198FDB14DFB9C880AADBBF2FF89300F24C569E019EB299DB34D941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 02287326 Relevance: 2.8, Strings: 2, Instructions: 331
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LRq, xrefs: 022873BD
\sq, xrefs: 02287593

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: LRq$\sq
API String ID: 0-576302416
Opcode ID: 540dc822281b87c353cc2790566fcae840f0ef674bb2b382f86ee68fb5e71275
Instruction ID: 016fa19b32b19e765877ea2a3b36a272628341960d6c9ff5b117933180195484
Opcode Fuzzy Hash: 540dc822281b87c353cc2790566fcae840f0ef674bb2b382f86ee68fb5e71275
Instruction Fuzzy Hash: D3D17F75E152168FDB14DF79D884AAEBBF2BFC8300F118529E405EB354DB34AA41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0228736A Relevance: 2.8, Strings: 2, Instructions: 323
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LRq, xrefs: 022873BD
\sq, xrefs: 02287593

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: LRq$\sq
API String ID: 0-576302416
Opcode ID: 105debc93fab49a73bed59eb566331050d8f50eafe5b52c651d771240bce18b0
Instruction ID: c7306cc53e44215210a12b8541fe09e201c88e19b26df879b281ab37143e7128
Opcode Fuzzy Hash: 105debc93fab49a73bed59eb566331050d8f50eafe5b52c651d771240bce18b0
Instruction Fuzzy Hash: F3C17F75A1121A8FDB14DF79D844AAEB7F2BFC8305F118529E405EB398DB34AE41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 08780040 Relevance: 1.6, Strings: 1, Instructions: 319COMMON

Download Yara Rule

Strings

Xq, xrefs: 087802F8

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: Xq
API String ID: 0-599127549
Opcode ID: 28be2a67549a8892d5bafe693b737d8bc1a600dfb4bb35913ff68580fb61d3ca
Instruction ID: ccd9092909ef4531c71ee25cda33a4cb0f96999273d8a4af033268549b399680
Opcode Fuzzy Hash: 28be2a67549a8892d5bafe693b737d8bc1a600dfb4bb35913ff68580fb61d3ca
Instruction Fuzzy Hash: 3DB1C231740A04CFDB14EF29D854A6E77B6BF89312B18816DE80ADB369CB70DC45CB61

Uniqueness

Uniqueness Score: -1.00%

Function 022886D8 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

, xrefs: 022887EE

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8d84ec2a629f52dcd81c7c0f21d1fa9dacbf72cde107173a120fd687bcb6327c
Instruction ID: 3e086a60e003516b83e580a3c07b51abd293a1416517b37f207255503b60af9f
Opcode Fuzzy Hash: 8d84ec2a629f52dcd81c7c0f21d1fa9dacbf72cde107173a120fd687bcb6327c
Instruction Fuzzy Hash: 3751D135B1011A8FDB14DBADE8806AEB7F2FFC9210B54857AD109D7359DB30EC418B82

Uniqueness

Uniqueness Score: -1.00%

Function 067B5BE8 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72c4bce1b1f4f57f2c6421c48c22c17eb08ac68c1bdfde34b9feaf84fd95784c
Instruction ID: c4d7442f8a9eaca5dab53b6193381556ea3443f6dfaeb011aea2180f0d9a51b5
Opcode Fuzzy Hash: 72c4bce1b1f4f57f2c6421c48c22c17eb08ac68c1bdfde34b9feaf84fd95784c
Instruction Fuzzy Hash: 0FC1B971B017048FEBA9EF75C850BAEB7E7AF88700F14946AD146CB294DB34E801CB61

Uniqueness

Uniqueness Score: -1.00%

Function 022883B0 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a549fce5f82598973658fecc838cd21116f6439fd92db8ae194d2335cf326a89
Instruction ID: b44a167aa68ebe14a110cfacea366fd3160d63df3a6445c6ff5aad80cbd51a1e
Opcode Fuzzy Hash: a549fce5f82598973658fecc838cd21116f6439fd92db8ae194d2335cf326a89
Instruction Fuzzy Hash: FF817032F212299FD714EB69D840B5EB7F3AFC8711F5A8064E405EB399DA75EC018B81

Uniqueness

Uniqueness Score: -1.00%

Function 02288451 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db94fdf6178131693c5111fe015541943f6fb8c35a9881fd53a972114cd85859
Instruction ID: c79f7f4e25881189bfdf1b877171f3f57431cb64804d887585541c7a45235ba2
Opcode Fuzzy Hash: db94fdf6178131693c5111fe015541943f6fb8c35a9881fd53a972114cd85859
Instruction Fuzzy Hash: FB614C32F216298FD754DB69CC40B5EB7E3AFC8711F5A8164D405AB3A9DE75EC018B80

Uniqueness

Uniqueness Score: -1.00%

Function 08781B4A Relevance: 5.2, Strings: 4, Instructions: 216
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$q, xrefs: 08781CDE
$q, xrefs: 08781DE3
$q, xrefs: 08781DCD
$q, xrefs: 08781CC8

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: $q$$q$$q$$q
API String ID: 0-4102054182
Opcode ID: d9c98d0047680893a801ac6d5408fe1252b7f1b267558071eb5ec7c9e824b650
Instruction ID: 35947887f69b28f9ab0fc9d28ea71ae1004dc3260058d00817cdb9bb7c41f113
Opcode Fuzzy Hash: d9c98d0047680893a801ac6d5408fe1252b7f1b267558071eb5ec7c9e824b650
Instruction Fuzzy Hash: 6AB18074A00228CFDB64DF64C895BA9BBB2FB88310F5084E9A90DA7355DA315E82DF51

Uniqueness

Uniqueness Score: -1.00%

Function 08781BB1 Relevance: 2.7, Strings: 2, Instructions: 200
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$q, xrefs: 08781DCD
$q, xrefs: 08781CC8

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: 9dc185ee68eb1cac6c02f91f44ebbf3bd301d091c972e68a59a8262e0e271531
Instruction ID: 5addfa570fea89a6c473d27c7554514666bcdeb4b2dd7636cc070a367e38f5b0
Opcode Fuzzy Hash: 9dc185ee68eb1cac6c02f91f44ebbf3bd301d091c972e68a59a8262e0e271531
Instruction Fuzzy Hash: 87A17174A00228CFDB64DF64C895BEDBBB2FB88310F5084E9A90DA7355DA315E82DF51

Uniqueness

Uniqueness Score: -1.00%

Function 067B252C Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 067B276E

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: b784caa6a49f5e4519760f7072a2689967477fda363ba93785f0ad3b740bb5e0
Instruction ID: 72d79f6ed5a3e4b06a436471c102f3a5c1bb944f39ce4ce55b20bc9d2b38a2a7
Opcode Fuzzy Hash: b784caa6a49f5e4519760f7072a2689967477fda363ba93785f0ad3b740bb5e0
Instruction Fuzzy Hash: F2A18B70D01319DFEB64DFA8C840BEEBBB2BF48304F048169D828A7255DB749A81CF91

Uniqueness

Uniqueness Score: -1.00%

Function 067B2538 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 067B276E

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 335b06d7d84d164d29438c284b08b5e55ad5fe38d09ed164426ead8b303ed21e
Instruction ID: f9440c70396dab3ac3a403f295939b478c92fc56a9fb1797811be2aad2860bc3
Opcode Fuzzy Hash: 335b06d7d84d164d29438c284b08b5e55ad5fe38d09ed164426ead8b303ed21e
Instruction Fuzzy Hash: 8C917971D01319CFEB64DFA8C840BEEBBB2BF48304F048569D828A7255DB749A85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0228D318 Relevance: 1.7, APIs: 1, Instructions: 200COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0228D57E

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: f9acfdfe5d2441898483889c2bb7b1f8b7ab66dab3b2fd539615dabeb57795b9
Instruction ID: 09b33164ee464be45903f00d0c7b54f8af1f6378f198a7a98a4844a1f257c02c
Opcode Fuzzy Hash: f9acfdfe5d2441898483889c2bb7b1f8b7ab66dab3b2fd539615dabeb57795b9
Instruction Fuzzy Hash: 548133B0A11B059FD724EFB9D04475ABBF1FF88204F00892ED48A9BA84D775E949CB91

Uniqueness

Uniqueness Score: -1.00%

Function 022858EC Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 022859A9

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: e45d7118b04377bfc9d36f63e19f7b476747fda0744f23c3dc2a3f24fe996a5d
Instruction ID: 7daca1076b3bbf4fe41b0d2ad9b2f21ef99306af2ab1c1bc1252f632c601aff0
Opcode Fuzzy Hash: e45d7118b04377bfc9d36f63e19f7b476747fda0744f23c3dc2a3f24fe996a5d
Instruction Fuzzy Hash: DA41E3B0C11719CBEB24DFA9C884BCDBBF1BF49304F60806AD418AB255DBB5A945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 022844B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 022859A9

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 5c0983bbd6c5b107bd1fdf8e0fd284c017a0c7e43b3ee3d9b7220b08d288ea3b
Instruction ID: 4c3a03a6e54d501133a12d94937a4e3e787299e5232582cf490cfe9d574c4888
Opcode Fuzzy Hash: 5c0983bbd6c5b107bd1fdf8e0fd284c017a0c7e43b3ee3d9b7220b08d288ea3b
Instruction Fuzzy Hash: 7D4113B0C10719CBEB24DFA9C884BCDBBF1BF49304F60806AD418AB255DBB5A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02285A64 Relevance: 1.6, APIs: 1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d031d12681f7bc0dbf88962e63b0815a6db16ee79ffb50feb9297b8787b828
Instruction ID: 564704bb8fb2dbd0a57e01775b0be0e7e9d69e8c7c81612d3062b779d63e0168
Opcode Fuzzy Hash: a9d031d12681f7bc0dbf88962e63b0815a6db16ee79ffb50feb9297b8787b828
Instruction Fuzzy Hash: BF310FB0819749CFEF11DFE8C8847EDBBF1AF0A304F954149C045AB299C7B9A94ACB11

Uniqueness

Uniqueness Score: -1.00%

Function 067B22A8 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 067B2340

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 84fec17843f08d24ae39c44a2d70b7797fd33d4cb2a9e5977e625e5e5bfabbdb
Instruction ID: ee1ea1715a3b408ebfb3e5b5d4aa57f4b57cb3a76802abf61ae57effc25bad73
Opcode Fuzzy Hash: 84fec17843f08d24ae39c44a2d70b7797fd33d4cb2a9e5977e625e5e5bfabbdb
Instruction Fuzzy Hash: A0214875D003198FDB10CFA9C884BEEBBF5FF48310F10842AE968A7251C7789941CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A54934 Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,04A55FA5,?,?), ref: 04A56057

Memory Dump Source

Source File: 00000001.00000002.1249349167.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4a50000_Documents of shipment 3-2024.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 1532f9efd9e984a28d0d5f0794e3ddc43adc5ebc9f9ac7d78e0ac4b55f47d46a
Instruction ID: ae8d042b84dfed7e6083c616679f45618316c884188f877df9eef5c26f76b97d
Opcode Fuzzy Hash: 1532f9efd9e984a28d0d5f0794e3ddc43adc5ebc9f9ac7d78e0ac4b55f47d46a
Instruction Fuzzy Hash: 3631EEB5D003499FDB10CF9AD980AEEBBF4EB48320F54842AE919A7210D375A944CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A55FB8 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,04A55FA5,?,?), ref: 04A56057

Memory Dump Source

Source File: 00000001.00000002.1249349167.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4a50000_Documents of shipment 3-2024.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: b18763b5c231bdee18ef0003c7bd1845213d61f390aeb1e60d4ef528e5a168ff
Instruction ID: a043d240b115f8e5353e8080be7d646724eb834c7c519e2e89a7559d5d99ddcc
Opcode Fuzzy Hash: b18763b5c231bdee18ef0003c7bd1845213d61f390aeb1e60d4ef528e5a168ff
Instruction Fuzzy Hash: 6431EEB6D013499FDB10CF9AD980AEEBBF4AF48310F54842AE918A7310D375A944CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 067B22B0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 067B2340

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 0907a456e0b4ef864955b15e35867bda58e66decccf8dc60eaedd6f6536f6592
Instruction ID: d8018a36a0271e7651eec3a304f3e9741f82059ad7eb13e896849ff897696312
Opcode Fuzzy Hash: 0907a456e0b4ef864955b15e35867bda58e66decccf8dc60eaedd6f6536f6592
Instruction Fuzzy Hash: A6212775D003199FDB10CFAAC880BEEBBF5FF48310F148429E928A7241C7789945CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0228DD10 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0228FBC6,?,?,?,?,?), ref: 0228FC87

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: dc912c4fb5242a0ecc1703fa9ca24d6452ae5c2a8b65753e65232d5f11457e4c
Instruction ID: 6a38d0ff87a1f71871244901e765e121ad6c2e3f39611ed47ba8f77fb81d27d8
Opcode Fuzzy Hash: dc912c4fb5242a0ecc1703fa9ca24d6452ae5c2a8b65753e65232d5f11457e4c
Instruction Fuzzy Hash: 7F21E3B59113099FDB10DFAAD984BEEBBF4EB48310F14842AE918A7350D374A940CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 067B239B Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 067B2420

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 47a99e9af8739de745f0cf64e56d843e8693483e0a4b50e4306a73e740a9de2e
Instruction ID: f3639521d635f4508e8d92bf2da216815408a0bf6dbc161e836212c36595ca53
Opcode Fuzzy Hash: 47a99e9af8739de745f0cf64e56d843e8693483e0a4b50e4306a73e740a9de2e
Instruction Fuzzy Hash: 5D2136B1C013499FDB20DFAAC880BEEBBF5FF48310F508429E958A7241C7799941CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 067B2113 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 067B2196

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 1b8579bb5776770125e73616bc71531e1f8f8b1ba8f29268cfe16f47363ff443
Instruction ID: c5d4aa85940f229b846397bcf7731435ff3683397cac820aa20aad9646f28538
Opcode Fuzzy Hash: 1b8579bb5776770125e73616bc71531e1f8f8b1ba8f29268cfe16f47363ff443
Instruction Fuzzy Hash: 8E2168B1D003098FDB20DFAAC885BEEBBF4EF49210F148429D969A7241C7789945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 067B23A0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 067B2420

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 83d7445aac3bb4fdb1203b0997a97e69dcae906935065d090db7375c44a61c1f
Instruction ID: 9e79c3571b7ab1b3a160a1a5241c9e81a92739749d652be699cbdcb65a2c456c
Opcode Fuzzy Hash: 83d7445aac3bb4fdb1203b0997a97e69dcae906935065d090db7375c44a61c1f
Instruction Fuzzy Hash: 6B2128B1C003599FDB10DFAAC880BEEBBF5FF48310F508429E918A7240C7789941CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 067B2118 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 067B2196

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 3f01215e6b6f810ac5a6396849c62ff27497919b57d0c2feb37b3453f5464ff8
Instruction ID: bfa08d9f810123656a324f3856765f2a352de96278d30eeeae813c43d1ff4ee9
Opcode Fuzzy Hash: 3f01215e6b6f810ac5a6396849c62ff27497919b57d0c2feb37b3453f5464ff8
Instruction Fuzzy Hash: 6E215B71D003098FDB10DFAAC4847EEBBF5EF49310F548429D529A7241CB789945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0228C6E8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0228D5F9,00000800,00000000,00000000), ref: 0228D80A

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 522e9f8e559196651d0eb0a9cec53fbb84778cf3142ed6e24820bed80c41890f
Instruction ID: 8b8290a18511a837cd46d98c1ddb3e07c3f442a2f5fe717ae0d78c13569bc27c
Opcode Fuzzy Hash: 522e9f8e559196651d0eb0a9cec53fbb84778cf3142ed6e24820bed80c41890f
Instruction Fuzzy Hash: E81126B6D003099FDB10DFAAC444BDEFBF4EB88320F54842AD919A7240C3B5A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0228D798 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0228D5F9,00000800,00000000,00000000), ref: 0228D80A

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b413a7d7d4cead70900a7e0f408289d3c8e6a84c583db6c57f51d1d88aa241e8
Instruction ID: 69ee1113ab5fec97823f4484aa5ec73bdc052f860fa45cde4b86fe5cb33c0e67
Opcode Fuzzy Hash: b413a7d7d4cead70900a7e0f408289d3c8e6a84c583db6c57f51d1d88aa241e8
Instruction Fuzzy Hash: 4E1126B6D013099FDB10DFAAD444BDEFBF4EB88310F10842AD929A7250C375A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 067B21EB Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 067B225E

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6844d139e20e861b3d83b66c5766c157b261edb7ca013f048b0c8c5ecfbe6cfd
Instruction ID: aa7d87468e71c821c6b65baf21d84dd00c32595e6ca54f873ee38e6591a612a2
Opcode Fuzzy Hash: 6844d139e20e861b3d83b66c5766c157b261edb7ca013f048b0c8c5ecfbe6cfd
Instruction Fuzzy Hash: C2111776D003499FDB24DFAAC844BEEBBF5EF48310F148419E965A7250C7759941CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 067B21F0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 067B225E

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d826887e195052a6157b6eecc7cb8d749417fbea144bca756c8076775726afa4
Instruction ID: 5cdedfd45e674ad63e4dd811b61287a77364d933cc1d93d82e216d27ae18f2a8
Opcode Fuzzy Hash: d826887e195052a6157b6eecc7cb8d749417fbea144bca756c8076775726afa4
Instruction Fuzzy Hash: 4F113776D003499FDB24DFAAC844BEEBBF5EF48320F248419E925A7250C775A941CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 067B2060 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 067B20CA

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 35203a5a028bc20237b839cf19688f9cd7ba81c477ea37033a0a486d85417d86
Instruction ID: a2b552ad2cc190577a256acd5f7dfbbc6854994c830f73a819a92a5d99c4e8bd
Opcode Fuzzy Hash: 35203a5a028bc20237b839cf19688f9cd7ba81c477ea37033a0a486d85417d86
Instruction Fuzzy Hash: D5115BB1D003488FDB24DFAAC4457EEFBF5EF88314F248429C959A7240C6796945CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 04A5D7BC Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,04A5EC71,?,?), ref: 04A5EE18

Memory Dump Source

Source File: 00000001.00000002.1249349167.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4a50000_Documents of shipment 3-2024.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 41b72e73da6c0a3b7de64f1a8a96fb48ad235d28df061c87000610e09468d5d5
Instruction ID: e053041c714cadd518e6c13d8a408d13159e4a40340be856eff77cab14d0615c
Opcode Fuzzy Hash: 41b72e73da6c0a3b7de64f1a8a96fb48ad235d28df061c87000610e09468d5d5
Instruction Fuzzy Hash: 5C1128B6800349DFDB10DF9AC545BEEBBF4EB48320F108429D958A7250D378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 067B2068 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 067B20CA

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: d9d6e314332c7cc88479eda62b291e44725a2ec3833a28b6695f3d9a22325209
Instruction ID: 83170ea555e09b510b3aec918297f8e422146ca5a23b84bb56fd45e11121de22
Opcode Fuzzy Hash: d9d6e314332c7cc88479eda62b291e44725a2ec3833a28b6695f3d9a22325209
Instruction Fuzzy Hash: CF113AB1D003498FDB24DFAAC4457EEFBF5EF88220F248429D519A7240CB796945CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0228D518 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0228D57E

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 97a6e6d90f1ec9943cfc72da30721c238a184236d12890eab0e81e1b538d0f8d
Instruction ID: 175bc06c6c4ff5a7185f808dbd1005dd4eed2a4dfcf39e7248d87cc679253393
Opcode Fuzzy Hash: 97a6e6d90f1ec9943cfc72da30721c238a184236d12890eab0e81e1b538d0f8d
Instruction Fuzzy Hash: F91110B6C013498FCB20DFAAD444BDEFBF4EF88214F10842AD828A7640D379A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 067B0F94 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 067B4D85

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: b11620ac1b335b7ee73507f398a604166526a229d7aede3c5e12942d581b5efc
Instruction ID: 9fad87da61226f1fb087c5e28e0062be9bf2b6ac3e653465f2728c0db1b2cb5d
Opcode Fuzzy Hash: b11620ac1b335b7ee73507f398a604166526a229d7aede3c5e12942d581b5efc
Instruction Fuzzy Hash: 5711D6B5900349DFDB10DF9AD845BEEBBF8EB48314F208419E958A7205C375A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 04A5EDB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,04A5EC71,?,?), ref: 04A5EE18

Memory Dump Source

Source File: 00000001.00000002.1249349167.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4a50000_Documents of shipment 3-2024.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 63be626600de90d7b5acf041c13fc581ab83ecf70bf0d8f7e8254f0efd983943
Instruction ID: 7fb6e323c0ce68f0ca4baaddd36bda8307b7702f1f090148cbd4693f1bbfc9f7
Opcode Fuzzy Hash: 63be626600de90d7b5acf041c13fc581ab83ecf70bf0d8f7e8254f0efd983943
Instruction Fuzzy Hash: 04113AB5C00359CFDB10DF99C1457EEBBF0EB48320F10841AD958A7250D378AA44CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 067B4D21 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 067B4D85

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: dbf128b98239300585c7a260a1035603e950bda1b2d01b4ede2398dff7712956
Instruction ID: e2b042b56a8d5d71023d03d28c303807f86e82d62840513520752b74fd6844d6
Opcode Fuzzy Hash: dbf128b98239300585c7a260a1035603e950bda1b2d01b4ede2398dff7712956
Instruction Fuzzy Hash: F51103B58003499FDB20DF9AD945BEEBBF8EB48320F248419E958A7200C375A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 08783004 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

Teq, xrefs: 08786961

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: f8e0426e0670a07f74314c344e83e6a9d7e1ac9e7954dc42adcfa87cfbf91ded
Instruction ID: 5ec7d29f862414b37f3b97a878b91463e6026e4454abc4d7bb1ec80be3eeee7c
Opcode Fuzzy Hash: f8e0426e0670a07f74314c344e83e6a9d7e1ac9e7954dc42adcfa87cfbf91ded
Instruction Fuzzy Hash: 3251E171B003059FDB00EBB9D8889BEBBF7EFC42217148969E459D7395EB309D0687A1

Uniqueness

Uniqueness Score: -1.00%

Function 08783120 Relevance: 1.4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

Strings

8q, xrefs: 087832C3

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: 8q
API String ID: 0-4083045702
Opcode ID: 554baa65109644f3f662b9249b1db111b800050c5f6ae56c3a1247d322f3444a
Instruction ID: 0bcba0fd636f0e8cdfead93e098b9e0a6690bd52f89c418f67230b3e75c5404b
Opcode Fuzzy Hash: 554baa65109644f3f662b9249b1db111b800050c5f6ae56c3a1247d322f3444a
Instruction Fuzzy Hash: 3951B374E45209DFCB00DFA9D480AADBBF5FB49701F20952AE816BB355E7309946CF60

Uniqueness

Uniqueness Score: -1.00%

Function 08783112 Relevance: 1.4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

Strings

8q, xrefs: 087832C3

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: 8q
API String ID: 0-4083045702
Opcode ID: b1c7cc33ae0d71a9145d314d61a490f688a73528401dfcc2f3c148af102f5bac
Instruction ID: d218fc4b113929405118b7913a91f05772b398d9bc52046a77442e8c43c1d6aa
Opcode Fuzzy Hash: b1c7cc33ae0d71a9145d314d61a490f688a73528401dfcc2f3c148af102f5bac
Instruction Fuzzy Hash: 3D51A374E45209DFCB04DFA8D580AADBBF1FB49701F20952AE816BB355E7309946CF60

Uniqueness

Uniqueness Score: -1.00%

Function 08783938 Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

p, xrefs: 087839A3

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: 2ae2458faa07654ec985312bee277b7f31595c2a1826206c33dfb9f38ec2b919
Instruction ID: cf104840d33484bbf5cf93f39de90dac1df4682cd541026ea96f9ad62df19371
Opcode Fuzzy Hash: 2ae2458faa07654ec985312bee277b7f31595c2a1826206c33dfb9f38ec2b919
Instruction Fuzzy Hash: CC41AF74D49209DFCF00DFA8D984AEDBBF4AB09615F10956AE81AF7304E7349A41CF25

Uniqueness

Uniqueness Score: -1.00%

Function 0878ED71 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

2(8x, xrefs: 0878F2DD

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: 2(8x
API String ID: 0-75087259
Opcode ID: d42022eabc8870b4e44fe3d29fb8eea535189424c41802a65f8836eca1b410a9
Instruction ID: cb27e616485fc7712fb0bd57e2d588904f4024c85a7108e984790bd702e0b7ed
Opcode Fuzzy Hash: d42022eabc8870b4e44fe3d29fb8eea535189424c41802a65f8836eca1b410a9
Instruction Fuzzy Hash: 43417E35955205CFD710EF68E588B9C7BFAFB49202F00D1AAE009EB31ADB309945CF25

Uniqueness

Uniqueness Score: -1.00%

Function 08787EDA Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

%, xrefs: 08787F6B

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 3198e3ea304b6a42c263b71c46ec97d43dd8d85ad4a42065de22f3dec484525d
Instruction ID: a5b7c821844c7e3fe523710519e3e692060edb4a6e04488f96be5e8a872749a7
Opcode Fuzzy Hash: 3198e3ea304b6a42c263b71c46ec97d43dd8d85ad4a42065de22f3dec484525d
Instruction Fuzzy Hash: CB312075908388DFDB15DFA4D9007DEBBB1AB86311F24449AE405A7262C3388E06CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 08783932 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

p, xrefs: 087839A3

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: 8ab891abe0cd900e4c972d0d83ffdc385dae6068c41fd1643e0a0bf561516b82
Instruction ID: 12ae354d56548b0701cdd1bdd20d3a93f4ba6b73eb62721eef9b26cd04092b05
Opcode Fuzzy Hash: 8ab891abe0cd900e4c972d0d83ffdc385dae6068c41fd1643e0a0bf561516b82
Instruction Fuzzy Hash: AB419DB4D49209DFCF40DFA9D584AEDBBF4AB19615F10946AE80AF7304E3349A41CF24

Uniqueness

Uniqueness Score: -1.00%

Function 0878B7C1 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

Teq, xrefs: 0878BA1E

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 1060f67ad850326c7f102e23ec36ed9c5e57a97b41ea5c178328d196d57d9dd1
Instruction ID: 4cf02b2bb01f57ba45c318527fbd7c910f62989e4a06fb9b45652989848967f6
Opcode Fuzzy Hash: 1060f67ad850326c7f102e23ec36ed9c5e57a97b41ea5c178328d196d57d9dd1
Instruction Fuzzy Hash: 8431AF70D45358CFEB45DFA5D8943DDBFF1AF89311F1880AAD404A72A5DB340A09CB91

Uniqueness

Uniqueness Score: -1.00%

Function 08787D10 Relevance: 1.3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

$, xrefs: 08787CE3

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: f3e3f3b374595886f0ee6c6fed5787bb878f9a5387415e43e028e0838b001665
Instruction ID: 8b79df0abc443e698d18c389f9e1079ae0d540b41cc393bc50df5023baa194cf
Opcode Fuzzy Hash: f3e3f3b374595886f0ee6c6fed5787bb878f9a5387415e43e028e0838b001665
Instruction Fuzzy Hash: 3F213874A4D384EFCB06EBB08D1846D7FF9EF4220172404EBD846C7246EA348E069770

Uniqueness

Uniqueness Score: -1.00%

Function 0878B8E9 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

Teq, xrefs: 0878B982

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 9b1c67493d185130ee023cfc0a38ec762a511b5455fcf8b679b16dfc889fbb67
Instruction ID: e427dee88f63c37a5ce60cff51c462afb8f31df6e5c1ef49968029a9b93b51c6
Opcode Fuzzy Hash: 9b1c67493d185130ee023cfc0a38ec762a511b5455fcf8b679b16dfc889fbb67
Instruction Fuzzy Hash: D131B174E00219DFCB04DFE9D884AEDBBB2FF89311F208129E919AB355C731A901DB50

Uniqueness

Uniqueness Score: -1.00%

Function 08783A8F Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

p, xrefs: 087839A3

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: 2aa3768e4b8648f4082c904d98fb414e939464b10e8b6d97659a7bf55dd66208
Instruction ID: bd5f80e6945f2720d05c6fdc859150610bcdfcfc6c028e0eba0700db72ecb93c
Opcode Fuzzy Hash: 2aa3768e4b8648f4082c904d98fb414e939464b10e8b6d97659a7bf55dd66208
Instruction Fuzzy Hash: 9B21D274E49209DFCF04DFAAD8806EDBBF1AF48611F14916AE80AF7304E73099428F64

Uniqueness

Uniqueness Score: -1.00%

Function 08786318 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

Teq, xrefs: 08786383

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 9ff9d306316009f3e4b8b83bf086f5470892c2cd5a5e0dee619a773a884d551c
Instruction ID: 258f5238f5ea6bc94f45ca073ef7456472e9c411adac320e813b25bb084e586b
Opcode Fuzzy Hash: 9ff9d306316009f3e4b8b83bf086f5470892c2cd5a5e0dee619a773a884d551c
Instruction Fuzzy Hash: 63114F31F4020A9BCB14EBB998106EEB7F2BF88312B104069C505EB344EB329D158BA1

Uniqueness

Uniqueness Score: -1.00%

Function 0878ECE9 Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

2(8x, xrefs: 0878F2DD

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: 2(8x
API String ID: 0-75087259
Opcode ID: a15431c3575b3e117bc3d217db664c9b09f2f5514960eb57f8b9e5bd0146f686
Instruction ID: dc7456bab3001f3629c6c7ec83930ee5e75f0bb85d346e68f865d6fea89c9856
Opcode Fuzzy Hash: a15431c3575b3e117bc3d217db664c9b09f2f5514960eb57f8b9e5bd0146f686
Instruction Fuzzy Hash: 29110938A45214CFE714EF64D948BA9BFB6FB88201F1091AAD909AB305DB309D81CF61

Uniqueness

Uniqueness Score: -1.00%

Function 08781FF2 Relevance: 1.3, Strings: 1, Instructions: 34COMMON

Download Yara Rule

Strings

', xrefs: 0878208B

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: '
API String ID: 0-1997036262
Opcode ID: f2563128ef8749eb57c93f17ccb86ef429a75d20c262850e9d665a7bbf21cb26
Instruction ID: 4ed7829293de266c88db42fe448295b77c1dc2fab5174f0876c3f1f2b3cb1e85
Opcode Fuzzy Hash: f2563128ef8749eb57c93f17ccb86ef429a75d20c262850e9d665a7bbf21cb26
Instruction Fuzzy Hash: A6F06D70A5A394CFC706EBB0D8157ADBFB09F4B202F1401DAD04AAB256C7700D40DF22

Uniqueness

Uniqueness Score: -1.00%

Function 08782056 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

', xrefs: 0878208B

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: '
API String ID: 0-1997036262
Opcode ID: 585fc446f4394356ec08928439f3986d6be4a4b19a8e8f2f1baaa27bb7376353
Instruction ID: 227bf8fd3dafe11311c125df68212bb4c22d4e60331335bf2b5d114400ace14c
Opcode Fuzzy Hash: 585fc446f4394356ec08928439f3986d6be4a4b19a8e8f2f1baaa27bb7376353
Instruction Fuzzy Hash: 3AE0927095E384DFC705DBB0D91D26D7FB0AB43203F2584DAD00A57456CB780905DB52

Uniqueness

Uniqueness Score: -1.00%

Function 08782CD0 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

4, xrefs: 08782CF3

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 788a2fde585b30bac705d946fd8d4da0c5baa40aab7c2bb7ab42417342e60b35
Instruction ID: 1c7f6b1a4ec964d4074a9db0be8e06b904ed6e1e8a999418f9c89fb3d57211c2
Opcode Fuzzy Hash: 788a2fde585b30bac705d946fd8d4da0c5baa40aab7c2bb7ab42417342e60b35
Instruction Fuzzy Hash: 26E0DFB149A344DBCB03BBB0EE1A7683BFCAB13243F000887C8016715BD6B10A40DA72

Uniqueness

Uniqueness Score: -1.00%

Function 08782CE0 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

4, xrefs: 08782CF3

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 8c101e2794c22b17968e5700312177f8b7e9e6348966d960ca052e06b77508cf
Instruction ID: dd8b08d5f294b8f0593a6d0f76c9d076cd954f136beb252fb5a7eed164d4a4ed
Opcode Fuzzy Hash: 8c101e2794c22b17968e5700312177f8b7e9e6348966d960ca052e06b77508cf
Instruction Fuzzy Hash: 83D0A7300DB208D7C701FB60E50577D77BC8701203F00155A8C05131568BF61A40E976

Uniqueness

Uniqueness Score: -1.00%

Function 08782078 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

', xrefs: 0878208B

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: '
API String ID: 0-1997036262
Opcode ID: 06bd461b916ebdc0c2e230212cf33d3e12e2169fbc67738324b89a1add8fde63
Instruction ID: 7b25d618c0d76ecdbab3b353ba407c92ddbf9bad63db4db29edfaafdd9eab307
Opcode Fuzzy Hash: 06bd461b916ebdc0c2e230212cf33d3e12e2169fbc67738324b89a1add8fde63
Instruction Fuzzy Hash: 7AD05E700AA208D7C600EBA0E8097AD7BB89746207F100055D40A13141CB740900DE66

Uniqueness

Uniqueness Score: -1.00%

Function 0878BA58 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 791b3decaefe9a0de016d30b50ad3a0a94b307497fed1824f204e2638877c7fd
Instruction ID: 5dce0c028143f2af3eaad64b4087e8a569847a865b6efe8ddbd902dfd64aa67e
Opcode Fuzzy Hash: 791b3decaefe9a0de016d30b50ad3a0a94b307497fed1824f204e2638877c7fd
Instruction Fuzzy Hash: 5FA15D70E55219DBDB04EFA4D480ADDBBB5FF89310F10C615E41AAB34ADB30A945CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0878BA49 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09724bc841eeed3c24a1064395a7af4d9d8c0eda50fef3d95a23e567bc953786
Instruction ID: 29b948c7605dc982865806ae1cbd58c644a85b04f53c264d57f9e9e591f1498e
Opcode Fuzzy Hash: 09724bc841eeed3c24a1064395a7af4d9d8c0eda50fef3d95a23e567bc953786
Instruction Fuzzy Hash: 09A15D70E55219DFDB04DFA4D480AEDBBB6FF89310F108615E41AAB34ADB309946CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0878C12E Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc2628f09a6b52341d3edaf63fba49f6cb4037337a618b9941d7be4bfdfb507f
Instruction ID: 1596167f0eb5f053b46771b694fd2871cd896b44a46e9b501483fc2e09159667
Opcode Fuzzy Hash: bc2628f09a6b52341d3edaf63fba49f6cb4037337a618b9941d7be4bfdfb507f
Instruction Fuzzy Hash: 45518CB4E48208CFCB45DFA8D580AFEBBF5EB89301F109199E419A7396C7349A41CB71

Uniqueness

Uniqueness Score: -1.00%

Function 08788DE0 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d329da08696088fea3b7f74089a6095acb4243527804f2be62868870548b7f92
Instruction ID: f50226869f6d103a88c6eff786b27cfceef96fe0f0a8ea83c37362bd10567fdd
Opcode Fuzzy Hash: d329da08696088fea3b7f74089a6095acb4243527804f2be62868870548b7f92
Instruction Fuzzy Hash: C151D474E44219DFDB14DFA9D4809AEBBF2FB49311F54852AE816BB318D7309902CF61

Uniqueness

Uniqueness Score: -1.00%

Function 08788DD0 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da9933cfb513d7fde2992d53d2eca3ca5a5baa8f3d743a2023cbefbfd87dbd6
Instruction ID: 12494512dceab49bd01a23b737331fe01c2eceb132467f0cfc913447c06c9efa
Opcode Fuzzy Hash: 8da9933cfb513d7fde2992d53d2eca3ca5a5baa8f3d743a2023cbefbfd87dbd6
Instruction Fuzzy Hash: 1651E374E44209DFDB14DFA8D9809AEBBF2FF49311F54852AE816AB354D7309902CF62

Uniqueness

Uniqueness Score: -1.00%

Function 087818FA Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87eca730be8b9c0247eeff3deca15e10b0407909f1b1819551da53218a7dd859
Instruction ID: 3bad31da3916e2bab865d833a8a94055b0fef5feaa1425313da184b87fde68bf
Opcode Fuzzy Hash: 87eca730be8b9c0247eeff3deca15e10b0407909f1b1819551da53218a7dd859
Instruction Fuzzy Hash: B161A674E01218DFDB64DFA8C894B9DBBF1EB49304F2085AAD80DA7355DB319A82CF51

Uniqueness

Uniqueness Score: -1.00%

Function 08787A6A Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e02876b1ff031021f450f01dd94801c7f2aef05ffdfaf02e5a606f5d75244f9c
Instruction ID: baf2d019758f8205f81b1cbbfacbc9304a8a3a888d23f09eb78b84cb8df5546a
Opcode Fuzzy Hash: e02876b1ff031021f450f01dd94801c7f2aef05ffdfaf02e5a606f5d75244f9c
Instruction Fuzzy Hash: 7351D575E04219DFDF14DFA8C880AADBBB2FF49355F2080A9E909A7315E7309A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 08784A40 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ef220a6786ca05421928ffc7ad6a239c0acb4d268d8ac241206ed9cffc5eb7
Instruction ID: 3be583e02995933e6a426cddf12a1c17b66fac6e4258b999072188569e6e864e
Opcode Fuzzy Hash: 44ef220a6786ca05421928ffc7ad6a239c0acb4d268d8ac241206ed9cffc5eb7
Instruction Fuzzy Hash: 8C51B235610216CFC708EF6CC584E6AB7F6FF80312F018999D4058B6AAC7B4E841CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 08782B50 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97fda0e406d5ca888a8f0506b53a0500ab103c0df950f98e3fe4749a0ed94664
Instruction ID: 6f2093dfabbb09891c6d0c1900aaf9a9ff7b9634d51b2702c73a634d287b7eb4
Opcode Fuzzy Hash: 97fda0e406d5ca888a8f0506b53a0500ab103c0df950f98e3fe4749a0ed94664
Instruction Fuzzy Hash: 7441A374E55209DFCB44DFA9D4809AEBBF1FB49316F10942AE815E7319E7309902CF60

Uniqueness

Uniqueness Score: -1.00%

Function 08782B60 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3cbc40c558feab1191332d3b946cc2a5296a75f2ca7b3829c24b6205df2c88
Instruction ID: 458ff8a1f7f7b1c7697df819cfc21df3ec69fefdfc3d572c608c4bdd4ee39f05
Opcode Fuzzy Hash: 3c3cbc40c558feab1191332d3b946cc2a5296a75f2ca7b3829c24b6205df2c88
Instruction Fuzzy Hash: 204191B4E55209DFCB40DFA9D8809ADBBF1BB49316F10942AE815F7309EB309942CF60

Uniqueness

Uniqueness Score: -1.00%

Function 08786714 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb0532af5541c644b390b5fb389f3fc2fee08fcdeedc1896b8f2e9993a154a9c
Instruction ID: bdf5f6df749b64c200fbca9e0d2dbdddc3e413fa630539b9291352d779acf09f
Opcode Fuzzy Hash: bb0532af5541c644b390b5fb389f3fc2fee08fcdeedc1896b8f2e9993a154a9c
Instruction Fuzzy Hash: A43136B5A00208DFCB14DFA9D884ADEBBF5EB48310F14842AE819A7310D775A9418FA4

Uniqueness

Uniqueness Score: -1.00%

Function 0878D342 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27c29695c8cd0760cf51a7a77423d2816168d436be4e283fb9018083feec62da
Instruction ID: a22fce3ecb75be31d6b976d862befd836974dd179beb44c1ed8e837ab3b15856
Opcode Fuzzy Hash: 27c29695c8cd0760cf51a7a77423d2816168d436be4e283fb9018083feec62da
Instruction Fuzzy Hash: 95312A74945218CFDB60EF94D1449EDBFB9FB4D302F105154E819A7289C738E982CF64

Uniqueness

Uniqueness Score: -1.00%

Function 08780400 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 059adf9e9a7837e8332a884e5b9c4d2580d1b79f1a0549e3bde01d8324cd601c
Instruction ID: df5286389c49be02fabd0e9ccf4c02a75627260cec1a869901ab7f3480de764c
Opcode Fuzzy Hash: 059adf9e9a7837e8332a884e5b9c4d2580d1b79f1a0549e3bde01d8324cd601c
Instruction Fuzzy Hash: 1731C036790600CFD714EB28C858BAE7BE6FB89711F1440BAE106DB3A5CA74DC05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 08784318 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d679c5e2bae62cf3413713e4780ee33e0ca91ddc968bbc721e800fe3671fc85
Instruction ID: 39e50914883a988318728976e79073177e9a1875cf8db41989425be11cd1b39a
Opcode Fuzzy Hash: 6d679c5e2bae62cf3413713e4780ee33e0ca91ddc968bbc721e800fe3671fc85
Instruction Fuzzy Hash: AC41F87085170AEBD700EF54F49A66C7FB0F745301F66888DE0889628EEBB94576CB0E

Uniqueness

Uniqueness Score: -1.00%

Function 087867B0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af2dcd58cbcce1e2317af3ffc12b5057048210e15479373cc4e25a5f904a8da4
Instruction ID: 3f2b30a2338f230d558e81636120de5755c3f2ef185b2b427a26d5a6ea2840de
Opcode Fuzzy Hash: af2dcd58cbcce1e2317af3ffc12b5057048210e15479373cc4e25a5f904a8da4
Instruction Fuzzy Hash: 61214871A043509FD702EB789C547EE3BB2AFC2220B08456AD054C7296EB348D06C771

Uniqueness

Uniqueness Score: -1.00%

Function 087803F1 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ede6553911271695805bf6a148c470b8f1215eb55dc1daa71b34ebd969a27e42
Instruction ID: 4f12c925626a7721fae2dd7ed7c21086df1f8cb7e49e84eac5af56e81cbbc315
Opcode Fuzzy Hash: ede6553911271695805bf6a148c470b8f1215eb55dc1daa71b34ebd969a27e42
Instruction Fuzzy Hash: 5E219135790601CFD714DB28C594BAA3BE6FF89301F1444B9E406DB3A5DA74EC05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0878C1F2 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ddbda14c39a8e3cb3769c81dcb57eb13fe5c6b231cc6db0df90ddb82a838517
Instruction ID: 2f6a85aed3f86d3da22497471ac813cee78b0c738ea2e6a8eae3260bd91bc8d1
Opcode Fuzzy Hash: 6ddbda14c39a8e3cb3769c81dcb57eb13fe5c6b231cc6db0df90ddb82a838517
Instruction Fuzzy Hash: 72318D74949244DFCB41CBA8C6809AEBFF1BF4A310B24419AE404A7392C7349A81CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 0097D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246246817.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_97d000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bb74a7cf00729c2a2efb7107a99b5952b4aa05bcbfe6fbc1bf08aacd5e52fbc
Instruction ID: bfa511a758b7e7dc79552b761a4d146f5cf4a210c4e401654d216f5ea36cee53
Opcode Fuzzy Hash: 1bb74a7cf00729c2a2efb7107a99b5952b4aa05bcbfe6fbc1bf08aacd5e52fbc
Instruction Fuzzy Hash: 922103B2504240DFDB15DF14D9C0B26BF75FFC8328F24C569E9090B25AC33AD856CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0098D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246297538.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_98d000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ba329d01fcb5baebd7349ef246acaf945dbfa2568d0e8867f5f5859984ac72a
Instruction ID: d0fded5b00b98fcdb1d5cb96b94976ce415aa75446eeb2b44212d90e18205910
Opcode Fuzzy Hash: 5ba329d01fcb5baebd7349ef246acaf945dbfa2568d0e8867f5f5859984ac72a
Instruction Fuzzy Hash: 4F21F275604344DFDB14EF14D980B26BBA5EB84314F24C96DD84A4B386C33AD847CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0098D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246297538.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_98d000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51859d068245741c69ff59b427ea50022e97f78ad794df67062b8fe5b82298e9
Instruction ID: 85fefc3d12f6fa801f6809fcc08edd5dcfc352f21df53494369405968bc84b98
Opcode Fuzzy Hash: 51859d068245741c69ff59b427ea50022e97f78ad794df67062b8fe5b82298e9
Instruction Fuzzy Hash: FA21F2B1504204EFDB05EF14D9C0F26BBA5FB84314F24CA6DE80A4B396C33AD846CB61

Uniqueness

Uniqueness Score: -1.00%

Function 08784128 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a4b27cb4b73c28ed14755c5f44a4d67c377b36e87cf788e501982cee3c122c
Instruction ID: dc7dad0d5335ad9505c4329294295c7d9e4477847d57b165ce387afa5dc82880
Opcode Fuzzy Hash: e9a4b27cb4b73c28ed14755c5f44a4d67c377b36e87cf788e501982cee3c122c
Instruction Fuzzy Hash: C5213674E4924AEFCB00DFA8D8809EDBBF5BB59341F10946AD815B7305D7709900CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 087869A5 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 485e66d17c5eea505c18f942465386045b3670cccf18a8730c58fa9ff0391cc9
Instruction ID: 22451e98fd40c4c7f6394cbc3b47caeeaad045c0a4a56d357a55260101dda259
Opcode Fuzzy Hash: 485e66d17c5eea505c18f942465386045b3670cccf18a8730c58fa9ff0391cc9
Instruction Fuzzy Hash: 6531D2B4D01318EFDB20DF99C989BDEBBF5AB08314F24801AE414BB244C7B55985CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0878CFD5 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe79ce5b00a7dc75ec07deed8ccb5f62c2f1dce87d04ba7d85cf874cac601981
Instruction ID: e8936a3e772900073c22d503f37ceb9b82b3f3c0db4dba8525eda9f23e738b13
Opcode Fuzzy Hash: fe79ce5b00a7dc75ec07deed8ccb5f62c2f1dce87d04ba7d85cf874cac601981
Instruction Fuzzy Hash: D4310874D89228CFDBA0DF64D884BEDBBB4BB49311F00509AD40DA3345D7349986CF20

Uniqueness

Uniqueness Score: -1.00%

Function 0878ED4D Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fbefc7abd83a4651924185cd5586900830113c18b194da53fd8f6ea376d8dbc
Instruction ID: c4d22513b31d17c40195e295cc5283b542f4ecb2b9e58865ca41afd35fc89e96
Opcode Fuzzy Hash: 6fbefc7abd83a4651924185cd5586900830113c18b194da53fd8f6ea376d8dbc
Instruction Fuzzy Hash: 9D21CC71989205CFDB40EFA8D888A9CBBFAFB49301B009215E51AAF74ED7709904CF21

Uniqueness

Uniqueness Score: -1.00%

Function 08786488 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 763bcb7d9302e2730d380b8d1f092f8d57bcb8cedbb33536938207efb4244b5e
Instruction ID: 84545d758476638aca172d66d498dbae786e90f08ddce3e15ff35a78da444911
Opcode Fuzzy Hash: 763bcb7d9302e2730d380b8d1f092f8d57bcb8cedbb33536938207efb4244b5e
Instruction Fuzzy Hash: 0931C0B0D41318EFDB20DF9AD588B9EBBF5AB08314F248069E804BB244C7B56845CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 08784138 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1292d3494a2551239201e713fb95e789451bea7c6f3a2bf590f52c59e05d9486
Instruction ID: 47da65e896a5940df7deec3945e82a46c5854da77864926c8aaf72f9a012b7be
Opcode Fuzzy Hash: 1292d3494a2551239201e713fb95e789451bea7c6f3a2bf590f52c59e05d9486
Instruction Fuzzy Hash: 5A21B474E4521AEBCB04DFA9D8409EEFBF5FB59311F10942AE816B7304D77099018FA9

Uniqueness

Uniqueness Score: -1.00%

Function 0098D006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246297538.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_98d000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c27f349526f28ca6b5f7c8d085ed0678ff2ffa2f7c73a68bb4f3793e7a99134
Instruction ID: 6f414c8113e8c08a85e9146cb7b1e37ecd978af10357d2319ceb02192999d834
Opcode Fuzzy Hash: 4c27f349526f28ca6b5f7c8d085ed0678ff2ffa2f7c73a68bb4f3793e7a99134
Instruction Fuzzy Hash: A9218E755093808FDB12DF20D990715BF71EB46314F28C5EAD8898F6A7C33A980ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0878341D Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92f9cc4434b9cbb918540dc03f3d32a5fe54abce5a00a929e7ab8cd4565db153
Instruction ID: 6db44879f995ac799dfca0b556fab3c97d903d3541b4947ee3ec0e67ab1661b0
Opcode Fuzzy Hash: 92f9cc4434b9cbb918540dc03f3d32a5fe54abce5a00a929e7ab8cd4565db153
Instruction Fuzzy Hash: C2214974E04208DFCB55DFA8C8909ADBBF0EF4A304F20856ED859AB346D731A806CF11

Uniqueness

Uniqueness Score: -1.00%

Function 08786642 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87c389ab466459264e9781cfb6e100416403494caf03a5934e0fdc02df1a85f5
Instruction ID: 29d6b209565b9af20f4614a2799fa4ff388afd12d9cf8f7e40fb8c759e2caf6a
Opcode Fuzzy Hash: 87c389ab466459264e9781cfb6e100416403494caf03a5934e0fdc02df1a85f5
Instruction Fuzzy Hash: 48016D656D4B80B9E218F92CCC007C53B511B6A716F044019D3D54F1D6CEE200998EF6

Uniqueness

Uniqueness Score: -1.00%

Function 0878C228 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb85fe025b56cce2612e7b91049207675edaead20d22741ff73287bdcd94ecb4
Instruction ID: 9d9c76b93b25b6b68d03ccd6f1f611cc90e10db78b6080bbe552c73bf0fefb3b
Opcode Fuzzy Hash: fb85fe025b56cce2612e7b91049207675edaead20d22741ff73287bdcd94ecb4
Instruction Fuzzy Hash: 9221C7B4D44209CFCB80DFE9C1819AEBBF5FB88301F2091A9D809A7755D7709A81CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 08786724 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 375a6adf5e9002e4389e3c7851a52abd4e483bd08c8a841e26889610c5482b34
Instruction ID: e0a4982ff20cab6baa591ed325e217ef774d63a271d02dac5693e77b3bb4e089
Opcode Fuzzy Hash: 375a6adf5e9002e4389e3c7851a52abd4e483bd08c8a841e26889610c5482b34
Instruction Fuzzy Hash: 9921F2B5D00349DFCB10DF9AD844BDEBBF5EB48310F508429E919A7210C374A954CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0097D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246246817.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_97d000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
Instruction ID: 5eb366813e56937692566ef79497c8a09a0597397944030ca51610f4c224eab3
Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
Instruction Fuzzy Hash: 1111D376504280CFDB16CF10D5C4B16BF71FF94324F24C6A9E8490B65AC33AD956CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0878ECC2 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a8fd3179feeeec3585f2939ea473eacd7b2783cf270da52b32e165753d9055e
Instruction ID: 8676c2d78f8fc8158388302eb0882b2c86e48bc5ebf0f7651e127900a3b463a5
Opcode Fuzzy Hash: 4a8fd3179feeeec3585f2939ea473eacd7b2783cf270da52b32e165753d9055e
Instruction Fuzzy Hash: 07215974A45209CFEB40EFA4D548AACBBFAFB89311F00D215D40AAF749CB719906CF21

Uniqueness

Uniqueness Score: -1.00%

Function 0878C309 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7102f524a8e994369166fd0145bc17b01c541366758dd75733c5e6b2896d4122
Instruction ID: 35bac06a06a32b46da7bec607df924c37cf52381588766c93264ba41fc1c30ae
Opcode Fuzzy Hash: 7102f524a8e994369166fd0145bc17b01c541366758dd75733c5e6b2896d4122
Instruction Fuzzy Hash: DD119470948304DFCB45DFA8C5409ADBBF5FF8A311F1482D5D4589B75AC3309A42EBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0878AF71 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f5abf5a2f6bfbcf71a6ddf7a1ff09bf7ce9e26953cbc04ef4772ff1bd54bba2
Instruction ID: cb85e33ef33dff2be4f63761a75b7ae858d1ab2e264c2b029bac43170024f8b4
Opcode Fuzzy Hash: 9f5abf5a2f6bfbcf71a6ddf7a1ff09bf7ce9e26953cbc04ef4772ff1bd54bba2
Instruction Fuzzy Hash: 58117074A86218CFDB10EF58D880AEDF7BAFB89311F105295D40DA7209C334A881CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0098D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246297538.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_98d000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction ID: 591c39cbc9a9b22efe8d77f77f658ed2a30e7a0b31c0ad2afcca59f5390187ca
Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
Instruction Fuzzy Hash: EB11BB75504280DFDB12DF10C5C0B15BBB1FB84314F28C6AAD8494B796C33AD80ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 0878C770 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb3ccf8639e111f3868ac12826730f7edbeaee3a417029fa56014538bbd6df05
Instruction ID: 14bfe01606dcc655bd994135a75e4d55d46eb2cd92e071cdb99c27805695ca5c
Opcode Fuzzy Hash: bb3ccf8639e111f3868ac12826730f7edbeaee3a417029fa56014538bbd6df05
Instruction Fuzzy Hash: AD11F8B1D00658CBEB58CF6AD9457DEBFF7AFC8300F14C46AD409A6264DB35094A8FA1

Uniqueness

Uniqueness Score: -1.00%

Function 08787E2F Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3b1291997866ba0107c7bd138d17dfe84cf5858e3f9e0af7fb1d1c4db32ca80
Instruction ID: 1da261c0d761290a9199f78d088d24b536503131ad1e544989b837a54b8c3a8a
Opcode Fuzzy Hash: c3b1291997866ba0107c7bd138d17dfe84cf5858e3f9e0af7fb1d1c4db32ca80
Instruction Fuzzy Hash: 8911CFB6D002499FCB10CF9AD984BDEBBF4EB48310F14842AE919A7210C374A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0878C318 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 771eb3412a2e7abd9f0db15dfd3332e797124d72efb218035e0281060f81d394
Instruction ID: ac4b7536c20af66a7e3003aa675e5578361b4ba37c67c7af899dde148291ec9e
Opcode Fuzzy Hash: 771eb3412a2e7abd9f0db15dfd3332e797124d72efb218035e0281060f81d394
Instruction Fuzzy Hash: E9113C74D48208DFCB84EFA9C5409ADBBF9FB89301F10D595D41CA7709D7309A42AFA2

Uniqueness

Uniqueness Score: -1.00%

Function 087817F8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16f32aa224bcd738c80e2df05a6fe7806dd75ca5c76c51d83ab48153e9991f57
Instruction ID: c669b055f26f0d17375eaf0062e5f0f14071a9e1ea234af528ad72b244e49707
Opcode Fuzzy Hash: 16f32aa224bcd738c80e2df05a6fe7806dd75ca5c76c51d83ab48153e9991f57
Instruction Fuzzy Hash: 0E113A71E04618CBDB58DF6AC84579ABBF2AFC9310F04C0AAD80DAB355DA300846CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0878C780 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11c39fc28fe1fd4326ec6d6cd4b593c082a32d60d15bfa22d11e5e6e10e87294
Instruction ID: 52bdd25027edc7c2ea597893bbadf8572165d27e8cb6dde3a015b75a35c3b565
Opcode Fuzzy Hash: 11c39fc28fe1fd4326ec6d6cd4b593c082a32d60d15bfa22d11e5e6e10e87294
Instruction Fuzzy Hash: 271196B1D006588BEB58CF6BD84479EFAF7AFC8300F14C46AD40966264DB7509468FA5

Uniqueness

Uniqueness Score: -1.00%

Function 08781808 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 000fcc9594b366238213ffbc0989eab0d0f1ce0869a6de0ddbd152876b22fec9
Instruction ID: 107ffd2b12413d1889819376d761fa1b225a0acf2895f9af4610daa155a8e93a
Opcode Fuzzy Hash: 000fcc9594b366238213ffbc0989eab0d0f1ce0869a6de0ddbd152876b22fec9
Instruction Fuzzy Hash: 5F11FA71E04618DBDB18DF6BD84579AFBB3AFC9310F04C0AA980DA7354DE3059868F50

Uniqueness

Uniqueness Score: -1.00%

Function 0878D647 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea5d7ab829e0c5290385f39ad9bfbb5d92165767b9debcaf680bdce10505bf4e
Instruction ID: facb9d1ecb1d16200f67761067bd098997cc3de5f6ec69f39559633ec281ed3e
Opcode Fuzzy Hash: ea5d7ab829e0c5290385f39ad9bfbb5d92165767b9debcaf680bdce10505bf4e
Instruction Fuzzy Hash: 3B018C74648248DFC710EBA8C684AADBFF5FF4A210B1991D5E4098B3A7C6309E41DB52

Uniqueness

Uniqueness Score: -1.00%

Function 0878D1F0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47d3ef81b6fb3c81bd379dcc33639e456151034b715dfe856571e11091e3473
Instruction ID: 2c282e11f7f4af44596ab7e23c9f38d5e56bd695832b80bcf306e1747a71898f
Opcode Fuzzy Hash: d47d3ef81b6fb3c81bd379dcc33639e456151034b715dfe856571e11091e3473
Instruction Fuzzy Hash: 51116930E05218DFDB08DFAAD9409ADBFF6BF89301F108029E409A7354DB349942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0097D745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246246817.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_97d000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b881565fba0d15ffe3611a9fbf964a9c3b2d9bbc8070ad4bcaa0f26a63c31f8
Instruction ID: 8b0f3372bfae4a1b107862ac0a2c6384439ea1a422edcf401b975e9c2d02afb0
Opcode Fuzzy Hash: 6b881565fba0d15ffe3611a9fbf964a9c3b2d9bbc8070ad4bcaa0f26a63c31f8
Instruction Fuzzy Hash: 1D01A7B24063449BF7245E15CD84B66BBACDF86324F18C92AED1D4E286D6799840CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0878EC59 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c8d337c8ca39bd3b3fb0e5cd1d20ae6ea8671e4cf6d3574734bc08cd1479b56
Instruction ID: 87584eab6a1e5078b3919a725bda0777e1d7040e75d80b0c12e0a284170b5dc1
Opcode Fuzzy Hash: 4c8d337c8ca39bd3b3fb0e5cd1d20ae6ea8671e4cf6d3574734bc08cd1479b56
Instruction Fuzzy Hash: CC018075D46204CFE754EF60E948BA8BBB5FB49201F0091EAE90D97315DB314945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0878D1EF Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff622737aa4ccf06dda6906ceb6780db31e89ff28b3b63e8ada12fd324721c19
Instruction ID: 0fde9d1eef327c3cea7b1ba6f5973b1f6586826eea85cb16dbbf9014f6cbedf1
Opcode Fuzzy Hash: ff622737aa4ccf06dda6906ceb6780db31e89ff28b3b63e8ada12fd324721c19
Instruction Fuzzy Hash: 0F014C75E05214DFDB09DFA6D6449ADBBF7BF89301F108069E409A7354DB349942CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0878D5E0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cd5eaf49113314fd365623a2abb48ab141a9a06450bd042f4c2adad3dd66070
Instruction ID: 53fd41613da8831bc1ae5992ca243089e85213ac6b79e08c20272dbe34c35a7f
Opcode Fuzzy Hash: 7cd5eaf49113314fd365623a2abb48ab141a9a06450bd042f4c2adad3dd66070
Instruction Fuzzy Hash: 16F08170A8D20CDBC714EF55C5405BCBFFCAB4B242F04A1A5E00D5B199DB309E41DB61

Uniqueness

Uniqueness Score: -1.00%

Function 08784580 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d0ff120e411154f0fd34c84e46e8a21c9d80855b1b47e0310454b26bd0fc0aa
Instruction ID: 869006c5a22435ca58ea4c6ebe404b4e501c0f94bac63f39e2d59bf07f5ec390
Opcode Fuzzy Hash: 8d0ff120e411154f0fd34c84e46e8a21c9d80855b1b47e0310454b26bd0fc0aa
Instruction Fuzzy Hash: 89013970510F04DBD324DF2AE596A5ABBF5FB883007818D5DD0CA42A68CFB5A465CB05

Uniqueness

Uniqueness Score: -1.00%

Function 0878D658 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 422b4ceb178db4206b9bd7bf372565af2d5dc51c5c4c90ab07881c02b36ddfba
Instruction ID: 15ad5fed6b6aeb4c48b9167b0a8384e545c62020db076bcd435ddf0a9d82aaa2
Opcode Fuzzy Hash: 422b4ceb178db4206b9bd7bf372565af2d5dc51c5c4c90ab07881c02b36ddfba
Instruction Fuzzy Hash: 31012874A44208EFC700EFA8C685AACBFF9EB49301F15C194E40D97395DA30DE40DB51

Uniqueness

Uniqueness Score: -1.00%

Function 0878EF99 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd4edac6060b550ca6480fd28322f5360e9b0fefd6b24533683aefa7e5bbc002
Instruction ID: f73e1073486646732e57895501be5603747467a7a92f2e464b5d97165de88eb3
Opcode Fuzzy Hash: dd4edac6060b550ca6480fd28322f5360e9b0fefd6b24533683aefa7e5bbc002
Instruction Fuzzy Hash: EC110934944308CFDB50EF64D948B9CBBB6FB49301F009199D50AAB31ADB309D81CF61

Uniqueness

Uniqueness Score: -1.00%

Function 08786D64 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d312b9060a0afc7c29eae3d59e2118ff20edbc160dcf6f81f316f7d81615058
Instruction ID: 45484098d48521eb66b5549acc7ae78bee73f05ad3670cd99d57c4e12d7c08ee
Opcode Fuzzy Hash: 9d312b9060a0afc7c29eae3d59e2118ff20edbc160dcf6f81f316f7d81615058
Instruction Fuzzy Hash: FD010871848219EFDF14EF69C40C3EEBBB1BF48351F148669E424AB294D7744A41CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0878CDED Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54c17c309062b8c97331393c48c060a2fbff444a8e0c02f8b2a8d46fcce8b425
Instruction ID: 0db328460d02263b241de7ecccab7ffc72531553f166184d3ff1970cb2d7c25c
Opcode Fuzzy Hash: 54c17c309062b8c97331393c48c060a2fbff444a8e0c02f8b2a8d46fcce8b425
Instruction Fuzzy Hash: 1411CB38A05228CFCBA0DF18D884BACBBB5BB89311F1480D5E44EA7215DB30AE85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0878D5D2 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8d2807fe7089038924ff7bf8e66bae65f684ec308d028101802eae95742e9d6
Instruction ID: deb5e3658a70812c34fc9df9fdaf3dc9c4d47e1e8c4c2ad987072b7857efd2f6
Opcode Fuzzy Hash: f8d2807fe7089038924ff7bf8e66bae65f684ec308d028101802eae95742e9d6
Instruction Fuzzy Hash: 83F0CD706DA388DBC322EB50D6109F97FBCAB0B142F04A196E4094708BDA304E45CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 08780398 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fd0220f9803da5b95bd054c1c7c1b6ce0a61a95f80ff50e57a920616dc5f48c
Instruction ID: e16276229f03316899d4a7196e25a96de18b48c4d39ec69f13a06bf992ddf4c8
Opcode Fuzzy Hash: 5fd0220f9803da5b95bd054c1c7c1b6ce0a61a95f80ff50e57a920616dc5f48c
Instruction Fuzzy Hash: CCF096313545008FC7259B29D485AAD7BAA9F85611F1900AFE00DCBA72CF309C06C760

Uniqueness

Uniqueness Score: -1.00%

Function 0878CA3B Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ee4f417d3abdb67c28e178557fdd26a4204fe6cd290d7f1895083e02290bb71
Instruction ID: 471b66f3d7f614f54d4d0aaf0f41dce68ba4af28a0c6a97490d88f59b5037ddb
Opcode Fuzzy Hash: 8ee4f417d3abdb67c28e178557fdd26a4204fe6cd290d7f1895083e02290bb71
Instruction Fuzzy Hash: B9019379D49219CFCB91DF64D880AEDBBB4EB19311F105096D459A3301DB349A86CF51

Uniqueness

Uniqueness Score: -1.00%

Function 08787DB8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c1f5353d9267a3d75b6c0397771959a6cab27b9c8ed3c483429b89ff05a1105
Instruction ID: 9d1016a48935a8bb3ba8a793294dbb36f654b2d061f3c32104f1479dda3f7368
Opcode Fuzzy Hash: 9c1f5353d9267a3d75b6c0397771959a6cab27b9c8ed3c483429b89ff05a1105
Instruction Fuzzy Hash: 78F0B476605114AFDF06DBA8DD5489A7FFAEF45204B1480AAE004DB336D2319A1187A4

Uniqueness

Uniqueness Score: -1.00%

Function 08786E00 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41dd738e0de4ad4bbbd2643a36cdd55dd35680e5233324e9a3cd26bfc8261d8b
Instruction ID: 291ebd422e9903e02ffc30922cfdb9b1773ef4978c08f3b6efff8912237a9418
Opcode Fuzzy Hash: 41dd738e0de4ad4bbbd2643a36cdd55dd35680e5233324e9a3cd26bfc8261d8b
Instruction Fuzzy Hash: 23F09AB6B042145FE304CB6AA8859ABBBE9FF88221315816AE418CB221CA309D0197A0

Uniqueness

Uniqueness Score: -1.00%

Function 0097D744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246246817.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_97d000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7702bfbd93547fcb09cfc9ebca722a5c68c00ef98ffbe0958bdfacbb26609468
Instruction ID: c778a68030487219216f781681b74474dc92928e35f44237f6f79bacf82d98a3
Opcode Fuzzy Hash: 7702bfbd93547fcb09cfc9ebca722a5c68c00ef98ffbe0958bdfacbb26609468
Instruction Fuzzy Hash: E8F062B64053449EF7248E15C984B62FBACEF95734F18C45AED5C4F286C2799C44CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0878B8C2 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 424f877e516237b2177e1e6bea4a875e76ee03cd0885f1a675197d1217218da7
Instruction ID: 5aea470b92ca6f6938c8509ace586b6466a6f6772284cebdb94b879bfedd885c
Opcode Fuzzy Hash: 424f877e516237b2177e1e6bea4a875e76ee03cd0885f1a675197d1217218da7
Instruction Fuzzy Hash: 6BF03074D48248CBCB04DFA1C4816FEBBB9FF59312F14A029D019A7349D7346842CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0878C988 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0da881d91e7de627df139be4975a6a0c9158830125428f62053f9c4b2ced0aa5
Instruction ID: b453c09df74e123909f30b610d9f9d4eda6077c18c2291f68a46b1cd0d8feed8
Opcode Fuzzy Hash: 0da881d91e7de627df139be4975a6a0c9158830125428f62053f9c4b2ced0aa5
Instruction Fuzzy Hash: B311C578C49368CFCBA59F24C8887ECBBB5FB09301F0080E5E90DA2215CB358A81CF61

Uniqueness

Uniqueness Score: -1.00%

Function 08786D70 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d691b7142644fcb3f592cd977c8ff46ccd628338dc9505b8aa58f056d98dfbf
Instruction ID: e8f5e823ed988854d7c77bb69c6e443caa3f19318c5fdadefcb768db62c7ebd8
Opcode Fuzzy Hash: 4d691b7142644fcb3f592cd977c8ff46ccd628338dc9505b8aa58f056d98dfbf
Instruction Fuzzy Hash: 5D01A870848219EFDF14EF6AC4087AEBBF5BF48351F148669E524AA294D7744A44CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 087816F4 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5c83c9f3abc808eac90c25d78c961519fd9b131aa0209ea27ee0ae72a03ec75
Instruction ID: da542d852b86875fd9e1c488d54baf13e109f806336462c1112ec20059ab4d59
Opcode Fuzzy Hash: a5c83c9f3abc808eac90c25d78c961519fd9b131aa0209ea27ee0ae72a03ec75
Instruction Fuzzy Hash: B4F059B1905380DFC706DF50D8115A93F70EB03311F4481CEE4854B160CB359943DB21

Uniqueness

Uniqueness Score: -1.00%

Function 0878C9C8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97c275214b3685bc260282554f621cafa03d2fb0ef40853aa91142b8954b785f
Instruction ID: 89cdf8d834dc029c5c07f9cf4a637f9fb8a0dd6393dac19cb4be454711b8ca24
Opcode Fuzzy Hash: 97c275214b3685bc260282554f621cafa03d2fb0ef40853aa91142b8954b785f
Instruction Fuzzy Hash: 5F01AF79D09218CFCBA1DF68D880AEDBBB4BB1A311F105096E44EA3341EB309E85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 08786E10 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a05c9927700eadbd77e7e3d3309bf4eeecbfe47f108541cdf05624e50b5c2e9
Instruction ID: bc4f7e24f1ebcb4e454796d443beda17b5957674549ddfb5d3124f09d2c188c8
Opcode Fuzzy Hash: 9a05c9927700eadbd77e7e3d3309bf4eeecbfe47f108541cdf05624e50b5c2e9
Instruction Fuzzy Hash: ABE03972B002286F93149A6AE884D6BBBEEEBCC660355807AF51CC7311D9319C0186A0

Uniqueness

Uniqueness Score: -1.00%

Function 087836C2 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fcdcf370346975f148514e1bc11ed8dc59070e54db87bf51f701eb74a632c64
Instruction ID: 77828d92092d17efa07ff0bf7425242d7d3470443040136c3fade7663a2df9e3
Opcode Fuzzy Hash: 9fcdcf370346975f148514e1bc11ed8dc59070e54db87bf51f701eb74a632c64
Instruction Fuzzy Hash: 4C01A478D04208DF9B10DFA8C48099CBBF0FB0A210B60562DD85AA7356DB31A902DF10

Uniqueness

Uniqueness Score: -1.00%

Function 0878EC65 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59cb5fed1cc818fd0ecfbb67002fec04758a113eb54188457d360fedf285ece8
Instruction ID: 1ffdafe7368ebcb25910d68758159f8f2296a867d51db120c1c351d8f96b92d6
Opcode Fuzzy Hash: 59cb5fed1cc818fd0ecfbb67002fec04758a113eb54188457d360fedf285ece8
Instruction Fuzzy Hash: C2F03078A46214CBE764EF60DD08BA87BB6FB89201F0092E5D50E97358DB304E85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 087803A8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27229004c475bfb0c0598b2ba674d0e24350233b7ce511225a9eb9bc8d566f36
Instruction ID: c0d8d1249876471df1f47618c01eb8d17979cba8ccd2ecc1c66ed3f5100f9896
Opcode Fuzzy Hash: 27229004c475bfb0c0598b2ba674d0e24350233b7ce511225a9eb9bc8d566f36
Instruction Fuzzy Hash: 67F03031350910CFC7249A1ED448B6D77EE9FC4A12F1901BEE10DCB665CA719C05CB64

Uniqueness

Uniqueness Score: -1.00%

Function 087816A9 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35ce13edfc2028dd628c4844467894ccaafb2400336ded57849d9f648b39093f
Instruction ID: af5ea05631e6119c438b9548e11ce2bb94796f93ff5bb50638361be5f31bdf73
Opcode Fuzzy Hash: 35ce13edfc2028dd628c4844467894ccaafb2400336ded57849d9f648b39093f
Instruction Fuzzy Hash: 14F0ED70541384DFD74ADF20C0129AE7FB0EB03311F00819EE8464B2A1CB39AC12DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0878D03C Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 087998bf010b0e9abab8a00fefe178b6c3fd8a330cc436d1b2980b5a151455b6
Instruction ID: 565c9d90a69622fab301cb853d68569500fc894139024449fd2ad77c4597e379
Opcode Fuzzy Hash: 087998bf010b0e9abab8a00fefe178b6c3fd8a330cc436d1b2980b5a151455b6
Instruction Fuzzy Hash: 29F09274909218CFCBA0DF69D884AECBBB4FB09311F1050E5E54EA7355DB319985CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0878D0A7 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6595b8882e190a13501937df5636169708afb9314696976bf4d36b27640b6e66
Instruction ID: 8826453e60dcbb41fd8430ebf338d7ddf6c0c66ab99938d31782a42aaac8fa0b
Opcode Fuzzy Hash: 6595b8882e190a13501937df5636169708afb9314696976bf4d36b27640b6e66
Instruction Fuzzy Hash: ECF0C475906218CFCBA1DF28D8806DC7BB4FB09311F1050D6D45EA3215EB309D95CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0878B809 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef91883e0375b08a68db16f714d6f4de6e8baa6bfc6244e417a9325317ce290a
Instruction ID: 9ccf9b4fec85aa64a2bfa52cd589eadacdc7be6dee633be92da6625b19cb31f1
Opcode Fuzzy Hash: ef91883e0375b08a68db16f714d6f4de6e8baa6bfc6244e417a9325317ce290a
Instruction Fuzzy Hash: 01E06D315953959FD792CBA899956DE7FF0AB02220B1402EAE4408B2D2D7344B46C792

Uniqueness

Uniqueness Score: -1.00%

Function 0878C0F4 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a64caae1b553763545096d66770ee000dfda8430c0b76e72152c7a1f056af759
Instruction ID: 900fced49d2c21d1bd016ba42f0c14982217d589fd389b1bc66de5101c95a5c7
Opcode Fuzzy Hash: a64caae1b553763545096d66770ee000dfda8430c0b76e72152c7a1f056af759
Instruction Fuzzy Hash: 1FE06D74958208CBCB00EB90D8858FDBB36FB8D222F206254E41A67255CB395842CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0878CABF Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16d55529a08d724f995bf2486f6ffa056f0517dc2df8722ce789b536010c17d2
Instruction ID: 23e7f3ff5fefd0184fbe8dc6b326592e3cb485f5f472e1e73889ecc65daf1a58
Opcode Fuzzy Hash: 16d55529a08d724f995bf2486f6ffa056f0517dc2df8722ce789b536010c17d2
Instruction Fuzzy Hash: BEE0DFBAC8E680DBCF420E14CCCAA5677A1FB13215B2401E2D8982E04BE7654217EE62

Uniqueness

Uniqueness Score: -1.00%

Function 087816B8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b30242daf1363b8b6a601f8824764d21f7c0d2a8dabe458c63c3f4f21b962dcb
Instruction ID: 23000d0431b25f990c42efeb863353ebdc7735067be8892439c4870ba4ffe962
Opcode Fuzzy Hash: b30242daf1363b8b6a601f8824764d21f7c0d2a8dabe458c63c3f4f21b962dcb
Instruction Fuzzy Hash: 20E08630901308EBCB04EF54E4059ADBF75EB42311F10816DE84427350CB359A51DF95

Uniqueness

Uniqueness Score: -1.00%

Function 08781FE7 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9b10a42709fbcb92f9668f97a45f2b83ba9b335c1cf8704cbc61be7ae15eae1
Instruction ID: f2d34800e029ef62cecda07abfae48ec4d17b4caedcd451f39a446f2a42341a4
Opcode Fuzzy Hash: a9b10a42709fbcb92f9668f97a45f2b83ba9b335c1cf8704cbc61be7ae15eae1
Instruction Fuzzy Hash: 53E0EC39A00508DFC714DE59D840598F7A1EBD9316F50D0A6A6199B314DA3199538B94

Uniqueness

Uniqueness Score: -1.00%

Function 0878B818 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5757d8162c110d530be81985ccc984d4ba6c7f7c3e9f3547535d2efa0a2bfb89
Instruction ID: 165d376f1b01e54ffdfa0347dbc90354a0c5f3306455bad683c207817acf0bdc
Opcode Fuzzy Hash: 5757d8162c110d530be81985ccc984d4ba6c7f7c3e9f3547535d2efa0a2bfb89
Instruction Fuzzy Hash: 22E01270D51308DFC780EFB8D48565CBFF4EB04201F1041A9D80893340EA345A44DB95

Uniqueness

Uniqueness Score: -1.00%

Function 087862E2 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04cfd8851fda76716bfe600989ace2ac3512ad3fe767378494d185a2e76477bc
Instruction ID: 9cc4d1985a98f2fb7165db23dd5cb41b720251dc79b572bf915c0f66fcfc4801
Opcode Fuzzy Hash: 04cfd8851fda76716bfe600989ace2ac3512ad3fe767378494d185a2e76477bc
Instruction Fuzzy Hash: 2FD0123901B3C05FC70367646E248917F76BF5320830940C3E0809A173C6290A1DE771

Uniqueness

Uniqueness Score: -1.00%

Function 08787D90 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa8616bbb7dcff6d490ea3abb9d1e831f2308cdcc8977e0da9655880e538adc6
Instruction ID: 61803d2cb2125815ad458e7ed8f7f3cbcd5d2e9e6466195268e3562dac6a29ee
Opcode Fuzzy Hash: fa8616bbb7dcff6d490ea3abb9d1e831f2308cdcc8977e0da9655880e538adc6
Instruction Fuzzy Hash: 7CC0127405E7C0EFD306927418184616F61E9A32003094587A194850579224192786B5

Uniqueness

Uniqueness Score: -1.00%

Function 08788525 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7d214c699f57ebd775b738e8c90415fc44ab6ef492d101a702a3d1ca80ae1cc
Instruction ID: 9f7f87d41ce0b906f647d19235aa14ebcb92421beb0e7722fe2e918b78f38d79
Opcode Fuzzy Hash: d7d214c699f57ebd775b738e8c90415fc44ab6ef492d101a702a3d1ca80ae1cc
Instruction Fuzzy Hash: 17D06C78908229CBEB20EB618840B99BAB2BB48300F54D1E9D459A3309D7306E809F62

Uniqueness

Uniqueness Score: -1.00%

Function 0878CA66 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ac49b661ea57caefcace820cf61e710a24fcf6a891c28b6ebb72498ce5696f5
Instruction ID: efc11a34348fdf715f2e5406e7828e4da4eb88948c565a736c7e17bd70fa45f6
Opcode Fuzzy Hash: 0ac49b661ea57caefcace820cf61e710a24fcf6a891c28b6ebb72498ce5696f5
Instruction Fuzzy Hash: 3BC0127544C654CFDB005F10C4AE64A7B65FB11349F0001E5C8592F05AD3780546DF72

Uniqueness

Uniqueness Score: -1.00%

Function 0878AE48 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67e26c05587daf23b0da7b2a619ffe640aaa5550af38c246789db55a893924bf
Instruction ID: 1fc90929aaa5f8ecdb0cdcb52c6515ef2418c98f71d6a65d77827899dca4ed7a
Opcode Fuzzy Hash: 67e26c05587daf23b0da7b2a619ffe640aaa5550af38c246789db55a893924bf
Instruction Fuzzy Hash: 91C04C31090748C7EA546BA4B44E37CBBB8A741B1BF581426E50D81460CFB85491D76B

Uniqueness

Uniqueness Score: -1.00%

Function 0878B912 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b33641d31eed6cc3bbed2eb5a4967e7e7e1a2658469de0ac581f9755e7bfb514
Instruction ID: 1abded0514fac20e49d1de72000e7c29e3d6facbbe68095c8c0f12f0f321ee87
Opcode Fuzzy Hash: b33641d31eed6cc3bbed2eb5a4967e7e7e1a2658469de0ac581f9755e7bfb514
Instruction Fuzzy Hash: 32C00275E05208CFCB54EFE4E2955ACBBF5EF59311B609019E40BAB249DA382E098B15

Uniqueness

Uniqueness Score: -1.00%

Function 08782FE4 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ebd0f89ada03c96d65ff6e8ff5304fa19f85177d2d4238035d5ee8fa428537c
Instruction ID: d107371424ae92579985ec2224c4dbbb9355e33f0225858b2e52f9eb0adc88c5
Opcode Fuzzy Hash: 1ebd0f89ada03c96d65ff6e8ff5304fa19f85177d2d4238035d5ee8fa428537c
Instruction Fuzzy Hash: 80C09B39055104EFC715B750C998D1EB6A5FFD5301FC4C851E14546035DA31C559E737

Uniqueness

Uniqueness Score: -1.00%

Function 087865E4 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b480322b7e86bc566530dfcf557b03da5bae97927fd63bfe851c05715d5bfe65
Instruction ID: 33859ecd016a5b478c894098bd4baf1d487228d86203522a6d338926c97407bf
Opcode Fuzzy Hash: b480322b7e86bc566530dfcf557b03da5bae97927fd63bfe851c05715d5bfe65
Instruction Fuzzy Hash: 5DB012F91ED600F691043360C898B2FF050FFB2B01BD0CC02B30640128C87044649A3F

Uniqueness

Uniqueness Score: -1.00%

Function 08781899 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf35198c755068f56340e43254c9aa4c461fb6ff4af46b2032b511d89b232c47
Instruction ID: 0be12946b9dea19b46cc71af4ac6fc954ca70799fe8539a70b2370fc9c017499
Opcode Fuzzy Hash: cf35198c755068f56340e43254c9aa4c461fb6ff4af46b2032b511d89b232c47
Instruction Fuzzy Hash: 81C04878A4432CDFCB20EF609845BAEBAB0BB0A342F841295E446A2204E7305942CE36

Uniqueness

Uniqueness Score: -1.00%

Function 08784696 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de6a0a732fb4af0c6d6ed376c2095d2c641c55c8fdd5ea911653d20ca4ec9748
Instruction ID: 14e1ad19bec70e7ea60dd3f6d6acbdc6eb725997633aae7af0c84ffbe4229788
Opcode Fuzzy Hash: de6a0a732fb4af0c6d6ed376c2095d2c641c55c8fdd5ea911653d20ca4ec9748
Instruction Fuzzy Hash: A8B01231321000DFC7415B64E9054583F21FF482193A01188F0080E121C733C453CB80

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 067B35E1 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ee4f8c53997dabaf026b0ca23232487da1c826d5d0e7969388bdc67d015dd16
Instruction ID: cea94bf780e5e73397945d440a48e29a373fdc6e58b7c11bad3ff35c4727e941
Opcode Fuzzy Hash: 0ee4f8c53997dabaf026b0ca23232487da1c826d5d0e7969388bdc67d015dd16
Instruction Fuzzy Hash: 4BE11C74E002598FDB54DFA8C580AAEFBF2FF89314F24816AD415AB355D730A981CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0878F858 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce5986f141818125b5e1117738a692ef13e8a0839bdb49e37e691b9ec58487c2
Instruction ID: c7f37205243cfe3927910fcff9a398905a2ff601a2269fd652cd80cb349e7554
Opcode Fuzzy Hash: ce5986f141818125b5e1117738a692ef13e8a0839bdb49e37e691b9ec58487c2
Instruction Fuzzy Hash: CBE10974E41219CFDB14DFA8C580AAEFBF2BF89305F24816AD415AB359DB309941CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0878F420 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e966cd863a3afb443ec041fee5040a22e7cebd5a4fe92c607ff3d9b742f3e254
Instruction ID: e5146e605d34f3fb3620c92e4cb6a043b2d5e81857740e245584f82379b62cf1
Opcode Fuzzy Hash: e966cd863a3afb443ec041fee5040a22e7cebd5a4fe92c607ff3d9b742f3e254
Instruction Fuzzy Hash: 33E1E874E41219CFDB14DFA9C580AAEFBF2BF89305F24816AD415AB359DB309941CF60

Uniqueness

Uniqueness Score: -1.00%

Function 067B15D0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa364224e8e7bf1214dfae4dacd4bf0c0873fcfd2c2cfd98f523748ee84f0e53
Instruction ID: bce28b7959aad3c8b17b882df53129db1c97746e0cf40fa801f279e082545fcd
Opcode Fuzzy Hash: aa364224e8e7bf1214dfae4dacd4bf0c0873fcfd2c2cfd98f523748ee84f0e53
Instruction Fuzzy Hash: 80D18B74E002188FCB54CF59C594BEDBBF2BF89314F6481AAD419AB252D771DC82CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 067B0040 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbcbd4491f0b3ba9af27dea2ec68012c92362a720afcad396f9851b75b3eee2f
Instruction ID: 967fbe2182509324640cf86d0a6331423f5f0a89613d13ec9b038210d2dfd3c2
Opcode Fuzzy Hash: bbcbd4491f0b3ba9af27dea2ec68012c92362a720afcad396f9851b75b3eee2f
Instruction Fuzzy Hash: FDE1F874E002198FDB54DFA9C580AAEFBF2FF89304F24816AD415AB356D731A981CF61

Uniqueness

Uniqueness Score: -1.00%

Function 067B1840 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1249971158.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_67b0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccf7f9365092705fc0f824b0c31ebfc86d96510ebee1dbd740be0a29d8b2cccb
Instruction ID: 73311343fe0faed7ac325c2ce6e6d9a9190b630a8d9da2ba8008c878fc1934c1
Opcode Fuzzy Hash: ccf7f9365092705fc0f824b0c31ebfc86d96510ebee1dbd740be0a29d8b2cccb
Instruction Fuzzy Hash: D5E11874E002598FDB54DFA9C590AAEFBF2FF89300F24826AD415AB356D730A941CF60

Uniqueness

Uniqueness Score: -1.00%

Function 08787379 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b346b522d2fe79304a6161728ad593672bff36ec41e9748b1e9d95505cad7bd2
Instruction ID: 0ee8f3effd694e75bdd560108cdd36f6347fcd35b945cbb01dab54b5ab0fdc69
Opcode Fuzzy Hash: b346b522d2fe79304a6161728ad593672bff36ec41e9748b1e9d95505cad7bd2
Instruction Fuzzy Hash: A0D1E63192075A8ACB01EB64D8907DDF7B1FF99300F50C79AE4497B225EB70AAC5CB51

Uniqueness

Uniqueness Score: -1.00%

Function 08787388 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 154588724b8c63bf0e2cbf08ab3085598d73a867d22b36af5d147a296ee138e4
Instruction ID: 7876915887f6910d24558928417d0ee7a4c35c3624688f7b1a91a3e2f5ffd8f9
Opcode Fuzzy Hash: 154588724b8c63bf0e2cbf08ab3085598d73a867d22b36af5d147a296ee138e4
Instruction Fuzzy Hash: A9D1E63192075A8ACB01EB64D8907DDF7B1FF99300F50C79AE4497B225EB70AAC5CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0878F849 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1250543560.0000000008780000.00000040.00000800.00020000.00000000.sdmp, Offset: 08780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_8780000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be71b7553c73ffba569363d10ba7516a4303f367c44abc12581afaf9aaf05391
Instruction ID: 690c484dfc717ecf4f6d73e03f764448a3fe7f100140877c212767b1742494af
Opcode Fuzzy Hash: be71b7553c73ffba569363d10ba7516a4303f367c44abc12581afaf9aaf05391
Instruction Fuzzy Hash: 8B511D70E45219CFDB14DFA9C5809AEFBF2BF89305F24816AD418AB31ADB319941CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0228780B Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1246487720.0000000002280000.00000040.00000800.00020000.00000000.sdmp, Offset: 02280000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2280000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1420fc48cb761d4a70c961f8860971c4a55c7c40dbda7d308605f0696ef7c68f
Instruction ID: 1818a84a3ad0a0793f6567c89a81e7e59c555d4554ab9c9a389e2c94f875a7e6
Opcode Fuzzy Hash: 1420fc48cb761d4a70c961f8860971c4a55c7c40dbda7d308605f0696ef7c68f
Instruction Fuzzy Hash: DF412B79E6510B8FDF10CFA9E581AADF3F1BF49300B24E215E01AEB254DB359945CB50

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Documents of shipment 3-2024.exePID: 7644, Parent PID: 7472COMMON

Execution Graph

Execution Coverage:	11.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	3
Total number of Limit Nodes:	0

Executed Functions

Function 015D9B30 Relevance: 3.1, Instructions: 3073COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c588ba47aa848a3b0bef3978dc96d2b4060bfdc3b5c168bae6805867734244d2
Instruction ID: 7587fc1db0f83f0bc6021e70b08760d1d65464451a5b71b135a45d0fb95f7507
Opcode Fuzzy Hash: c588ba47aa848a3b0bef3978dc96d2b4060bfdc3b5c168bae6805867734244d2
Instruction Fuzzy Hash: 7E63FC31D10B198ADB51EF68C8806ADF7B1FF99300F15C79AE4587B121EB70AAD5CB81

Uniqueness

Uniqueness Score: -1.00%

Function 015DCDA8 Relevance: 2.3, Instructions: 2337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c210cbfaef6d83b9d5706668858a02f9edeea0136ecb79202d6a3f7b9af4ebd
Instruction ID: 3e37f2da698dfa37f113408b616736656d8b93f19711e554d6f62b62a22df11e
Opcode Fuzzy Hash: 0c210cbfaef6d83b9d5706668858a02f9edeea0136ecb79202d6a3f7b9af4ebd
Instruction Fuzzy Hash: 4333FB31D106198EDB11EF68C880A9DF7B1FF99300F55C69AD459AB221EB70EAC5CF81

Uniqueness

Uniqueness Score: -1.00%

Function 015D3E80 Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

\V"m, xrefs: 015D40CB

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: \V"m
API String ID: 0-1545561793
Opcode ID: b3b0ea8edbc23d2ceeca962c112c571ab69d4236eb49fda7d94fcc4f088a2413
Instruction ID: e18c499bff639bbab8245203bfb3073cc7de03074bfca114383cea34995ebe0d
Opcode Fuzzy Hash: b3b0ea8edbc23d2ceeca962c112c571ab69d4236eb49fda7d94fcc4f088a2413
Instruction Fuzzy Hash: 4B913D70E00209DFDF24CFADD9857AEBBF2BF88314F148529E455AB294DB749845CB81

Uniqueness

Uniqueness Score: -1.00%

Function 015D9378 Relevance: .6, Instructions: 614COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13bf6d32270070365e41571163d776bd675eac0199bc13cd316824cfab22748a
Instruction ID: daf6323fe1a1ea8d2b893a8e85b539a019df6a34229c092252aa1ad3934e330d
Opcode Fuzzy Hash: 13bf6d32270070365e41571163d776bd675eac0199bc13cd316824cfab22748a
Instruction Fuzzy Hash: B9327B75A002058FDB24DFACD484BADBBB2FB88314F248569E909EB395DB74DC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015D4A98 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d39142f687f27249bb1ce07e5109072887ab8b5a4016ab8e3375ea39f44c3018
Instruction ID: e51634e4b1f2cf4000368aaa727f1dfba6ca7279eb3685cccb5dd07c9447ed5d
Opcode Fuzzy Hash: d39142f687f27249bb1ce07e5109072887ab8b5a4016ab8e3375ea39f44c3018
Instruction Fuzzy Hash: 0FB13E70E002098FEF24DFADD8857AEBBF2BF88314F148529D815AB654EB749845CB81

Uniqueness

Uniqueness Score: -1.00%

Function 015D4810 Relevance: 2.7, Strings: 2, Instructions: 180
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\V"m, xrefs: 015D487F
\V"m, xrefs: 015D49D2

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: \V"m$\V"m
API String ID: 0-1148475557
Opcode ID: 05510953ff73196551f8743e09ad49d45f361a86f6b46fe1fb635aa4ad5571bc
Instruction ID: ca041df749efa6f2ddcfbbc14bca9fdfe9d86c8c82a4fb9f06afd4692ac9b29b
Opcode Fuzzy Hash: 05510953ff73196551f8743e09ad49d45f361a86f6b46fe1fb635aa4ad5571bc
Instruction Fuzzy Hash: 2F714A70E00249CFDB24DFADC8857AEBBF2BF88314F148529E415AB654EB749842CB95

Uniqueness

Uniqueness Score: -1.00%

Function 015D4804 Relevance: 2.7, Strings: 2, Instructions: 178
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\V"m, xrefs: 015D487F
\V"m, xrefs: 015D49D2

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: \V"m$\V"m
API String ID: 0-1148475557
Opcode ID: 8c23a1d2d6f96c747288188c13733668b1a2dfd46a899cc4347fa24899337437
Instruction ID: 37d5d51a49e56b4ad4828a04b72882075f75a806faaf74596c41f7f91002895b
Opcode Fuzzy Hash: 8c23a1d2d6f96c747288188c13733668b1a2dfd46a899cc4347fa24899337437
Instruction Fuzzy Hash: 49715AB0E00249CFDB20CFADC9857AEBBF2BF48314F148529E415AB654EB749842CF95

Uniqueness

Uniqueness Score: -1.00%

Function 015D6F06 Relevance: 2.6, Strings: 2, Instructions: 148
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LRq, xrefs: 015D6F0E
LRq, xrefs: 015D6FBD

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: LRq$LRq
API String ID: 0-3710822783
Opcode ID: 591380c74278f1c2a0ffd84feabc2b2dcd181584f23a73f8c844fc42cd45af43
Instruction ID: 10a1ed95dbfc190cc505bd38dfa4801803e28598ddb464b7abd894c71f1c8ac5
Opcode Fuzzy Hash: 591380c74278f1c2a0ffd84feabc2b2dcd181584f23a73f8c844fc42cd45af43
Instruction Fuzzy Hash: F851CF71A002169FDB25DF6CC85079EBBB2FF89300F5085AAE415EB395DB719C42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 066DE270 Relevance: 1.6, APIs: 1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalMemoryStatusEx.KERNELBASE(8B5505CC), ref: 066DE2DF

Memory Dump Source

Source File: 00000003.00000002.2493702355.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_66d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: c97f9823f2577537f51f01bce638bdf967f3fc4978f5be9a001076bc9b6ac7e6
Instruction ID: 4b0abf3a96aac2b82f50d44815c24f7fe67445ca71c27996e4e2790b1d2d9912
Opcode Fuzzy Hash: c97f9823f2577537f51f01bce638bdf967f3fc4978f5be9a001076bc9b6ac7e6
Instruction Fuzzy Hash: 9A1156B1C0425A9FCB10CF9AC444BEEFBF5BF48324F14812AD818A7240D378A940CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 066DE278 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNELBASE(8B5505CC), ref: 066DE2DF

Memory Dump Source

Source File: 00000003.00000002.2493702355.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_66d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: e4d38466a317f79f0f00110642086622845521b2378410896dab9b572e2c674b
Instruction ID: 23941df9b59d5139d430049d821c6753aed83651db6553f990a8bfef21b2a5ef
Opcode Fuzzy Hash: e4d38466a317f79f0f00110642086622845521b2378410896dab9b572e2c674b
Instruction Fuzzy Hash: 1D11F3B1C0466A9FDB10DF9AC544BEEFBF4AF48324F14816AD818A7240D778A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 015D3E74 Relevance: 1.5, Strings: 1, Instructions: 235COMMON

Download Yara Rule

Strings

\V"m, xrefs: 015D40CB

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: \V"m
API String ID: 0-1545561793
Opcode ID: b636b1b9d75003a66f27c226642a7b46d5e0180a6bccb7e9b732dc54d62c6475
Instruction ID: 48d93349ea08e968c01f4f291cfa3703e4835e6fdebffe6812f8a3c17d64b8da
Opcode Fuzzy Hash: b636b1b9d75003a66f27c226642a7b46d5e0180a6bccb7e9b732dc54d62c6475
Instruction Fuzzy Hash: C4915C70E0024ACFDB20CFACD9857DEBBF2BF48314F148529E455AB294DB749845CB92

Uniqueness

Uniqueness Score: -1.00%

Function 015DF3FD Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

PHq, xrefs: 015DF54B

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: PHq
API String ID: 0-3820536768
Opcode ID: d1d1f7650ce86e5919a81660f51d48a7fc4a143614678099f01cded9d0b2a1d1
Instruction ID: 6dff08953542baedf02f92b926057e708b62bd89759ab586df12b17450af3f6e
Opcode Fuzzy Hash: d1d1f7650ce86e5919a81660f51d48a7fc4a143614678099f01cded9d0b2a1d1
Instruction Fuzzy Hash: 1E31EE717002018FDB2A9F38E55476E3BA2BB85700F64492AD007DB396DE75CC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015DF410 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

PHq, xrefs: 015DF54B

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: PHq
API String ID: 0-3820536768
Opcode ID: d29ddc56666eff304e832f857143d11a8dd61506beaaabe463999a1f4713ae88
Instruction ID: 0f65d380b3b4c09566229a692f6d67bd4987b3fcfce02d8556c4145d4a2afd5c
Opcode Fuzzy Hash: d29ddc56666eff304e832f857143d11a8dd61506beaaabe463999a1f4713ae88
Instruction Fuzzy Hash: C331CD70B002058FEB299F3CE41476E7BE2BB89A04F64452AD007DB3A5DE76DC46C791

Uniqueness

Uniqueness Score: -1.00%

Function 015D6F78 Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

LRq, xrefs: 015D6FBD

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: LRq
API String ID: 0-3187445251
Opcode ID: 9dc4efb0cc15e77bc0d0be96f0dda875a031548579b858cfc41e1f51e760e693
Instruction ID: 1ed069f7d2577dc88e8659faa3e89f4ff332996300652b9f25f42d4c28b771a1
Opcode Fuzzy Hash: 9dc4efb0cc15e77bc0d0be96f0dda875a031548579b858cfc41e1f51e760e693
Instruction Fuzzy Hash: 5F318E34E002198BDB25CF6CC45079EB7B1FF89305F50856AE811EB380EB71A942CF80

Uniqueness

Uniqueness Score: -1.00%

Function 015D6B8F Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

LRq, xrefs: 015D6BD7

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID: LRq
API String ID: 0-3187445251
Opcode ID: bbc85ba4b811fb63c86bd7a2f17a19833c267616f4282ac1d2d4bc3592a5e36e
Instruction ID: db2e5f988607ad6a04574f51fc3539f8ef6b3e05d263e7c2e290e874f7084ce1
Opcode Fuzzy Hash: bbc85ba4b811fb63c86bd7a2f17a19833c267616f4282ac1d2d4bc3592a5e36e
Instruction Fuzzy Hash: AB2188B27042528FD319AB38D85079E3BB2FB95740F4484AAC000CB396EE258C46CB92

Uniqueness

Uniqueness Score: -1.00%

Function 015D790A Relevance: .6, Instructions: 552COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3114e58b8074c4c2913e483e29bb3b77f4aaa01bc69d4218bf706c2902ab47f
Instruction ID: 34f48b6d3672b9005361079675f0b6612569737dd8bd54e664044cedb24e7eca
Opcode Fuzzy Hash: f3114e58b8074c4c2913e483e29bb3b77f4aaa01bc69d4218bf706c2902ab47f
Instruction Fuzzy Hash: 1F12A4707112068BEB2A9B3CD88422C77A6FBCA615F50597DE006CB365CE75DCC2CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015D4A8E Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efcb1ae5bf1d9ba5f3161d0a75b684e60bef0084c84219ebb9a07127ad63ddfa
Instruction ID: 096f0f1c03e66564f97b78870c99c0c4fc55581d8600b57dcb43c5861cfd452f
Opcode Fuzzy Hash: efcb1ae5bf1d9ba5f3161d0a75b684e60bef0084c84219ebb9a07127ad63ddfa
Instruction Fuzzy Hash: 13A14C70E00619CFEF20DFACD8857AEBBF1BF48314F148529D815AB694EB749885CB81

Uniqueness

Uniqueness Score: -1.00%

Function 015D9364 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eed2a05cbce12fadd321d6b4bf1b22b6552f9bed52d6767db783f2d4e0afb55c
Instruction ID: 6b2c08206acca06b6e8f404b22c3687c7121176eacad284ff85d1e8c2c6397b9
Opcode Fuzzy Hash: eed2a05cbce12fadd321d6b4bf1b22b6552f9bed52d6767db783f2d4e0afb55c
Instruction Fuzzy Hash: 33915B74A002049FDB25DBA8D484AADBBF2FF88314F148569E906DB365DB35EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015D6CDC Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15b5a616f19b4cfcd7f28f4c1977237fa37c3e0510b2dc5a53f0a99b4edaf5eb
Instruction ID: 93f537e415e17e6f3fcc88c7e324d9488ae9b3738da8dc51aa8fa135f13665db
Opcode Fuzzy Hash: 15b5a616f19b4cfcd7f28f4c1977237fa37c3e0510b2dc5a53f0a99b4edaf5eb
Instruction Fuzzy Hash: F2511275D002188FDB28DFADD884B9EBBB1FF48300F14852AD819BB355D774A885CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015D6CE8 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fb2e1076060b2d5bca75b2d7b510cdb5e7c7e8a7775a4f246ca81eecd7ca536
Instruction ID: 7c005abd9906de18ec505e370167bf4e3fab5fd0af4da6000f53dfeb3c0f8d15
Opcode Fuzzy Hash: 2fb2e1076060b2d5bca75b2d7b510cdb5e7c7e8a7775a4f246ca81eecd7ca536
Instruction Fuzzy Hash: 7C510371D002188FDB28DFADD884B9EBBB1FF48310F148529E815AB355D774A885CF95

Uniqueness

Uniqueness Score: -1.00%

Function 015D112A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 429d15c6bd48dda9e86d4471bb85a0a718cc6574657349273a9c7a00d04d3b42
Instruction ID: e6e776f042422e6fa97b31910bc0e1eb50fefc7a3ce0aa0502d399060a19bb21
Opcode Fuzzy Hash: 429d15c6bd48dda9e86d4471bb85a0a718cc6574657349273a9c7a00d04d3b42
Instruction Fuzzy Hash: 7F512774D113458FD719DB2EFA82A483B76EB5B30134481A8D4424B337EAB86CE5CF92

Uniqueness

Uniqueness Score: -1.00%

Function 015D5098 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0d3d875758884e4082859e45c60f301b2faa0aeb36fb3616da58584cf161d10
Instruction ID: 29d33263ca985777ef716342fd062f9394c2b730522afc7e8a6b7656a2f1ce38
Opcode Fuzzy Hash: d0d3d875758884e4082859e45c60f301b2faa0aeb36fb3616da58584cf161d10
Instruction Fuzzy Hash: AE412834A00206CFDB25EB78D5546AD7BF1BF89245F2004A8D502AB3A1EB769C41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015D1138 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3905b7d88f0c7654544d2bc9716f53a5b0f96d6e759ec55f0fbeeb0f12618282
Instruction ID: 42df60abb6b2123f9f5037569b1c5f83fff9c9695e7d800ed8eb95937df61b47
Opcode Fuzzy Hash: 3905b7d88f0c7654544d2bc9716f53a5b0f96d6e759ec55f0fbeeb0f12618282
Instruction Fuzzy Hash: D9510774D113458FD709DB2EFA82A483B76EB5B30134481A8D4424B337EAB86DE5CF92

Uniqueness

Uniqueness Score: -1.00%

Function 015DF2C0 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 924ffb10067247cc0cf436c6923bce1693b30b39389c72f600b1895f97eed302
Instruction ID: c4c2ca51e67806eef804aed3d71b8ce9f5a16b1857bde2048f3d33081129a74e
Opcode Fuzzy Hash: 924ffb10067247cc0cf436c6923bce1693b30b39389c72f600b1895f97eed302
Instruction Fuzzy Hash: B2316175E102059BDB29CF69D89469EBBB2FF89300F50852AE806EB355DF71EC42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 015D1878 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3ef09c09bfd655898b8737a444d434a0d5fa588138b16b2fbe16e1138a03edf
Instruction ID: 30863ff36bfab8c42fd77318618504623412310c4d65386c1235784a82e4d740
Opcode Fuzzy Hash: c3ef09c09bfd655898b8737a444d434a0d5fa588138b16b2fbe16e1138a03edf
Instruction Fuzzy Hash: 2B31BC71B046458FEB26DB7CD5957AD3BB1BF49205F1004A9D106EF3A2EB358C81CB61

Uniqueness

Uniqueness Score: -1.00%

Function 015D26DE Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83604156a9d87a95736856b95bf460810b70574161ac4a9ee86390d0dae2153f
Instruction ID: 0668ac2a000d34a07253385d74825fe8cfd39debbdeb2e960692dc4918c09d19
Opcode Fuzzy Hash: 83604156a9d87a95736856b95bf460810b70574161ac4a9ee86390d0dae2153f
Instruction Fuzzy Hash: D441E0B4D003489FEB24CFA9C984B9EBBF5BF48310F148429E809AB254DB759946CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015DF2D0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c2b2e82e4fa9a3f63fd8e96884d7591c4b5929de848e588335e2dfd16ee86f7
Instruction ID: edecdbd559bddfba9a14643bbce76732e7f8f921bcc44611aba8cf1c1e7b1340
Opcode Fuzzy Hash: 6c2b2e82e4fa9a3f63fd8e96884d7591c4b5929de848e588335e2dfd16ee86f7
Instruction Fuzzy Hash: 7A314F74E102099BDB29CFA9D49469EBBB2FF89300F11851AE806EB355DF70EC42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 015D26E8 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8fecbd837401bda013838c98ba352f4b59c7f64ece2cb16623a21be5a6983bd
Instruction ID: e84516bdcdc1fa53da23725614969e8c3ad457596983ebb724b7d27b2c5fc1cf
Opcode Fuzzy Hash: e8fecbd837401bda013838c98ba352f4b59c7f64ece2cb16623a21be5a6983bd
Instruction Fuzzy Hash: 7541DFB0D00348DFDB24DFA9C584ADEBBF5FF48310F248429E819AB254DB75A946CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015D50A8 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb56ffe21ec786b7493249bed91a8c343d3ede5629ec2586dd3247a44c38b9d
Instruction ID: 08f8b2e324ea9acded721db1f911766d1a83a8d61c2cc0b7bee576fbf67ad01d
Opcode Fuzzy Hash: 1cb56ffe21ec786b7493249bed91a8c343d3ede5629ec2586dd3247a44c38b9d
Instruction Fuzzy Hash: E1312B34B00619CFEB29EB7CC5546AD77F2BF8D245F1004A8D541AB3A4EB769C41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015D9251 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79611416a2d1e1a9bb5c1cfed6b700cbc7d3f4719cee1625e6f5a5ba3057d390
Instruction ID: bd600b79f59da994b792c70c8393ba0b3ce55df718a1280e82b23570581b36ee
Opcode Fuzzy Hash: 79611416a2d1e1a9bb5c1cfed6b700cbc7d3f4719cee1625e6f5a5ba3057d390
Instruction Fuzzy Hash: 51317F71E102099BDB25CFADD88479EFBB2FF89304F148619E805AB255EB719841CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015D9260 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6ef089c2ca92351d8e0ed37f3192e8efa3dc7f4e7fb4848b41b089c1664b9c9
Instruction ID: 3b56e29360e593b1f258e3fc470566c21af9b60d47c01f2c378fd7985f45cbad
Opcode Fuzzy Hash: b6ef089c2ca92351d8e0ed37f3192e8efa3dc7f4e7fb4848b41b089c1664b9c9
Instruction Fuzzy Hash: 35214D70E102099BDB25CFADD48069EFBB2FF89304F548619E805AB255DB719885CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015D16A0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a68d2e16349b895d1600dc48ac749ad3323101dd9ad512574ee6ef668f50ce80
Instruction ID: b9ccd86f273ab89a05e6c201fb7860346fd87a2ac94da682e4852ce34b014dd7
Opcode Fuzzy Hash: a68d2e16349b895d1600dc48ac749ad3323101dd9ad512574ee6ef668f50ce80
Instruction Fuzzy Hash: 8821AF74A106044BEB25DB6DE88472D3B69FB46301F514A24E846CF267EA78DCC0CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 015D9150 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b53c76b7f0a43ec704b8c2daaca8c4b310822a85bb59fd471758601bfa7134c9
Instruction ID: d77b8bf096bf5a8ed6b46df5fd990fe2afee89278d6621080c70ea40bca5bf1f
Opcode Fuzzy Hash: b53c76b7f0a43ec704b8c2daaca8c4b310822a85bb59fd471758601bfa7134c9
Instruction Fuzzy Hash: 8C218334E002098BDB19CFA8D44469EFBB2FF89304F10852AE815FB351DB71D945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 015D4F88 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01ba8f97e00338bd8567edbf403ba45877771657b8f7b413c7696af7d41b2a3c
Instruction ID: 465924080bee1d2ab2372961530ca49f4402ffcee9c0d31950eddc0d5e69beab
Opcode Fuzzy Hash: 01ba8f97e00338bd8567edbf403ba45877771657b8f7b413c7696af7d41b2a3c
Instruction Fuzzy Hash: 8F21F374A00205CFDB24DFA9D558AAE7BF1FB89204B1044A8E506EB3A5EA769D40CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0145D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2485428578.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_145d000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55dcb2fd72f4eea7411e933e9d27130f9da5a69a4371cf86f8f57342680b726e
Instruction ID: 5b0b3ec3dd1b0480c4e036b2d0a6555e76018eb9d2febc4dc5e17569d8c02394
Opcode Fuzzy Hash: 55dcb2fd72f4eea7411e933e9d27130f9da5a69a4371cf86f8f57342680b726e
Instruction Fuzzy Hash: 192100B1A04200DFDB55DF54D880B26BBA1EF84618F24C56EDD0A4B367C33AD847CA62

Uniqueness

Uniqueness Score: -1.00%

Function 015D1380 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d834055cf06f6581ff7354a0fe998321b0ba0e16cd4ead858970916d00679139
Instruction ID: 97fe43b36db642dfaa422d0bab6ae8f50cf5d804f4e2cb882cb6214878f3d4e2
Opcode Fuzzy Hash: d834055cf06f6581ff7354a0fe998321b0ba0e16cd4ead858970916d00679139
Instruction Fuzzy Hash: 45217CB4A046158BEB365B7DE4D532D3B61F702311F10096AE906CF292EE69CC85CB92

Uniqueness

Uniqueness Score: -1.00%

Function 015D9A28 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8686d22cef375dbd4de641bdc585b0e679397974f79339f6d398b1fd26195789
Instruction ID: 0a3926631ba27a2871676b216918eb0bb10929c72baceac774353ef1d688111c
Opcode Fuzzy Hash: 8686d22cef375dbd4de641bdc585b0e679397974f79339f6d398b1fd26195789
Instruction Fuzzy Hash: 8B216F72B101169FEB24DB6DC854BAE7BF6BF88714F148069E505EB3A4DAB1DC008B91

Uniqueness

Uniqueness Score: -1.00%

Function 015D9160 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36539a9950069a079cc19222f305c93a27d21487f45709038ca2fbb6625f7a74
Instruction ID: ed10cf65c37a12256c425cdb60d50660ff0ee948e974b09232b608c2df9dfb87
Opcode Fuzzy Hash: 36539a9950069a079cc19222f305c93a27d21487f45709038ca2fbb6625f7a74
Instruction Fuzzy Hash: A9218334E002099BCB29CFA9D44469EF7B2BF89304F50851AE815FB351DB71E941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 015D1888 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd7e1104d71a649a1216ddb94e164fdb5d10809dbdba47aa64bd37f349382d45
Instruction ID: 36aa8ee72f9940ca7e9779741ddf75717b0fa82f7a972fcd5adac57090a4cb29
Opcode Fuzzy Hash: dd7e1104d71a649a1216ddb94e164fdb5d10809dbdba47aa64bd37f349382d45
Instruction Fuzzy Hash: C7211930B00609CFEB25EB6CC5957AE77F2BF89245F100468D506EB350DB368D40CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 015D16B0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b35c64ac5a9dfddb1640700a0ddbcb24334a5d7c904bb0b007fb9c7298a3153
Instruction ID: e80b8791342e4fa5f450b5ed0a6903355e80a0f82dcd20c499a873e920c7afb7
Opcode Fuzzy Hash: 5b35c64ac5a9dfddb1640700a0ddbcb24334a5d7c904bb0b007fb9c7298a3153
Instruction Fuzzy Hash: 2D219074A102084BEF35DB6DE98472D3769FB46300F118A25E816CF266EA78DCD08FA1

Uniqueness

Uniqueness Score: -1.00%

Function 015D4F98 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb0a4a910d857b8087dbb4bb9223984f7e442a40697bc7f59c239ef29f500cff
Instruction ID: f2da9f23dbb4d3f24d7536e2a4ce0a5269ffebcb06abcbb265052664f4f6dd60
Opcode Fuzzy Hash: fb0a4a910d857b8087dbb4bb9223984f7e442a40697bc7f59c239ef29f500cff
Instruction Fuzzy Hash: 5B21E474B00205CFDB24EF79D558AAD77F1FF89204B2044A8E506EB3A5EB769D40CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 015D0838 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 859a9e18f75534445ce1e43db4ae6139f9551c67a0431f5e591f14bb32f0079d
Instruction ID: eb3f4cb351a71f1840ef02eab24907d08c67a1ebf905c2a7a2374cbdf33e1300
Opcode Fuzzy Hash: 859a9e18f75534445ce1e43db4ae6139f9551c67a0431f5e591f14bb32f0079d
Instruction Fuzzy Hash: 09118C30A403094BEF765A7DC80636D36A1FB82624F20892AF442CF2C2DA65CC858BD2

Uniqueness

Uniqueness Score: -1.00%

Function 0145D005 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2485428578.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_145d000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b94473c02430695b7a4514a999ae53825cb64c96b4b1997b3a632010a85b2bba
Instruction ID: df5f7bdabe4844775ee8290d6c5dd7803c58f87c282c498a73d35b39e9aa0aae
Opcode Fuzzy Hash: b94473c02430695b7a4514a999ae53825cb64c96b4b1997b3a632010a85b2bba
Instruction Fuzzy Hash: CB2171755083809FDB03CF64D994716BF71EF46214F28C5EAD8498F2A7C33A9806CB62

Uniqueness

Uniqueness Score: -1.00%

Function 015D0848 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a162795dbde39c93c6b0543555a85ef30f8837a0e500c265558e93c81b6f599
Instruction ID: 0d577204b8340d013d12a9702249c2260f142e41b61f4272db427bf23392e24e
Opcode Fuzzy Hash: 3a162795dbde39c93c6b0543555a85ef30f8837a0e500c265558e93c81b6f599
Instruction Fuzzy Hash: 4A115E30B003098BEF769B7EC44536D3695FB86624F208839F406CF2C2DA65CC858BD2

Uniqueness

Uniqueness Score: -1.00%

Function 015D17C0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b6e3f78780f7b1488ac17d716fc593f69f20edef750f82e85ce266f2ebf5da6
Instruction ID: 623b8cde3b2f0adb18a1dc24257ae77b0137dbe12cea46cf03a4c38280278717
Opcode Fuzzy Hash: 2b6e3f78780f7b1488ac17d716fc593f69f20edef750f82e85ce266f2ebf5da6
Instruction Fuzzy Hash: F6110EB6F007559FCB60AB7D984961E7FE4FB89250B000465E909D7300EA34C881CB96

Uniqueness

Uniqueness Score: -1.00%

Function 015D148A Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffbdc525714ec66e14c62b284dc24ed38d213cbdd1de7ebdebb21af5aaeab0bf
Instruction ID: 7ab849bd1195010b10add1248e0895783b346d770a33677873e05e02656b2b6c
Opcode Fuzzy Hash: ffbdc525714ec66e14c62b284dc24ed38d213cbdd1de7ebdebb21af5aaeab0bf
Instruction Fuzzy Hash: 23113C35A016168BCF35AFBC959029E7BF5FF88251F2404BAD805EB241E735C8418BD5

Uniqueness

Uniqueness Score: -1.00%

Function 015D1498 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed37aea5ec60d3d73c0ed48bb9865419bdeaa8a0e0515d0ac567486dcc9b274
Instruction ID: 74d38f564fd01e3324ded6c0fac53c40e3d57033d4630e17eb3876ac2992d455
Opcode Fuzzy Hash: 9ed37aea5ec60d3d73c0ed48bb9865419bdeaa8a0e0515d0ac567486dcc9b274
Instruction Fuzzy Hash: 35014031A016169BCF35EFBC95901AE7BF6FB88251F2404BAD805EB341E736C8418BD5

Uniqueness

Uniqueness Score: -1.00%

Function 015D9890 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45881a5b90e4863c1db91a53d84c4119f3de77a2422f7ecc71828123b28254c7
Instruction ID: 91dcdbb718a4881332ea45bd2eb612432a6fcd6b05b73a2719836ddc186e5b60
Opcode Fuzzy Hash: 45881a5b90e4863c1db91a53d84c4119f3de77a2422f7ecc71828123b28254c7
Instruction Fuzzy Hash: EE012870A002058BDB10DF59D884B8EBBB6FF85310F54C164C84C1F299DBB0ED45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 015D1524 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a8e22950278639603787830f3ea5f5469568bd270a9d2d00c2d1639481a35e3
Instruction ID: 05e84b6c19c26672c62844f9301e6c4b0f803ff34074c380dfa1acc12fd3c67f
Opcode Fuzzy Hash: 7a8e22950278639603787830f3ea5f5469568bd270a9d2d00c2d1639481a35e3
Instruction Fuzzy Hash: 87F0F036A04611CBDB328BAC94D01ACBFB1FAA91217AC40D7D802DF241E329D882CB51

Uniqueness

Uniqueness Score: -1.00%

Function 015D80F1 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4056b622a7438e94fc9d2bf2a9a52a7bd66e4e6486db80254305c15d530b6d93
Instruction ID: 519aeee42f4561bb76249303bb65fb324c51f00e181ae9b6016e374a561a4796
Opcode Fuzzy Hash: 4056b622a7438e94fc9d2bf2a9a52a7bd66e4e6486db80254305c15d530b6d93
Instruction Fuzzy Hash: 6A0126F09103498FEB06DBA9E84078C7F71EF42300B9487ECC4115B296DE756D81CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 015D7090 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ec8590431a1793c54b8c2b9fac333268a3578623745770dfa3ebf4d0a0e5a36
Instruction ID: a6bedcb954321825524ad29d310d9b40d9d4ae8b575ae10751ad997ace0516c3
Opcode Fuzzy Hash: 1ec8590431a1793c54b8c2b9fac333268a3578623745770dfa3ebf4d0a0e5a36
Instruction Fuzzy Hash: 67F0B239B40208CFC718DB68D5A8B6C7BB2FF88315F5144A8E5069B3A4DB35AD42CB40

Uniqueness

Uniqueness Score: -1.00%

Function 015D8100 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2486285523.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15d0000_Documents of shipment 3-2024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c12ceaf97fab3bca8df7c89bdbb86aeb2476ecbbad2c0cfc0c36146939a2e548
Instruction ID: c9868b5999c0b373350d353f0630b2eb4cbd93a009d5674876df31407165342a
Opcode Fuzzy Hash: c12ceaf97fab3bca8df7c89bdbb86aeb2476ecbbad2c0cfc0c36146939a2e548
Instruction Fuzzy Hash: 17F0AFF0E1020C9FDB04EFB9F88078C7BB5EB84700F9086A8C40597259EE706E94CBA1

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Documents of shipment 3-2024.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Documents of shipment 3-2024.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
Documents of shipment 3-2024.exe

Function 08782220 Relevance: 5.6, Strings: 4, Instructions: 564
COMMON

Function 02287330 Relevance: 4.7, Strings: 3, Instructions: 962
COMMON

Function 02287326 Relevance: 2.8, Strings: 2, Instructions: 331
COMMON

Function 0228736A Relevance: 2.8, Strings: 2, Instructions: 323
COMMON

Function 08781B4A Relevance: 5.2, Strings: 4, Instructions: 216
COMMON

Function 08781BB1 Relevance: 2.7, Strings: 2, Instructions: 200
COMMON

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre