Edit tour

Windows Analysis Report
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Overview

General Information

Sample name:	07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Analysis ID:	1465250
MD5:	9e849d8e3b0b04bc6a5962972e56e62a
SHA1:	c9b60072e3690d47df4b1814f71b03110f775abc
SHA256:	812e0c9b8511b090c461252ef56cae8c19b78acb964f240e45c840cee578846b
Tags:	exe
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

LummaC encrypted strings found

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

Program does not show much activity (idle)

Uses 32bit PE files

Classification

Process Tree

System is w10x64

07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe (PID: 3648 cmdline: "C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe" MD5: 9E849D8E3B0B04BC6A5962972E56E62A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://darktrace.com/blog/the-rise-of-the-lumma-info-stealer https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["pedestriankodwu.xyz", "towerxxuytwi.xyzd", "ellaboratepwsz.xyzu", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "potterryisiw.shop"], "Build id": "H8NgCl--default2806"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.binstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Avira: detected

Antivirus detection for URL or domain

Source: contintnetksows.shop	Avira URL Cloud: Label: malware
Source: potterryisiw.shop	Avira URL Cloud: Label: malware
Source: swellfrrgwwos.xyz	Avira URL Cloud: Label: malware
Source: penetratedpoopp.xyz	Avira URL Cloud: Label: malware
Source: foodypannyjsud.shop	Avira URL Cloud: Label: malware
Source: pedestriankodwu.xyz	Avira URL Cloud: Label: malware

Found malware configuration

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Malware Configuration Extractor: LummaC {"C2 url": ["pedestriankodwu.xyz", "towerxxuytwi.xyzd", "ellaboratepwsz.xyzu", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "potterryisiw.shop"], "Build id": "H8NgCl--default2806"}

Multi AV Scanner detection for submitted file

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Virustotal: Detection: 47%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 92.0% probability

Machine Learning detection for sample

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: pedestriankodwu.xyz
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: towerxxuytwi.xyzd
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: ellaboratepwsz.xyzu
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: penetratedpoopp.xyz
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: swellfrrgwwos.xyz
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: contintnetksows.shop
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: foodypannyjsud.shop
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: potterryisiw.shop
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: potterryisiw.shop
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: lid=%s&j=%s&ver=4.0
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: TeslaBrowser/5.5
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: - Screen Resoluton:
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: - Physical Installed Memory:
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: Workgroup: -
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	String decryptor: H8NgCl--default2806

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then jmp ecx	0_2_0047B00A
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov ecx, dword ptr [esp+14h]	0_2_004580AA
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov ebx, eax	0_2_004641DE
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then cmp byte ptr [esi+eax+01h], 00000000h	0_2_004641DE
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00479270
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00479270
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov ecx, dword ptr [esp+08h]	0_2_004612D0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 11081610h	0_2_004612D0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then cmp word ptr [esi+eax], 0000h	0_2_00465350
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov edx, ecx	0_2_004483F0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov word ptr [ecx+eax*4], bx	0_2_004483F0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then jmp eax	0_2_0045343E
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then push edi	0_2_00466483
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then jmp esi	0_2_0047C4BB
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then jmp esi	0_2_0047C5C0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov ecx, dword ptr [esp+08h]	0_2_00456637
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then jmp ecx	0_2_0047B776
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then jmp esi	0_2_0047C7C0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then jmp esi	0_2_0047C8C0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00453940
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov ecx, dword ptr [esp+08h]	0_2_00463976
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then jmp ecx	0_2_00463976
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0045B990
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	0_2_0044EA70
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00466A10
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00465A2A
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then inc ebx	0_2_00456AD0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 3BEBD150h	0_2_00476AD2
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov edx, dword ptr [esp+00000A90h]	0_2_0045FAE0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov byte ptr [ecx], al	0_2_00468A88
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then cmp word ptr [esi+ebx], 0000h	0_2_0045BB40
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00473BF0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov eax, dword ptr [00489828h]	0_2_0047AC04
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00478C80
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov eax, dword ptr [edi+0Ch]	0_2_00442D60
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00453D71
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov eax, edi	0_2_00462E75
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then jmp edx	0_2_00461EB0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov byte ptr [ecx], al	0_2_00468F65
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov ecx, dword ptr [esp+000000F4h]	0_2_00464F10
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then cmp word ptr [esi+eax], 0000h	0_2_00464F10
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 4x nop then mov edx, dword ptr [esp+18h]	0_2_0044FF30

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: pedestriankodwu.xyz
Source: Malware configuration extractor	URLs: towerxxuytwi.xyzd
Source: Malware configuration extractor	URLs: ellaboratepwsz.xyzu
Source: Malware configuration extractor	URLs: penetratedpoopp.xyz
Source: Malware configuration extractor	URLs: swellfrrgwwos.xyz
Source: Malware configuration extractor	URLs: contintnetksows.shop
Source: Malware configuration extractor	URLs: foodypannyjsud.shop
Source: Malware configuration extractor	URLs: potterryisiw.shop
Source: Malware configuration extractor	URLs: potterryisiw.shop

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Code function: 0_2_00470CF0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

0_2_00470CF0

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Code function: 0_2_00470CF0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

0_2_00470CF0

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Code function: 0_2_00470F10 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

0_2_00470F10

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00449060	0_2_00449060
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00441000	0_2_00441000
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00476120	0_2_00476120
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_004641DE	0_2_004641DE
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_004611E6	0_2_004611E6
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0047E1E0	0_2_0047E1E0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00479270	0_2_00479270
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0045E2CE	0_2_0045E2CE
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_004483F0	0_2_004483F0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0047C4BB	0_2_0047C4BB
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00462569	0_2_00462569
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0047E510	0_2_0047E510
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0047C5C0	0_2_0047C5C0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_004435E0	0_2_004435E0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00457592	0_2_00457592
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0046166A	0_2_0046166A
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00446770	0_2_00446770
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0047C7C0	0_2_0047C7C0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_004627B0	0_2_004627B0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0047C8C0	0_2_0047C8C0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_004588EE	0_2_004588EE
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00463976	0_2_00463976
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00443990	0_2_00443990
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0047CA00	0_2_0047CA00
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00457AC5	0_2_00457AC5
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00466CC0	0_2_00466CC0
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00441CDA	0_2_00441CDA
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00441CA4	0_2_00441CA4
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00446D40	0_2_00446D40
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0047CD60	0_2_0047CD60
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0044FD90	0_2_0044FD90
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00444E70	0_2_00444E70
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00462EE3	0_2_00462EE3
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00462F52	0_2_00462F52
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00461F5A	0_2_00461F5A
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_0045EF39	0_2_0045EF39
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: 0_2_00442FA0	0_2_00442FA0

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: String function: 00448E40 appears 47 times
Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	Code function: String function: 004495C0 appears 197 times

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Code function: 0_2_0046F339 CoCreateInstance,

0_2_0046F339

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Virustotal: Detection: 47%

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

File read: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Jump to behavior

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Section loaded: apphelp.dll

Jump to behavior

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

API call chain: ExitProcess graph end node

graph_0-11558

Source: C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Code function: 0_2_0047AAC0 LdrInitializeThunk,

0_2_0047AAC0

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe, 00000000.00000002.3255981248.0000000000877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: pedestriankodwu.xyz
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe, 00000000.00000002.3255981248.0000000000877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: towerxxuytwi.xyzd
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe, 00000000.00000002.3255981248.0000000000877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ellaboratepwsz.xyzu
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe, 00000000.00000002.3255981248.0000000000877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: penetratedpoopp.xyz
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe, 00000000.00000002.3255981248.0000000000877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: swellfrrgwwos.xyz
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe, 00000000.00000002.3255981248.0000000000877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: contintnetksows.shop
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe, 00000000.00000002.3255981248.0000000000877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: foodypannyjsud.shop
Source: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe, 00000000.00000002.3255981248.0000000000877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: potterryisiw.shop

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.binstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.binstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 PowerShell	1 DLL Side-Loading	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	OS Credential Dumping	2 System Information Discovery	Remote Services	1 Screen Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 DLL Side-Loading	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	2 Clipboard Data	Steganography	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	47%	Virustotal		Browse
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	100%	Avira	TR/Crypt.XPACK.Gen
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
contintnetksows.shop	100%	Avira URL Cloud	malware
potterryisiw.shop	100%	Avira URL Cloud	malware
ellaboratepwsz.xyzu	0%	Avira URL Cloud	safe
swellfrrgwwos.xyz	100%	Avira URL Cloud	malware
penetratedpoopp.xyz	100%	Avira URL Cloud	malware
towerxxuytwi.xyzd	0%	Avira URL Cloud	safe
foodypannyjsud.shop	100%	Avira URL Cloud	malware
swellfrrgwwos.xyz	1%	Virustotal		Browse
pedestriankodwu.xyz	100%	Avira URL Cloud	malware
penetratedpoopp.xyz	1%	Virustotal		Browse
potterryisiw.shop	2%	Virustotal		Browse
contintnetksows.shop	2%	Virustotal		Browse
foodypannyjsud.shop	2%	Virustotal		Browse
pedestriankodwu.xyz	1%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
contintnetksows.shop	true	2%, Virustotal, Browse Avira URL Cloud: malware	unknown
ellaboratepwsz.xyzu	true	Avira URL Cloud: safe	unknown
potterryisiw.shop	true	2%, Virustotal, Browse Avira URL Cloud: malware	unknown
penetratedpoopp.xyz	true	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
swellfrrgwwos.xyz	true	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
towerxxuytwi.xyzd	true	Avira URL Cloud: safe	unknown
foodypannyjsud.shop	true	2%, Virustotal, Browse Avira URL Cloud: malware	unknown
pedestriankodwu.xyz	true	1%, Virustotal, Browse Avira URL Cloud: malware	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1465250
Start date and time:	2024-07-01 13:35:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 6 Number of non-executed functions: 68
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.738191857145214
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
File size:	321'536 bytes
MD5:	9e849d8e3b0b04bc6a5962972e56e62a
SHA1:	c9b60072e3690d47df4b1814f71b03110f775abc
SHA256:	812e0c9b8511b090c461252ef56cae8c19b78acb964f240e45c840cee578846b
SHA512:	05f624c2d48e1882a3b0a9d4cf20cfdb50b02d39631fdf541e41c5e23dfddeaf1ed99ba040f21f85929df5e480e4fb5ca349cc3c1e40539d32273eec6b3cab17
SSDEEP:	6144:NCsnEQr45Da+ugYRcQJguqQ2nCwZHhlCEEeyTVEfD+Av:N/EQKD/ugtuTgXHhlcey5EfD+m
TLSH:	2D647E16EB3310B2DC4A5AB5356FB33F9A282B0353284ED7D790DB8179536E2D076E06
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...lt.f............................0.............@.......................................@.....................................x..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x409530
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6680746C [Sat Jun 29 20:54:04 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	f2d1ff9066968d0e68e4ab46b6423073

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push esi
call 00007F8771380DACh
sub esp, 00000100h
mov esi, esp
call 00007F87713B14FFh
test al, 01h
jne 00007F8771380D24h
jmp 00007F8771380D63h
call 00007F87713AB454h
test al, 01h
jne 00007F8771380D24h
jmp 00007F8771380D51h
call 00007F8771381D49h
test al, 01h
jne 00007F8771380D24h
jmp 00007F8771380D44h
lea eax, dword ptr [00440E7Ah]
sub esp, 08h
mov dword ptr [esp], esi
mov dword ptr [esp+04h], eax
call 00007F8771380D4Eh
add esp, 08h
call 00007F87713876D6h
call 00007F8771383BE1h
jmp 00007F8771380D22h
call 00007F87713B1FDAh
jmp 00007F8771380D22h
xor eax, eax
sub esp, 04h
mov dword ptr [esp], 00000000h
call dword ptr [004417D4h]
int3
mov ecx, dword ptr [esp+08h]
mov eax, dword ptr [esp+04h]
movzx edx, byte ptr [ecx]
test dl, dl
je 00007F8771380D2Eh
inc ecx
mov byte ptr [eax], dl
inc eax
movzx edx, byte ptr [ecx]
inc ecx
test dl, dl
jne 00007F8771380D17h
mov byte ptr [eax], 00000000h
ret
int3
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push ebx
push edi
push esi
mov esi, ecx
movzx edx, byte ptr [esp+10h]
lea edi, dword ptr [ecx+04h]
lea ebx, dword ptr [ecx+10h]
xor eax, eax
mov ecx, 00000018h
rep stosd
mov byte ptr [esi], dl
mov dword ptr [esi+08h], 00000009h
push 00000400h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x416bf	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x54000	0x534c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x417d4	0x9c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3db4a	0x3dc00	a269af36a5cd5fe84a7e9db256be53f7	False	0.5173685792004049	data	6.467609726093939	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x3f000	0x2aa7	0x2c00	6b7e3ac32b0caaacfe1f6b48af42e177	False	0.5174005681818182	data	6.716194156789283	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x42000	0x11ac8	0x8800	c12b6fff651270057df44c6d2e89b350	False	0.58837890625	data	6.702880927749475	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x54000	0x534c	0x5400	481261ae1885b389074e01be7cc8a7e6	False	0.46065848214285715	data	6.478269550039831	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
KERNEL32.dll	ExitProcess, GetCurrentProcessId, GetCurrentThreadId, GetLogicalDrives, GetProcessVersion, GetSystemDirectoryW, GlobalLock, GlobalUnlock
OLEAUT32.dll	SysAllocString, SysFreeString, SysStringLen, VariantClear, VariantInit
ole32.dll	CoCreateInstance, CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize
USER32.dll	CloseClipboard, GetClipboardData, GetDC, GetSystemMetrics, GetWindowLongW, OpenClipboard, ReleaseDC
GDI32.dll	BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, DeleteObject, GetCurrentObject, GetDIBits, GetObjectW, SelectObject

Network Behavior

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 1, 2024 13:36:37.919684887 CEST	53	52616	162.159.36.2	192.168.2.5
Jul 1, 2024 13:36:38.513366938 CEST	53	63110	1.1.1.1	192.168.2.5

Target ID:	0
Start time:	07:35:51
Start date:	01/07/2024
Path:	C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe"
Imagebase:	0x440000
File size:	321'536 bytes
MD5 hash:	9E849D8E3B0B04BC6A5962972E56E62A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exePID: 3648, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	1.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	19.7%
Total number of Nodes:	61
Total number of Limit Nodes:	4

Executed Functions

Function 0047AAC0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(0047D6BC,005C003F,00000006,?,?,00000018,/.! ,?,ZsE), ref: 0047AAE6

Strings

/.! , xrefs: 0047AAD4

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID: InitializeThunk
String ID: /.!
API String ID: 2994545307-1547124405
Opcode ID: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
Instruction ID: 9a2a3e30e6272c7ba4599b7d5b49d8b1df743313db24dc7d28a19b0c9381744b
Opcode Fuzzy Hash: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
Instruction Fuzzy Hash: 82D04875908216AB9A09CF44C54040EFBE6BFC4714F228C8EA88873214C3B0BD46EB82

Function 0047B00A Relevance: .1, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aadba47e8cc6b09b7c2fd64fb592ee659fc07f29f1350e05aed0e5515d3a8cb
Instruction ID: 7739604efb1b9b564cb2c453ff48ed53fff6694171743b63e41436a149daf615
Opcode Fuzzy Hash: 1aadba47e8cc6b09b7c2fd64fb592ee659fc07f29f1350e05aed0e5515d3a8cb
Instruction Fuzzy Hash: E3217C702083458FD308CF15C894B6BB7E1EBC5308F68C92DE4A997791D339D80ACB9A

Function 00449530 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32 ref: 00449599

Strings

system or character via spellings glyphs a is uses that in their modified other on often reflection or resemblance on it leetspeak, used similarity internet. play eleet the of the replacements of primarily ways, xrefs: 00449562

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID: ExitProcess
String ID: system or character via spellings glyphs a is uses that in their modified other on often reflection or resemblance on it leetspeak, used similarity internet. play eleet the of the replacements of primarily ways
API String ID: 621844428-780655312
Opcode ID: 9646ff5a38ab89ef4b173a20a94cef852973af2d953f6fd570c4d0aceae168e2
Instruction ID: 98a4c7da4928f992728cc6a3fc17c7cdc20fb42e561f2726ea755bb1d0826434
Opcode Fuzzy Hash: 9646ff5a38ab89ef4b173a20a94cef852973af2d953f6fd570c4d0aceae168e2
Instruction Fuzzy Hash: CEF0897281451075F7527BB696072AF36A85E5135CF704C2FED8541102EA3C4D2AB7AF

Function 0047A71C Relevance: 1.6, APIs: 1, Instructions: 70
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(?,00000000,00000800), ref: 0047A7C1

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 675e56c2b209447c9f80ad984393c57386a5325148bda688ccb38fa9042d10f0
Instruction ID: 441dad1b6023ac32e64b296a72e745f138424dc28f1a32ecfa13c474f03700f8
Opcode Fuzzy Hash: 675e56c2b209447c9f80ad984393c57386a5325148bda688ccb38fa9042d10f0
Instruction Fuzzy Hash: CF21AF712006429FD328CF19C8A0A6AB7F2FF94300B29CA1DD09687B45CB34F865CBC8

Function 00478800 Relevance: 1.6, APIs: 1, Instructions: 58
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 0047889F

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 5a9fe6ab994589d84b9fa7f162be9d7f9f8a349370f1c327af04ffed0fe9ce9f
Instruction ID: c29e0d25d252e41d440cd2acfefab7f0332cd8cbc2d26192123e95230e05c103
Opcode Fuzzy Hash: 5a9fe6ab994589d84b9fa7f162be9d7f9f8a349370f1c327af04ffed0fe9ce9f
Instruction Fuzzy Hash: 9911AC366082028FD304EF18C855B9ABBF5EB85718F08892CE0D8C73A1D779E855CB86

Function 0047A100 Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDrives.KERNELBASE ref: 0047A100

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID: DrivesLogical
String ID:
API String ID: 999431828-0
Opcode ID: ff7ea0f2d5bf48e714e19c41026e99b9eb4e5c57ea01a7583d20d4a21c154a56
Instruction ID: 393c07dba49ff28ccdb9d5437d72d33109981ebe09b52222446c55b5a992de83
Opcode Fuzzy Hash: ff7ea0f2d5bf48e714e19c41026e99b9eb4e5c57ea01a7583d20d4a21c154a56
Instruction Fuzzy Hash: F7E065B9600601CFC324DF60E88292AB7E5FB4D304318693ED986D7741D634E806CF48

Non-executed Functions

Function 0045E2CE Relevance: 18.6, APIs: 1, Strings: 9, Instructions: 1114COMMON

Download Yara Rule

Strings

rE, xrefs: 0045EE5F
1=3!1u& : $<, xrefs: 0045E55C
1u& , xrefs: 0045E452
"E, xrefs: 0045E91A
1=3!, xrefs: 0045E459
RE, xrefs: 0045EC42
E, xrefs: 0045EBCF
: $<, xrefs: 0045E44B
|!;%, xrefs: 0045E460

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: "E$1=3!$1=3!1u& : $<$1u& $: $<$RE$rE$|!;%$E
API String ID: 0-1792451172
Opcode ID: c290c794502c2d96cf0b89a705b473fab1808fdfc0a5b255e4b6a7bea3078ae2
Instruction ID: 0ab74bf6636766f3a1daeea044c3ce3b866fff2497395ae50a549a7b7cef691b
Opcode Fuzzy Hash: c290c794502c2d96cf0b89a705b473fab1808fdfc0a5b255e4b6a7bea3078ae2
Instruction Fuzzy Hash: CC827A75200B01CFD328CF29D890A26B7F2FF89315B148A6DD8968BBA2D735F855CB54

Function 00470F10 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00470F5A
GetSystemMetrics.USER32 ref: 00470F6D
DeleteObject.GDI32 ref: 00470FD7
SelectObject.GDI32 ref: 00471029
SelectObject.GDI32 ref: 0047109C
DeleteObject.GDI32 ref: 004710D6

Strings

, xrefs: 0047106B

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID: Object$DeleteMetricsSelectSystem
String ID:
API String ID: 3911056724-3916222277
Opcode ID: a2f3df12b08514bc45128cf354f9b71483853103ae9844ad7dca362b89df01a5
Instruction ID: 8b522d7c400b58f0d4125dc8bdc5b88aacf89b3a640f38455752a75dc8569602
Opcode Fuzzy Hash: a2f3df12b08514bc45128cf354f9b71483853103ae9844ad7dca362b89df01a5
Instruction Fuzzy Hash: 32A14EB45093848FD360EF24C58979FBBF0BB86348F518D2EE4899B350DBB99448CB46

Function 0044FF30 Relevance: 10.3, Strings: 8, Instructions: 270COMMON

Download Yara Rule

Strings

1$%8, xrefs: 0044FFFD
9/cS, xrefs: 00450013
)(8p, xrefs: 0045006E
$68, xrefs: 0044FFF2
:-*+, xrefs: 0045025D
<*-8, xrefs: 0044FFE7
?>~), xrefs: 00450008
)(8p, xrefs: 00450298

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: $68$)(8p$)(8p$1$%8$9/cS$:-*+$<*-8$?>~)
API String ID: 0-3981540983
Opcode ID: 7df5d81a33ce1a65d27b989a9b3b098aaec14019f7389f0f93acae703c7556a1
Instruction ID: d9a8cf6ad7ec24909513c2f207bfed146451b637be90ee28868beff63054bd24
Opcode Fuzzy Hash: 7df5d81a33ce1a65d27b989a9b3b098aaec14019f7389f0f93acae703c7556a1
Instruction Fuzzy Hash: 4CB1A8B050C3C08BD332CF25C49479BBBE5AFE6704F18494DD8C84B252C7759A89CBAA

Function 00470CF0 Relevance: 9.2, APIs: 6, Instructions: 179clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00470D4D
GetWindowLongW.USER32 ref: 00470D7A
GetClipboardData.USER32 ref: 00470D8C
CloseClipboard.USER32 ref: 00470EEE

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID: Clipboard$CloseDataLongOpenWindow
String ID:
API String ID: 1647500905-0
Opcode ID: afe8a3080eab49f03955f755bdb19b7fefe3b723d3e882b9669f3f10befacf15
Instruction ID: 97688e2a01fa6f50a787998112c45db028e442d152c6eed658b42132f847afc5
Opcode Fuzzy Hash: afe8a3080eab49f03955f755bdb19b7fefe3b723d3e882b9669f3f10befacf15
Instruction Fuzzy Hash: 9E717CB0509B41DFC320DF78C48566ABBE0AB06314F108A5EE4DA8B791D738F816DB97

Function 00457AC5 Relevance: 7.9, Strings: 6, Instructions: 383COMMON

Download Yara Rule

Strings

<39!, xrefs: 00457B75, 00457B38, 00457B79
40, xrefs: 00457AF1
Z, xrefs: 00457AF8
='8 , xrefs: 00457AE1
3>?0, xrefs: 00457AE9
!=;e, xrefs: 00457AD9

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: !=;e$3>?0$40$<39!$='8 $Z
API String ID: 0-2421123234
Opcode ID: 1a0d3265311b6d339fff1b4594cec15f126d9ff48012095255b32c67eba9e3dc
Instruction ID: c3113ae187b5b8f89537cb4f9292f2f25e0b71f74ea8e2adf67675242609b523
Opcode Fuzzy Hash: 1a0d3265311b6d339fff1b4594cec15f126d9ff48012095255b32c67eba9e3dc
Instruction Fuzzy Hash: E4B1BEB59083018BD704DF29D88166FBBE2EF89355F08492EF88997352E738DD05CB5A

Function 00463976 Relevance: 6.9, Strings: 5, Instructions: 640COMMON

Download Yara Rule

Strings

.A+C, xrefs: 00463994
<Y9[, xrefs: 00463A4E, 004639FE
#M*O, xrefs: 0046399C
de, xrefs: 004639D0
q, xrefs: 00463C96

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: #M*O$.A+C$<Y9[$de$q
API String ID: 0-2301291036
Opcode ID: d8161801e81705fb8f3220411401e800f1679df7eb751e012ded6a73e8e6579a
Instruction ID: fad145839bcbae00b1761427aef337d50b2efef5b611188d690842b4f78086aa
Opcode Fuzzy Hash: d8161801e81705fb8f3220411401e800f1679df7eb751e012ded6a73e8e6579a
Instruction Fuzzy Hash: 5D22CE71A083418FD724DF24C89072BB7E2AFC5314F15892DE89A8B391E739D945CB96

Function 004627B0 Relevance: 4.1, Strings: 3, Instructions: 369COMMON

Download Yara Rule

Strings

@#-P, xrefs: 00462BA6
Q&%R, xrefs: 00462B68
;w>#, xrefs: 00462B70

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID: InitializeThunk
String ID: ;w>#$@#-P$Q&%R
API String ID: 2994545307-1261166163
Opcode ID: cb71e9a7a67629f17fa57e66506ebe6b68c0338c73453feb26d62176a66cb3e7
Instruction ID: cbd5667dee5db0c49fca959997016f1e303ef5b287f09aa3853ef6c15bbf3a6e
Opcode Fuzzy Hash: cb71e9a7a67629f17fa57e66506ebe6b68c0338c73453feb26d62176a66cb3e7
Instruction Fuzzy Hash: 00C102B1A08702AFD714DF18C980B2BB7E1EF94704F18492EE5858B351E3B8D805CB9B

Function 0045EF39 Relevance: 4.1, Strings: 3, Instructions: 331COMMON

Download Yara Rule

Strings

rE, xrefs: 0045EE5F
1=3!1u& : $<, xrefs: 0045E55C
RE, xrefs: 0045EC42

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: 1=3!1u& : $<$RE$rE
API String ID: 0-1916992192
Opcode ID: 695194e3d3dd792aed3f2eb9d634b9c7a4abbb2475ef4a12c23eb81600b0a9d8
Instruction ID: 0a948dd0cd39e0582980d3e9b9f89a7edbc0352047fd5597a062a07d99de1f99
Opcode Fuzzy Hash: 695194e3d3dd792aed3f2eb9d634b9c7a4abbb2475ef4a12c23eb81600b0a9d8
Instruction Fuzzy Hash: F9B12875215A02CFD318CF29D890A2AB3F2FF89311B19897DD9568B7A1DB34F855CB04

Function 00464F10 Relevance: 3.1, Strings: 2, Instructions: 596COMMON

Download Yara Rule

Strings

2],_, xrefs: 00464F27
iQPS, xrefs: 00464F3F

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: 2],_$iQPS
API String ID: 0-2329992183
Opcode ID: 61ce0b8d75e0cbf4e593e26ec3ba9a540edeebffcdf0c8e2d4f1078f629d08da
Instruction ID: 4ad3e89960ccc80d4bbded50995a5cfbc805199ad441e90fbd8095c3d0288178
Opcode Fuzzy Hash: 61ce0b8d75e0cbf4e593e26ec3ba9a540edeebffcdf0c8e2d4f1078f629d08da
Instruction Fuzzy Hash: F72299716083518FD728CF18C8517ABB7E2FFC6318F044A2DE9999B381E7789905CB86

Function 00466CC0 Relevance: 3.0, Strings: 2, Instructions: 530COMMON

Download Yara Rule

Strings

", xrefs: 004671B3
", xrefs: 004671ED

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: "$"
API String ID: 0-3758156766
Opcode ID: 3623d21226751159d7434db5bd405db198b43bb3d7b93c1d1dc4ae6a4b720884
Instruction ID: cca4dcdb0221aa70748de2e8e33e9247d1079241bb241ca5533f648158b94a48
Opcode Fuzzy Hash: 3623d21226751159d7434db5bd405db198b43bb3d7b93c1d1dc4ae6a4b720884
Instruction Fuzzy Hash: AF02F2B2A083119FD714CF28C49065BB7E5ABC5318F198A2EE89987391E738DD45CBC7

Function 00468A88 Relevance: 3.0, Strings: 2, Instructions: 468COMMON

Download Yara Rule

Strings

AJ|2, xrefs: 004691C2
2PBd, xrefs: 004692DD

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: 2PBd$AJ|2
API String ID: 0-3533766608
Opcode ID: 2e1460c422832f9b8d45f36d547b0004cb1ee2c5b0680c7d7fc4575589b72f05
Instruction ID: 4f2c07a8d94d98b3ea730349597e85a2bd28842b4ab0167d447dbe97e33bc280
Opcode Fuzzy Hash: 2e1460c422832f9b8d45f36d547b0004cb1ee2c5b0680c7d7fc4575589b72f05
Instruction Fuzzy Hash: 56F19C70104B828BD365CF38C1947A3BBE1BF56308F58496ED4EB8BA82D779B805CB55

Function 00462EE3 Relevance: 2.9, Strings: 2, Instructions: 430COMMON

Download Yara Rule

Strings

"2F, xrefs: 0046321A
"3F, xrefs: 00463310

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: "2F$"3F
API String ID: 0-604166134
Opcode ID: 68f7b165d49458141e5dcdcb38fec878d9e914552508d0fceb595fcdacc71728
Instruction ID: 05c70be1eb6dbd906ebd345d52a71b01f44e4b271bee337816040f16c4f315d8
Opcode Fuzzy Hash: 68f7b165d49458141e5dcdcb38fec878d9e914552508d0fceb595fcdacc71728
Instruction Fuzzy Hash: FED12274604781CFD724CF29D490727B7E2BF4A305F0988AED4968B752E739E909CB1A

Function 00461F5A Relevance: 2.9, Strings: 2, Instructions: 422COMMON

Download Yara Rule

Strings

IW, xrefs: 00461FDF
EC, xrefs: 00461FC1

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: EC$IW
API String ID: 0-1948472782
Opcode ID: dd6a7e27e4bfc2f15233262dff4bd3612cc485bf76056dd9d263cf2bd6e9e265
Instruction ID: 186b32cc2b7e13f15e04d0b318c671ce2a6f8eaa772b6d673dd8e7c1c525d5d9
Opcode Fuzzy Hash: dd6a7e27e4bfc2f15233262dff4bd3612cc485bf76056dd9d263cf2bd6e9e265
Instruction Fuzzy Hash: 81F175B4210B00DFD7288F29D990B2BB7E1FF49308F54892DD59A8BB61DB78B841CB54

Function 00444E70 Relevance: 2.9, Strings: 2, Instructions: 420COMMON

Download Yara Rule

Strings

IEND, xrefs: 004452ED
), xrefs: 00444EFB

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: d4787e3a61de8db9d21696f8b511b3e1ee9aad120bec147c8b5f26bc0e2729ee
Instruction ID: 774d794ba2272d3e4aebd3ecc2090c842332e3ff5f4054071851223e4572583b
Opcode Fuzzy Hash: d4787e3a61de8db9d21696f8b511b3e1ee9aad120bec147c8b5f26bc0e2729ee
Instruction Fuzzy Hash: 86F1BD719083449FEB14DF28D85575B7BE0FB84308F14452EF99A9B382D778E909CB8A

Function 00462F52 Relevance: 2.9, Strings: 2, Instructions: 404COMMON

Download Yara Rule

Strings

"2F, xrefs: 0046321A
"3F, xrefs: 00463310

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: "2F$"3F
API String ID: 0-604166134
Opcode ID: aa24a4f0e623ed7b738988593317cd5e57428e2d93f255b779862ef190972609
Instruction ID: 2af6eaca1785359321940ac8bfa73307128565268676c34dcdaec0d83c63b4b8
Opcode Fuzzy Hash: aa24a4f0e623ed7b738988593317cd5e57428e2d93f255b779862ef190972609
Instruction Fuzzy Hash: 75C15574604781CFD724CF29D490727B7E2BF4A306F1888AED4968B742E739E909CB16

Function 00468F65 Relevance: 2.9, Strings: 2, Instructions: 396COMMON

Download Yara Rule

Strings

AJ|2, xrefs: 004691C2
2PBd, xrefs: 004692DD

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: 2PBd$AJ|2
API String ID: 0-3533766608
Opcode ID: 148579b3d8dfb54a6e2cb0922b4241748fa0c0d357793da714774f012c94d3d5
Instruction ID: 7fbd47b19f666d179fcececca700cf818dc00db197683e3fd04be5a9500013c7
Opcode Fuzzy Hash: 148579b3d8dfb54a6e2cb0922b4241748fa0c0d357793da714774f012c94d3d5
Instruction Fuzzy Hash: 0FD19C70104B828BD369CF39C1947A3BBE1BF56308F54496ED4EB8BB82D779A805CB15

Function 00441000 Relevance: 2.2, Strings: 1, Instructions: 909COMMON

Download Yara Rule

Strings

JJJJKRJJJJOLJJJJJJJJUE@JJJEYMFJ]JJJJJJJJJJJJJJacgNJJkmJJEmJJDEJJ, xrefs: 004413A2, 004413AF

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: JJJJKRJJJJOLJJJJJJJJUE@JJJEYMFJ]JJJJJJJJJJJJJJacgNJJkmJJEmJJDEJJ
API String ID: 0-2695270438
Opcode ID: 246d006db0bcf62be44f1b6c76356e82303a8227deca0ddb2ec90485567358a0
Instruction ID: 023ff910c250b0fa5f2e6b97cd2369d6f73ffe4df8aa1e154e9053dd94cdd9d1
Opcode Fuzzy Hash: 246d006db0bcf62be44f1b6c76356e82303a8227deca0ddb2ec90485567358a0
Instruction Fuzzy Hash: 8B62143A50C391CFD3008F39EA9035ABBE1FB8A311F498EBDD694432A1C3B89555DB95

Function 004641DE Relevance: 1.7, Strings: 1, Instructions: 405COMMON

Download Yara Rule

Strings

", xrefs: 0046436A

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 6bce227b02ed31c90131b1c07970227efec4d71797be62a181bc6b23f64f1db8
Instruction ID: 3c61535c9579a6013267f30085781d49ee4718a286aaec6ed01fb95ecf6b6385
Opcode Fuzzy Hash: 6bce227b02ed31c90131b1c07970227efec4d71797be62a181bc6b23f64f1db8
Instruction Fuzzy Hash: F4E129716083518FD7148F28D89072EBBE3AFDA320F194B6EE495873E1D7389D458B46

Function 00449060 Relevance: 1.6, Strings: 1, Instructions: 374COMMON

Download Yara Rule

Strings

-, xrefs: 00449153

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 3c9b8a775a25da7f6b21b7e6a20ba34c2714fe4017bb205836458728a161e585
Instruction ID: 6f7fbafb7f9d30723de239b2fc065aeaa791a21313862aff54ba1b8e007fabb1
Opcode Fuzzy Hash: 3c9b8a775a25da7f6b21b7e6a20ba34c2714fe4017bb205836458728a161e585
Instruction Fuzzy Hash: 66C13A32A0C7118BE7108E19C4502ABB7E3BBC5320F298A5ED8D567395D778AD06DBC5

Function 0047E1E0 Relevance: 1.6, Strings: 1, Instructions: 305COMMON

Download Yara Rule

Strings

/.! , xrefs: 0047E216

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: /.!
API String ID: 0-1547124405
Opcode ID: a5a5a37e8eee76d3f938eacf2866fba785d1a68eead7b9473519e9e626f56831
Instruction ID: 2f55e26eefc26218dd2b0de518f351bc5d71220a829877f4b5c9375ea72598e1
Opcode Fuzzy Hash: a5a5a37e8eee76d3f938eacf2866fba785d1a68eead7b9473519e9e626f56831
Instruction Fuzzy Hash: 9B91E3756043028FD724DF19C890AABB3E1FF88714F148A6DE9898B361D738EC11CB95

Function 0047E510 Relevance: 1.6, Strings: 1, Instructions: 302COMMON

Download Yara Rule

Strings

/.! , xrefs: 0047E546

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID: InitializeThunk
String ID: /.!
API String ID: 2994545307-1547124405
Opcode ID: dcf27538149b82bc3b69dd5b545166ff14827bfcc26e8db1ea799f6eeeefae26
Instruction ID: 12a3743322540293bdbfcf55c79fb6be4353eeeee0e72319baa5f97433bbada2
Opcode Fuzzy Hash: dcf27538149b82bc3b69dd5b545166ff14827bfcc26e8db1ea799f6eeeefae26
Instruction Fuzzy Hash: 80A157356043028BC728DF19C8906AFB3E1FF98714F198A6DE9999B391D734EC50CB96

Function 004588EE Relevance: 1.6, Strings: 1, Instructions: 300COMMON

Download Yara Rule

Strings

x, xrefs: 00458AF1

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: x
API String ID: 0-2363233923
Opcode ID: 6fe14d8cfd4d1fa67f4def671fe676c9270dccb44fc707f520b34c6646ba2f41
Instruction ID: b1f6ca722c66990151196c03db5cad2411a12e24343eee143460f9ca85748a16
Opcode Fuzzy Hash: 6fe14d8cfd4d1fa67f4def671fe676c9270dccb44fc707f520b34c6646ba2f41
Instruction Fuzzy Hash: 9AA1907150C3818BD725CF24C0907ABBBE2AFD2305F18895EE4C69B382DB399849CB57

Function 00446D40 Relevance: 1.5, Strings: 1, Instructions: 262COMMON

Download Yara Rule

Strings

,, xrefs: 00446E93

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 7d111183946df77ed45a93960d7eb192ca420c09305f909b4f6652b15f8cc3bb
Instruction ID: f75dafcf4d914ed3e6c0adc1c342837753da74c8d0cf5795db16f3de685eed0a
Opcode Fuzzy Hash: 7d111183946df77ed45a93960d7eb192ca420c09305f909b4f6652b15f8cc3bb
Instruction Fuzzy Hash: 6EB138716093819FD314CF68C84465BBBE1AFA9308F444A2EF59897382D375EA18CB97

Function 00457592 Relevance: 1.5, Strings: 1, Instructions: 261COMMON

Download Yara Rule

Strings

6, xrefs: 00457659

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: fb09cd1341041b585d3dd771a1d79940d8d71d423c37c8292b72fe77d38f70ab
Instruction ID: 5e0aae851c279c79ab618d94756a2a9020b93b88f23684285db100116e3752b4
Opcode Fuzzy Hash: fb09cd1341041b585d3dd771a1d79940d8d71d423c37c8292b72fe77d38f70ab
Instruction Fuzzy Hash: FB91CFB59083819FD714CF28D48161FBBE1AFC5304F14892EF4A987352E778E909CB46

Function 00476AD2 Relevance: 1.5, Strings: 1, Instructions: 226COMMON

Download Yara Rule

Strings

2mG, xrefs: 00476D20

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: 2mG
API String ID: 0-3762628917
Opcode ID: cc4605ef1dcae1c9ed7e41f651f4ab8582277ae65a79dcb6dd7fbaab961d85dd
Instruction ID: ed26ec634a9fc35a54f7618b8e72e21543ebfbd6771fcfbfe8268578cf0c7611
Opcode Fuzzy Hash: cc4605ef1dcae1c9ed7e41f651f4ab8582277ae65a79dcb6dd7fbaab961d85dd
Instruction Fuzzy Hash: 2E619070204B018FD728CF19C490B6BB7E2FB49304F548D2EE59A87B91CB35E455CB98

Function 00453D71 Relevance: 1.4, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

b, xrefs: 00453D84

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: 197430c57f4c2945b80c07c99a6e3c42302807e27145e868fae0fe2c268ca8a1
Instruction ID: 6f24d9a7e862c2a814cd241ed2ad39e60d7f66027c2f5a35923fc91d52a5f9b1
Opcode Fuzzy Hash: 197430c57f4c2945b80c07c99a6e3c42302807e27145e868fae0fe2c268ca8a1
Instruction Fuzzy Hash: B8519A716082408FE344EF28C880B6EBBF5EB96305F48A92DE4C5C3352D739D849CB5A

Function 0045B990 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

HI, xrefs: 0045B9C0

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: HI
API String ID: 0-1987653318
Opcode ID: e378a75baa5bf693df317fb7330f9f89659204c28d376be5fc739d935d1313b3
Instruction ID: 22da2fb9c2f250caab271e4b78d04b46915532b70b33045c003b86a9996b48d1
Opcode Fuzzy Hash: e378a75baa5bf693df317fb7330f9f89659204c28d376be5fc739d935d1313b3
Instruction Fuzzy Hash: A741F0715083118BC714DF18C89176FB7E0EF86368F148A2DE8959B392E7389E49C7DA

Function 0045FAE0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

je, xrefs: 0045FB40

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: je
API String ID: 0-3809674245
Opcode ID: 235117a902488b18506ff784f8229419da95379eaaf21c64d784978e3946d3f3
Instruction ID: 42623205a374ddbb8e6fa317d4cc229a825e78b43437723a7c6aa7c21452f0a6
Opcode Fuzzy Hash: 235117a902488b18506ff784f8229419da95379eaaf21c64d784978e3946d3f3
Instruction Fuzzy Hash: 3E319D75A087419BD320DF15DC45BCEB3A5BB86349F04893DE49DC6242E73495168B8B

Function 0047AC04 Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

498;, xrefs: 0047AC38

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: 498;
API String ID: 0-3542301482
Opcode ID: 0763a7f5df83aea0913a916a500d0bee33634e30b6cdf198c1f0be03c831e4ae
Instruction ID: 088c0c1365be13d9e8d50ce34bcb8183db79bfaece58aea9adcda7c2f52b6598
Opcode Fuzzy Hash: 0763a7f5df83aea0913a916a500d0bee33634e30b6cdf198c1f0be03c831e4ae
Instruction Fuzzy Hash: BC01E5B15583429FD304DF14C490A5ABBE1EBD6354F18982DF48587361C738D885CB4A

Function 0047C4BB Relevance: .8, Instructions: 841COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb70f4617ac3ebaf7e450c53cd7b14a2947053427d066f3f1b7005d5bc560919
Instruction ID: 751ee124edf57abd20e196e82cda64c7c56ec7418b4873eefb5373a671d4e676
Opcode Fuzzy Hash: eb70f4617ac3ebaf7e450c53cd7b14a2947053427d066f3f1b7005d5bc560919
Instruction Fuzzy Hash: F952FE32608201CFD714CF28E8A065AB7F2FFC9314F19896ED58A97761D374E855CB86

Function 004483F0 Relevance: .8, Instructions: 827COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 994ddfeb7f87985db57da05d951359d575f408c5735cb59e69eee654325c9775
Instruction ID: cdd3815e5713e302d7ed7849d126062e8da2669fd5c063bcb12e9ed52366fb06
Opcode Fuzzy Hash: 994ddfeb7f87985db57da05d951359d575f408c5735cb59e69eee654325c9775
Instruction Fuzzy Hash: 8C52D271A087118BD725DF18D48067EB3E1FFD4314F29892ED98697385DB38A852CB8A

Function 0047C5C0 Relevance: .8, Instructions: 812COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06cae228ad4fe836145dde94abc7e760906fca97b3135a552331a5c15629e08f
Instruction ID: 1f6d4a9d6104e557253e7c3c7bcfbe5742a955bf22840feee4c18f13b49bac34
Opcode Fuzzy Hash: 06cae228ad4fe836145dde94abc7e760906fca97b3135a552331a5c15629e08f
Instruction Fuzzy Hash: D742CB31608201CFD714CF28D8A065AB7F2FFC9314F19896ED98A97361D774E856CB86

Function 00443990 Relevance: .7, Instructions: 731COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7398b7bc469833cafa5c5382604f84d91965eb1e6da3c07135f9e642d8b7235c
Instruction ID: 4e7da015aeb24e4cc61949cb136d9e75b53303717b8ab99d098a3bc9532ff1e8
Opcode Fuzzy Hash: 7398b7bc469833cafa5c5382604f84d91965eb1e6da3c07135f9e642d8b7235c
Instruction Fuzzy Hash: F362AB31A087418FD725CF29C08066BB7E1BF98314F188A6EE8DA97351D739F945CB49

Function 0047C7C0 Relevance: .7, Instructions: 690COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 384546c8248e3ab81c6b42ee456d0b87e528c20b6481a659fdcc87d61e341b58
Instruction ID: c34ecf9b0f2a6b22877cb83cdbec51ca9f57039cc9ee08ad96cadc061da2f458
Opcode Fuzzy Hash: 384546c8248e3ab81c6b42ee456d0b87e528c20b6481a659fdcc87d61e341b58
Instruction Fuzzy Hash: A532DC31608201CFD718CF28D8A065AB7F2FFC9314F19896ED98A97361D774E856CB86

Function 00479270 Relevance: .7, Instructions: 656COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f3eed7979fac3dd01730ecddb4e115bf0014cd91826c0b82a719bc79805d86e
Instruction ID: acc6070e741b526ac19b13331b01376864f052cb1471772ee239140be787e376
Opcode Fuzzy Hash: 4f3eed7979fac3dd01730ecddb4e115bf0014cd91826c0b82a719bc79805d86e
Instruction Fuzzy Hash: 2F229A716083119FD714CF19C880B6BB7E2EBC9314F588A2EE5999B391D738EC05CB96

Function 0047C8C0 Relevance: .6, Instructions: 648COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d06af8c09c2a72ff4baa63a045faed68763aba5daef2119a94d618940b8cd68f
Instruction ID: c2f407c7d47296b201beca4befce4dc47d8153f84d6306a9fe5e515318452b61
Opcode Fuzzy Hash: d06af8c09c2a72ff4baa63a045faed68763aba5daef2119a94d618940b8cd68f
Instruction Fuzzy Hash: 1C22DE31608201CFD718CF28D8A066AB7F2FFC9314F19896ED58A97351D774E856CB86

Function 0047CA00 Relevance: .6, Instructions: 619COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d07d11963a478a99f9eb6666547fe510c3f36740a5ee14f43b8d8595f73461d9
Instruction ID: c378ca32d61919fb51337bc9dccbe93c6acbb17aa519a8b2f768df4d9efccd0f
Opcode Fuzzy Hash: d07d11963a478a99f9eb6666547fe510c3f36740a5ee14f43b8d8595f73461d9
Instruction Fuzzy Hash: D312ED31608201CFD318CF28D89066AB7E2FFC9314F19896ED88A97355D774E856CB86

Function 00446770 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9263e8d20dc6a724c7cd4284a5c2ddaf6d30e9c183eedf46916bc311f9b7b9a1
Instruction ID: bf1461c4c731decc2e8993135fef7f7d15fd6439f62e685acdaf1e0a502231f5
Opcode Fuzzy Hash: 9263e8d20dc6a724c7cd4284a5c2ddaf6d30e9c183eedf46916bc311f9b7b9a1
Instruction Fuzzy Hash: F502B1356083508FDB14CF19C88075BBBE6EFDA304F09886EE8899B356D638D845CB97

Function 0045BB40 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98ea2000cba5e72b3ede7bd58101177d3ee7b2124ee6c9de36173806ca631105
Instruction ID: 52de64e89ae88b8f56c999b3a1d00edd014a733d649cf388a2e5cce978fe1b0b
Opcode Fuzzy Hash: 98ea2000cba5e72b3ede7bd58101177d3ee7b2124ee6c9de36173806ca631105
Instruction Fuzzy Hash: D9D102729043118BD714CF28C89166BB3F2EF95315F18862DE9868B396E778AD08C7D5

Function 00465A2A Relevance: .5, Instructions: 456COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fd94a674f19e9e815c42db607fad883d2e2d26f964947a9fdea2f00cddf5f99
Instruction ID: c75d7b5d3c4ab229df1791ca8b760dabb0dcd1a01de465b27e126ff65d332031
Opcode Fuzzy Hash: 0fd94a674f19e9e815c42db607fad883d2e2d26f964947a9fdea2f00cddf5f99
Instruction Fuzzy Hash: 31D168B12083118BD714DF18C8A1B6BB7F2FF95344F148A1EE4C58B3A1E3799945CB9A

Function 00453940 Relevance: .4, Instructions: 448COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 745bdf75f80a49e28245fb364ed246865f145b2b889d7d14306997f56d8c5577
Instruction ID: 50ad00d3dfd86a124c0708ba58ccf884753d18b1b6ea1b4339e1ccdc3ed3be33
Opcode Fuzzy Hash: 745bdf75f80a49e28245fb364ed246865f145b2b889d7d14306997f56d8c5577
Instruction Fuzzy Hash: 43D1BFB19083419BD715DF24C8C0B6BBBE4AF95356F44092EF8C687392E738D948C79A

Function 0047CD60 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 663c4f1be652901e7d390fe9cdb0f7f7d0b0bb4a304c24535f169c248bc50d79
Instruction ID: 0a734b6d34818b9674a0da6b06175717bffc21010653e3998324973a67db7d17
Opcode Fuzzy Hash: 663c4f1be652901e7d390fe9cdb0f7f7d0b0bb4a304c24535f169c248bc50d79
Instruction Fuzzy Hash: 84D1FC31608701CFD324CF28D89065AB7F2FF8A314F18896ED89A97B55E374E856CB85

Function 00465350 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc331937551782b8e7278648bb3a169311c96b4cac5f8c312be73e8607ecb517
Instruction ID: 1f44592554f8e0bca7cd138beb3919031002652b2bc75d2c10ea3c2d9c749c76
Opcode Fuzzy Hash: dc331937551782b8e7278648bb3a169311c96b4cac5f8c312be73e8607ecb517
Instruction Fuzzy Hash: 2BB1DD715183118BC724CF18C8517ABB3F2FFD6318F448A2DE89A9B390E7799941CB86

Function 0046166A Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37daa45335fed94b4b7746f5c66c481d4f731d71f2bf0f4ba1ac7e3230323588
Instruction ID: 09cba5f08c8e4df4500855de7aacffee007ccb31fb4f9386f768867dc330ef93
Opcode Fuzzy Hash: 37daa45335fed94b4b7746f5c66c481d4f731d71f2bf0f4ba1ac7e3230323588
Instruction Fuzzy Hash: 4BB19CB16093818FD724DF14C4917ABB7E2FB95354F18492ED4C987292E7389809CB97

Function 00442FA0 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcb90bbc589c2bf11340c354106807560bd3f6fffdfead4493fb65e0e63adc1a
Instruction ID: ef66b80d176c56e99338fcfd6dc8618dfa900bd004a039a2f9140f036cd2930a
Opcode Fuzzy Hash: fcb90bbc589c2bf11340c354106807560bd3f6fffdfead4493fb65e0e63adc1a
Instruction Fuzzy Hash: 25717F315082828FF7058E68CC50367BB91EF51701F28867FE8568B386E779DA06D396

Function 004580AA Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9afeafe581571cbc68d8ab7ed55e06bae84b2d5aef598b9a3e70fe741791fd5b
Instruction ID: f830a5948649cec719645a18bfb548a2569877377e2256f25caf1ebf121322b7
Opcode Fuzzy Hash: 9afeafe581571cbc68d8ab7ed55e06bae84b2d5aef598b9a3e70fe741791fd5b
Instruction Fuzzy Hash: 16717C702083118BD728CF14D5A076FB7E1FFC5B15F144A1DE88667392CB389909CB9A

Function 004612D0 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83529f4a5cda1effbff3849e2f920cc6b740272c24ebc76be243cf940942407a
Instruction ID: 9f945b933ad600a66531c5ef72e619a3b1acd3abe7bbd5988517360986aec744
Opcode Fuzzy Hash: 83529f4a5cda1effbff3849e2f920cc6b740272c24ebc76be243cf940942407a
Instruction Fuzzy Hash: B08166751183818FD728DF10C8A4BABB7E2FFC5304F58896DE58A47351EB399941CB8A

Function 00462569 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cd9c4ad317eba7f3750ffc8eb408b984800c9e64efaeba876099ecea662c83c
Instruction ID: 698a274535122fa6ae40f90e5b07106f10d2a088cc3b0659371a3e568b1a1e5b
Opcode Fuzzy Hash: 9cd9c4ad317eba7f3750ffc8eb408b984800c9e64efaeba876099ecea662c83c
Instruction Fuzzy Hash: 05514A75700B029FD724CF29C5A056BB7E2FB55314B188A2ED49787781F778E802CB86

Function 00476120 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fd2e9bdbfb709bafe2e300b030e266e1c8b98ab5cec688dc1a7be955cbaa4b8
Instruction ID: 4f1e50f3652a83efcaefffb14bdb919f8964b71c68e1f1e70c0b52035da38282
Opcode Fuzzy Hash: 3fd2e9bdbfb709bafe2e300b030e266e1c8b98ab5cec688dc1a7be955cbaa4b8
Instruction Fuzzy Hash: 8C517EB15087548FE314DF69D49435BBBE1BBC4318F058A2EE4D987351E379DA088F86

Function 00442D60 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ca4678136f0564ad750c417209422a8ff7b8d08c6895fa94939b8ac2c97ad66
Instruction ID: 755da0e82090dfeabff66661a7619f67cad1f40e08ccd687c5a8b2fde88d302a
Opcode Fuzzy Hash: 7ca4678136f0564ad750c417209422a8ff7b8d08c6895fa94939b8ac2c97ad66
Instruction Fuzzy Hash: 0051A4B05042029FE7049F28ED4971FBBA0FF44318F14493DF85A963A1D7B5E968DB8A

Function 004611E6 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10265f13a80b94bf9112a593af98dfce5bc46a11550a845223325b9e35a20863
Instruction ID: e4a0280a83958b57b184fd6febac947904e254a8102eb797a251951fb57ff6e5
Opcode Fuzzy Hash: 10265f13a80b94bf9112a593af98dfce5bc46a11550a845223325b9e35a20863
Instruction Fuzzy Hash: 5A51B335A043138BC320CF58C4D08ABB3E2FF99790B1A896ED5859B370EB745D54D786

Function 00456AD0 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1c92538808e672b954f3bcda748644ed6031cd2e5af0decce29760d68f99943
Instruction ID: 5e7c93347d93b99c910ca68f1d1bef0eff8b381f7413d669f658a8934c162eb2
Opcode Fuzzy Hash: d1c92538808e672b954f3bcda748644ed6031cd2e5af0decce29760d68f99943
Instruction Fuzzy Hash: 744128B19083149BD3219F94C88076BB7E8EB51319F4A466ADC89C7343FB79ED08C75A

Function 00441CDA Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f46eab105d4cf27f1ec6c093b00711bee81b0224c8733ecb0bb57d4672d2cc
Instruction ID: 851fb390973c09fe8af6d983d0763e350adb316d9913820a0171fd04801afdec
Opcode Fuzzy Hash: c3f46eab105d4cf27f1ec6c093b00711bee81b0224c8733ecb0bb57d4672d2cc
Instruction Fuzzy Hash: 1941247560AB26CFE3088F16D851269B3B1FB55302F484A7EC14107B92D7B9F2A1E7D4

Function 0044FD90 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0eb0be693419350126b1155b487082f4cbb01cb5af4d34c565f12dfc25bbbc2
Instruction ID: 6ac8b0742338d024b4fa834e4a85c1db9f6f72fe28aa484f02330e386b6b1cbd
Opcode Fuzzy Hash: e0eb0be693419350126b1155b487082f4cbb01cb5af4d34c565f12dfc25bbbc2
Instruction Fuzzy Hash: E2414471B2C3504FE3489A79888432ABBD1AB89310F088A3EF5E5C73D1E778C959E755

Function 00441CA4 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 367b20cf641a31129e696b493ec9ee834e0e262610240e68ddd95f41b9b0f7a0
Instruction ID: dbc8ea407bd2154f2d66ad6b14c749fe47d43ec092ff88f55eaeecf43eb1e735
Opcode Fuzzy Hash: 367b20cf641a31129e696b493ec9ee834e0e262610240e68ddd95f41b9b0f7a0
Instruction Fuzzy Hash: 2C41F57560A726CFE3044F05D851364B3B2FB51302F484ABAC54007B96D7B9F5A5E7D4

Function 00478C80 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64df9dabdc81a4ef9e6ad817cb1daa49b37ba74f87d7dd1640a37dc6b4908552
Instruction ID: 894ef32be511a3fd8821ce7d7b411bcbd563c03c1e5311ad5bb2c625a2603086
Opcode Fuzzy Hash: 64df9dabdc81a4ef9e6ad817cb1daa49b37ba74f87d7dd1640a37dc6b4908552
Instruction Fuzzy Hash: E13198715082049FD320DF08C884BABB7E4EB95718F188A1DE4D89B391C739D8068BDA

Function 00456637 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ee86d8de83ae3c09b19df9ace804d7864fa2d66e374877a6c9b4d843faa1452
Instruction ID: 426e2998a12215a734a8a736f865535f6c9a283efa20f9aa6bf87c729bc2fc1f
Opcode Fuzzy Hash: 8ee86d8de83ae3c09b19df9ace804d7864fa2d66e374877a6c9b4d843faa1452
Instruction Fuzzy Hash: 7D314B356082529BD718CF14D4A0A6FB7A2EFC9324F598A2DE88617752D330AC51CB8A

Function 004435E0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f84d59685ae93e6f0ebed0989e0f4e33149f496536565d55347066dedd9fc728
Instruction ID: 901c67c7778fabab6629ad8cae7c7cd4976070c7919ae4e4e66334fd9000e548
Opcode Fuzzy Hash: f84d59685ae93e6f0ebed0989e0f4e33149f496536565d55347066dedd9fc728
Instruction Fuzzy Hash: 4A112337B2462227F370CE36FCC451763A2FBC561170B003AEA49D3302CA26EA56D289

Function 00473BF0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: b28b0d1dfa3d7276a413ef5ac47ec10ac48f5a475745647b8ad3b47472184a2a
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 1411EC336091E40EC3178D3C84005A5BF930A93636B59C39AF4BDAB2D6D5268E8B9359

Function 00466A10 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36d82270482d4905b4f2f9d399abbb2a22930c181a380328b76864364b6b8b3b
Instruction ID: acf13c57811fbcfa5aa7e42a1cc1832f991fcb70d4fe15be5d5f8b0944d418c9
Opcode Fuzzy Hash: 36d82270482d4905b4f2f9d399abbb2a22930c181a380328b76864364b6b8b3b
Instruction Fuzzy Hash: A80175F560030157E720EE9594C172BB2A95F52708F19853ED809A7302EB7DEC1586DA

Function 00461EB0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b39309245d17a713fd845531ec8577c723eb1b0b78c424ee0f8e73b315f7b4c2
Instruction ID: 54d9b76a0590a9f4e3e8b3e56b796894a383d19c6f856fc826fa05e3ef50e2d9
Opcode Fuzzy Hash: b39309245d17a713fd845531ec8577c723eb1b0b78c424ee0f8e73b315f7b4c2
Instruction Fuzzy Hash: C311AFB0910B00AFD370DF2ED946713B9F8E70A260F50171DF49AC7A91E335A4058BD6

Function 00462E75 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcaf4256dce43f3a83dcb9779041bd3c26e3a68a4bbe3a093ec6cd8db406b1ba
Instruction ID: 9cf6760dc3c1de5e1510998474e9ddd03b365a3c4786fb0744058a184765d0d5
Opcode Fuzzy Hash: fcaf4256dce43f3a83dcb9779041bd3c26e3a68a4bbe3a093ec6cd8db406b1ba
Instruction Fuzzy Hash: 80F065B07006018FD30C8F79C851126B6E2EBC9310F44957D9906CB3B0D978EC018B18

Function 0046F339 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe7684aa32fd88a74603034107ad297a1400b9f49d3886fbe3d01c1b75da37f3
Instruction ID: 59df9fb27fcce3b6975290e685cb4599d7aea9beba9b5dcdcc2d37cdf8d188ca
Opcode Fuzzy Hash: fe7684aa32fd88a74603034107ad297a1400b9f49d3886fbe3d01c1b75da37f3
Instruction Fuzzy Hash: C5F0F8B55283018FD750EF28C46534FBBE4BF84318F158D6DE98857350DB75A988CB86

Function 0044EA70 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
Instruction ID: 3f7bf3efe6fb95d2e2016eeea04e2e7a5fc0b77d0ec2cd2be1a652f2eecd4551
Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
Instruction Fuzzy Hash: D2D0A7615497A10EA7588D3904E0477FBE8FA47612B18199FE4D2F3205D224DC0246AC

Function 0045343E Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c77821858bf1e0746581c8a09bc157db450299130955afc60d1ab7decc3e94a0
Instruction ID: cebebdb0fb4b2d1cc62a099b583f0facbec4a8e1befb8512bec201d665f5cc8b
Opcode Fuzzy Hash: c77821858bf1e0746581c8a09bc157db450299130955afc60d1ab7decc3e94a0
Instruction Fuzzy Hash: 13C08C79A54200839A88EF10BC8243F623A63D7204B29B63CC50BE3302EA19D402860E

Function 00466483 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b7e4ea2c1d23a1bcfa2163b277c04a2ee34eddfcbcb081d2402a1ec6dcb9cae
Instruction ID: 0413848c93b23084e9e309ad23dbbedd40a50ca4987f1bbfd25cc4c556125ff5
Opcode Fuzzy Hash: 9b7e4ea2c1d23a1bcfa2163b277c04a2ee34eddfcbcb081d2402a1ec6dcb9cae
Instruction Fuzzy Hash: 45B092A5C4000086A0D53A113C4343EB0360553A08F14203EE80A62203AA1ED11A525F

Function 0047B776 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b852e160eade2c918da002a2ebc4ee44a091523ae7280a0ad01a2953633b984b
Instruction ID: a945151c5d8dcbf6c9fb1e5a86cc2ab48dab1e05526f44651fe673fc66acdccd
Opcode Fuzzy Hash: b852e160eade2c918da002a2ebc4ee44a091523ae7280a0ad01a2953633b984b
Instruction Fuzzy Hash: 43C09235A694808B878CCF14DC50639B3FA9BCB204B18F82C8006B3B56E234DC029B0C

Function 004698D7 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 300COMMON

Download Yara Rule

Strings

E\XC, xrefs: 00469B4C
YDA[, xrefs: 00469B5A
MA[J, xrefs: 00469B61

Memory Dump Source

Source File: 00000000.00000002.3255688851.0000000000441000.00000020.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.3255671291.0000000000440000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255715960.000000000047F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255746739.0000000000482000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255766860.000000000048A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3255783201.0000000000494000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.jbxd

Similarity

API ID:
String ID: E\XC$MA[J$YDA[
API String ID: 0-286078667
Opcode ID: c7bb3f346acf783571364f831bbf3c98f7e1876b6c8096b97f156c3fdb204a9e
Instruction ID: 2dbf10572cdc680dec77922549e312b37e72f2646e73a07b3f0253fa14d942fb
Opcode Fuzzy Hash: c7bb3f346acf783571364f831bbf3c98f7e1876b6c8096b97f156c3fdb204a9e
Instruction Fuzzy Hash: 54A14730205B818BD724CF25C840767FBE2AF96700F248A6ED4E64B795E778F805CB5A

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

UDP Packets

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exePID: 3648, Parent PID: 1028

General

Chronological Activities

Disassembly

Analysis Process: 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exePID: 3648, Parent PID: 1028COMMON

Execution Graph

Graph

Windows Analysis Report
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Function 0047AAC0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12
libraryCOMMON

Function 0047B00A Relevance: .1, Instructions: 87
COMMON

Function 00449530 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33
COMMON

Function 0047A71C Relevance: 1.6, APIs: 1, Instructions: 70
libraryCOMMON

Function 00478800 Relevance: 1.6, APIs: 1, Instructions: 58
memoryCOMMON

Function 0047A100 Relevance: 1.5, APIs: 1, Instructions: 35
COMMON