Edit tour

Windows Analysis Report
60Zxcx88Uv.exe

Overview

General Information

Sample name:	60Zxcx88Uv.exe renamed because original name is a hash value
Original sample name:	0ee9a86828935f4ee448a66aaf0bfb42.exe
Analysis ID:	1581231
MD5:	0ee9a86828935f4ee448a66aaf0bfb42
SHA1:	2b718d65a24f8bed4d37456a3fd05e054e90e550
SHA256:	f47d5e2b2aa8746022bdcfba52a8604be13d0e8b260e2d05ad959f1a2cc8c507
Tags:	exeuser-abuse_ch
Errors No process behavior to analyse as no analysis process or sample was found Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file overlay found

Classification

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 60Zxcx88Uv.exe	ReversingLabs: Detection: 34%
Source: 60Zxcx88Uv.exe	Virustotal: Detection: 36%			Perma Link

Source: 60Zxcx88Uv.exe

String found in binary or memory: http://digitalbush.com/projects/masked-input-plugin/#license)

Source: 60Zxcx88Uv.exe

Static PE information: Number of sections : 11 > 10

Source: 60Zxcx88Uv.exe

Static PE information: Data appended to the last section found

Source: classification engine

Classification label: mal48.winEXE@0/0@0/0

Source: 60Zxcx88Uv.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 60Zxcx88Uv.exe	ReversingLabs: Detection: 34%
Source: 60Zxcx88Uv.exe	Virustotal: Detection: 36%

Source: 60Zxcx88Uv.exe	String found in binary or memory: gfx/loading.gif">
Source: 60Zxcx88Uv.exe	String found in binary or memory: /gfx/loading.gif
Source: 60Zxcx88Uv.exe	String found in binary or memory: gfx/loading.gif
Source: 60Zxcx88Uv.exe	String found in binary or memory: Execute via &Default browser/Launch default browser and execute application.

Source: 60Zxcx88Uv.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 60Zxcx88Uv.exe

Static file information: File size 7618431 > 1048576

Source: 60Zxcx88Uv.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x48f600
Source: 60Zxcx88Uv.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x283e00

Source: 60Zxcx88Uv.exe

Static PE information: section name: .didata

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
60Zxcx88Uv.exe	34%	ReversingLabs	Win64.Trojan.Ulise
60Zxcx88Uv.exe	37%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://digitalbush.com/projects/masked-input-plugin/#license)	60Zxcx88Uv.exe	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581231
Start date and time:	2024-12-27 08:52:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 1m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	60Zxcx88Uv.exe renamed because original name is a hash value
Original Sample Name:	0ee9a86828935f4ee448a66aaf0bfb42.exe
Detection:	MAL
Classification:	mal48.winEXE@0/0@0/0
Cookbook Comments:	Found application associated with file extension: .exe Unable to launch sample, stop analysis

Errors

No process behavior to analyse as no analysis process or sample was found
Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0035.t-0009.t-msedge.net	7jKx8dPOEs.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	1fi2LiofgW.exe	Get hash	malicious	Unknown	Browse	13.107.246.63
	zi042476Iv.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	54861 Proforma Invoice AMC2273745.xlam.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.63
	TAX INVOICE - NBO2506000632.xlam.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.63
	installer.bat	Get hash	malicious	Vidar	Browse	13.107.246.63
	din.exe	Get hash	malicious	Vidar	Browse	13.107.246.63
	lem.exe	Get hash	malicious	Vidar	Browse	13.107.246.63
	atw3.dll	Get hash	malicious	Gozi, Ursnif	Browse	13.107.246.63
	WRD1792.docx.doc	Get hash	malicious	Dynamer	Browse	13.107.246.63

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.40904898608761
TrID:	Win64 Executable GUI (202006/5) 92.64% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% VXD Driver (31/22) 0.01%
File name:	60Zxcx88Uv.exe
File size:	7'618'431 bytes
MD5:	0ee9a86828935f4ee448a66aaf0bfb42
SHA1:	2b718d65a24f8bed4d37456a3fd05e054e90e550
SHA256:	f47d5e2b2aa8746022bdcfba52a8604be13d0e8b260e2d05ad959f1a2cc8c507
SHA512:	042a117ba45f731d1cf8fcf53f812ac65e56ee1276796c4c84c901429925ab2979c34f84515cc8e06e8f9e3a740403e53ce3ab53a756b88d2f365a72bcb5d110
SSDEEP:	49152:sExHcWioiCm3XEyP3605RYCXXLwsSXLJK3quO6xVzsoeoe17qRhm6PpdTTCWZ4ib:cNtfmToeoeKSWew5OkKc
TLSH:	DE765B7B62B59279C25DC13FC0A38F02E433B4791B37CAEB929042595F159C4AE3BB25
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7.......................................................................................................................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8904a0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:
Time Stamp:	0x66C36C30 [Mon Aug 19 16:00:48 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	73c7e572536ce3b598c7740cf9a09ab5

Entrypoint Preview

Instruction
push ebp
dec eax
sub esp, 20h
dec eax
mov ebp, esp
nop
dec eax
lea ecx, dword ptr [FFFE92A8h]
call 00007FA358675720h
dec eax
mov eax, dword ptr [00066574h]
dec eax
mov ecx, dword ptr [eax]
call 00007FA35892A3F1h
dec eax
mov eax, dword ptr [00066565h]
dec eax
mov ecx, dword ptr [eax]
mov dl, 01h
call 00007FA35892D0A0h
dec eax
mov eax, dword ptr [00066554h]
dec eax
mov ecx, dword ptr [eax]
dec eax
mov edx, dword ptr [FFFE8BFAh]
dec esp
mov eax, dword ptr [0006624Bh]
call 00007FA35892A3F3h
dec eax
mov eax, dword ptr [00066537h]
dec eax
mov ecx, dword ptr [eax]
call 00007FA35892A604h
call 00007FA35866D14Fh
jmp 00007FA358AEEB5Ah
nop
nop
call 00007FA35866D346h
nop
dec eax
lea esp, dword ptr [ebp+20h]
pop ebp
ret
dec eax
nop
dec eax
lea eax, dword ptr [00000000h+eax]
dec eax
sub esp, 28h
call 00007FA35866C8DCh
dec eax
add esp, 28h
ret
int3
int3
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x50a000	0x9c	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x504000	0x4e36	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x585000	0x283e00	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x546000	0x3e754	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x50d000	0x38314	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x50c000	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x505428	0x1258	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x509000	0xed8	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x48f530	0x48f600	45b0d17e9c8caac916608d2d25f852c3	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x491000	0x66378	0x66400	b94e35a0a016d96b2d8b4b49acb21d4c	False	0.2696983878361858	data	4.880729534270984	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x4f8000	0xb7d4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x504000	0x4e36	0x5000	3531e19eda29b47c89c335efc173829c	False	0.240673828125	data	4.208258046171773	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0x509000	0xed8	0x1000	938a440fea59562ad3c6086f335c8fbd	False	0.248046875	data	3.128860257762936	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x50a000	0x9c	0x200	b0e12af7e0ba2bb16811f2a082fe87cc	False	0.26171875	data	1.9231601644709146	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0x50b000	0x1e4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x50c000	0x6d	0x200	68e9a6e686447975f28feec93489aa94	False	0.1953125	data	1.3902637598484393	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x50d000	0x38314	0x38400	0dd6aa7ec5ee4e6e625f993b6657a20d	False	0.4608072916666667	data	6.4452844954118484	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.pdata	0x546000	0x3e754	0x3e800	3a7d70695ace71dd0889878956e0fe47	False	0.49669921875	data	6.397376454331368	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x585000	0x283e00	0x283e00	39c45a21837b30d0e7e33283ff3cefee	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x587d04	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	English	United States	0.38636363636363635
RT_CURSOR	0x587e38	0x134	data	English	United States	0.4642857142857143
RT_CURSOR	0x587f6c	0x134	data	English	United States	0.4805194805194805
RT_CURSOR	0x5880a0	0x134	data	English	United States	0.38311688311688313
RT_CURSOR	0x5881d4	0x134	data	English	United States	0.36038961038961037
RT_CURSOR	0x588308	0x134	data	English	United States	0.4090909090909091
RT_CURSOR	0x58843c	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	English	United States	0.4967532467532468
RT_ICON	0x588570	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m			0.6613475177304965
RT_ICON	0x5889d8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2835 x 2835 px/m			0.42745901639344264
RT_ICON	0x589360	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m			0.3224671669793621
RT_ICON	0x58a408	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m			0.229149377593361
RT_ICON	0x58c9b0	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m			0.16456069910250354
RT_ICON	0x590bd8	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 20736, resolution 2835 x 2835 px/m			0.14755083179297598
RT_ICON	0x596060	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 2835 x 2835 px/m			0.056154088711372716
RT_ICON	0x59f508	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m			0.09265941086004968
RT_ICON	0x5afd30	0x3694	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced			0.9870455196106499
RT_STRING	0x5b33c4	0x818	data			0.30984555984555984
RT_STRING	0x5b3bdc	0x924	data			0.25427350427350426
RT_STRING	0x5b4500	0x330	data			0.4178921568627451
RT_STRING	0x5b4830	0x45c	data			0.3673835125448029
RT_STRING	0x5b4c8c	0x438	data			0.3537037037037037
RT_STRING	0x5b50c4	0x444	data			0.29945054945054944
RT_STRING	0x5b5508	0x388	data			0.4358407079646018
RT_STRING	0x5b5890	0x358	data			0.39602803738317754
RT_STRING	0x5b5be8	0x394	data			0.3307860262008734
RT_STRING	0x5b5f7c	0x5d8	data			0.3830213903743315
RT_STRING	0x5b6554	0x24c	data			0.477891156462585
RT_STRING	0x5b67a0	0x2a0	data			0.34672619047619047
RT_STRING	0x5b6a40	0x3d8	data			0.35060975609756095
RT_STRING	0x5b6e18	0x398	data			0.4489130434782609
RT_STRING	0x5b71b0	0x298	StarOffice Gallery theme o, 151022848 objects, 1st e			0.4743975903614458
RT_STRING	0x5b7448	0x54c	data			0.3635693215339233
RT_STRING	0x5b7994	0x200	data			0.52734375
RT_STRING	0x5b7b94	0x280	data			0.503125
RT_STRING	0x5b7e14	0x588	data			0.3637005649717514
RT_STRING	0x5b839c	0x36c	data			0.3664383561643836
RT_STRING	0x5b8708	0x3c4	data			0.4118257261410788
RT_STRING	0x5b8acc	0x3a0	data			0.4267241379310345
RT_STRING	0x5b8e6c	0x410	data			0.39903846153846156
RT_STRING	0x5b927c	0x43c	data			0.4059040590405904
RT_STRING	0x5b96b8	0x34c	data			0.40165876777251186
RT_STRING	0x5b9a04	0x390	data			0.3355263157894737
RT_STRING	0x5b9d94	0x288	data			0.4737654320987654
RT_STRING	0x5ba01c	0x4ec	data			0.37222222222222223
RT_STRING	0x5ba508	0x3dc	data			0.3248987854251012
RT_STRING	0x5ba8e4	0x364	data			0.4216589861751152
RT_STRING	0x5bac48	0x290	data			0.4695121951219512
RT_STRING	0x5baed8	0xc0	data			0.6666666666666666
RT_STRING	0x5baf98	0x100	data			0.625
RT_STRING	0x5bb098	0x3f0	data			0.37797619047619047
RT_STRING	0x5bb488	0x414	data			0.3726053639846743
RT_STRING	0x5bb89c	0x444	data			0.3983516483516483
RT_STRING	0x5bbce0	0x418	data			0.2862595419847328
RT_STRING	0x5bc0f8	0x3bc	data			0.41422594142259417
RT_STRING	0x5bc4b4	0x3f8	data			0.3838582677165354
RT_STRING	0x5bc8ac	0x59c	data			0.31963788300835655
RT_STRING	0x5bce48	0x458	AmigaOS bitmap font "t", fc_YSize 29184, 21248 elements, 2nd "r", 3rd " "			0.33363309352517984
RT_STRING	0x5bd2a0	0x36c	data			0.3915525114155251
RT_STRING	0x5bd60c	0x360	data			0.35532407407407407
RT_STRING	0x5bd96c	0x3fc	data			0.3764705882352941
RT_STRING	0x5bdd68	0xd0	data			0.5288461538461539
RT_STRING	0x5bde38	0xb8	data			0.6467391304347826
RT_STRING	0x5bdef0	0x2c0	data			0.46732954545454547
RT_STRING	0x5be1b0	0x434	data			0.3308550185873606
RT_STRING	0x5be5e4	0x360	data			0.38425925925925924
RT_STRING	0x5be944	0x2ec	data			0.37566844919786097
RT_STRING	0x5bec30	0x31c	data			0.34296482412060303
RT_RCDATA	0x5bef4c	0x10	data			1.5
RT_RCDATA	0x5bef5c	0x1536	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	English	United States	0.6550644567219153
RT_RCDATA	0x5c0494	0x359	GIF image data, version 89a, 16 x 16	English	United States	0.15635939323220538
RT_RCDATA	0x5c07f0	0x378	GIF image data, version 89a, 21 x 21	English	United States	0.5529279279279279
RT_RCDATA	0x5c0b68	0x12c	GIF image data, version 89a, 10 x 12	English	United States	0.83
RT_RCDATA	0x5c0c94	0x129	GIF image data, version 89a, 10 x 12	English	United States	0.7575757575757576
RT_RCDATA	0x5c0dc0	0x4c8	GIF image data, version 89a, 24 x 24	English	United States	0.6282679738562091
RT_RCDATA	0x5c1288	0x4b5	GIF image data, version 89a, 24 x 24	English	United States	0.5526970954356847
RT_RCDATA	0x5c1740	0x42e	GIF image data, version 89a, 24 x 24	English	United States	0.5112149532710281
RT_RCDATA	0x5c1b70	0x42e	GIF image data, version 89a, 24 x 24	English	United States	0.4766355140186916
RT_RCDATA	0x5c1fa0	0x432	GIF image data, version 89a, 24 x 24	English	United States	0.5027932960893855
RT_RCDATA	0x5c23d4	0x434	GIF image data, version 89a, 24 x 24	English	United States	0.4758364312267658
RT_RCDATA	0x5c2808	0x4da	GIF image data, version 89a, 24 x 24	English	United States	0.6191626409017713
RT_RCDATA	0x5c2ce4	0x4c1	GIF image data, version 89a, 24 x 24	English	United States	0.5825801150369762
RT_RCDATA	0x5c31a8	0x449	GIF image data, version 89a, 24 x 24	English	United States	0.5077484047402006
RT_RCDATA	0x5c35f4	0x455	GIF image data, version 89a, 24 x 24	English	United States	0.5067628494138864
RT_RCDATA	0x5c3a4c	0x4ce	GIF image data, version 89a, 24 x 24	English	United States	0.6699186991869919
RT_RCDATA	0x5c3f1c	0x4b9	GIF image data, version 89a, 24 x 24	English	United States	0.5665839536807279
RT_RCDATA	0x5c43d8	0x32e	GIF image data, version 89a, 24 x 24	English	United States	0.9582309582309583
RT_RCDATA	0x5c4708	0x30e	GIF image data, version 89a, 24 x 24	English	United States	0.8491048593350383
RT_RCDATA	0x5c4a18	0x444	GIF image data, version 89a, 24 x 24	English	United States	0.5265567765567766
RT_RCDATA	0x5c4e5c	0x44f	GIF image data, version 89a, 24 x 24	English	United States	0.4877606527651859
RT_RCDATA	0x5c52ac	0x4b5	GIF image data, version 89a, 24 x 24	English	United States	0.6182572614107884
RT_RCDATA	0x5c5764	0x4ab	GIF image data, version 89a, 24 x 24	English	United States	0.5581589958158996
RT_RCDATA	0x5c5c10	0x480	GIF image data, version 89a, 24 x 24	English	United States	0.5815972222222222
RT_RCDATA	0x5c6090	0x46a	GIF image data, version 89a, 24 x 24	English	United States	0.5389380530973451
RT_RCDATA	0x5c64fc	0x679	HTML document, ASCII text, with CRLF, LF line terminators	English	United States	0.46107423053711527
RT_RCDATA	0x5c6b78	0xacf	GIF image data, version 89a, 32 x 32	English	United States	0.6841344416335381
RT_RCDATA	0x5c7648	0xe34	GIF image data, version 89a, 105 x 141	English	United States	1.0030253025302531
RT_RCDATA	0x5c847c	0xa25	GIF image data, version 89a, 171 x 75	English	United States	1.0042356565267616
RT_RCDATA	0x5c8ea4	0x4b	GIF image data, version 89a, 16 x 16	English	United States	0.9733333333333334
RT_RCDATA	0x5c8ef0	0x3f	GIF image data, version 89a, 12 x 16	English	United States	1.0317460317460319
RT_RCDATA	0x5c8f30	0x6e	GIF image data, version 89a, 16 x 16	English	United States	1.009090909090909
RT_RCDATA	0x5c8fa0	0x50	GIF image data, version 89a, 16 x 16	English	United States	1.025
RT_RCDATA	0x5c8ff0	0x6c	GIF image data, version 89a, 16 x 16	English	United States	1.0092592592592593
RT_RCDATA	0x5c905c	0x4f	GIF image data, version 89a, 16 x 16	English	United States	1.0253164556962024
RT_RCDATA	0x5c90ac	0x6f	GIF image data, version 89a, 17 x 16	English	United States	1.018018018018018
RT_RCDATA	0x5c911c	0x41	GIF image data, version 89a, 15 x 15	English	United States	0.9846153846153847
RT_RCDATA	0x5c9160	0x3c	GIF image data, version 89a, 16 x 12	English	United States	1.0333333333333334
RT_RCDATA	0x5c919c	0x69	GIF image data, version 89a, 16 x 16	English	United States	1.019047619047619
RT_RCDATA	0x5c9208	0x4d	GIF image data, version 89a, 16 x 16	English	United States	1.025974025974026
RT_RCDATA	0x5c9258	0x71	GIF image data, version 89a, 16 x 17	English	United States	1.079646017699115
RT_RCDATA	0x5c92cc	0x69	GIF image data, version 89a, 16 x 16	English	United States	1.0095238095238095
RT_RCDATA	0x5c9338	0x4d	GIF image data, version 89a, 16 x 16	English	United States	1.025974025974026
RT_RCDATA	0x5c9388	0x45a	HTML document, ASCII text, with CRLF line terminators	English	United States	0.47217235188509876
RT_RCDATA	0x5c97e4	0x36	GIF image data, version 89a, 1 x 1	English	United States	1.037037037037037
RT_RCDATA	0x5c981c	0x91	GIF image data, version 89a, 16 x 16	English	United States	0.8137931034482758
RT_RCDATA	0x5c98b0	0x82	GIF image data, version 89a, 16 x 16	English	United States	0.7769230769230769
RT_RCDATA	0x5c9934	0x6c	GIF image data, version 89a, 11 x 9	English	United States	0.6944444444444444
RT_RCDATA	0x5c99a0	0x9e	GIF image data, version 89a, 16 x 16	English	United States	0.8354430379746836
RT_RCDATA	0x5c9a40	0x6f	GIF image data, version 89a, 11 x 9	English	United States	0.7027027027027027
RT_RCDATA	0x5c9ab0	0x356	GIF image data, version 89a, 16 x 16	English	United States	0.12295081967213115
RT_RCDATA	0x5c9e08	0x355	GIF image data, version 89a, 16 x 16	English	United States	0.123094958968347
RT_RCDATA	0x5ca160	0x355	GIF image data, version 89a, 16 x 16	English	United States	0.12192262602579132
RT_RCDATA	0x5ca4b8	0x361	GIF image data, version 89a, 16 x 16	English	United States	0.13179190751445086
RT_RCDATA	0x5ca81c	0x3ae	GIF image data, version 89a, 16 x 16	English	United States	0.25796178343949044
RT_RCDATA	0x5cabcc	0x3b5	GIF image data, version 89a, 16 x 16	English	United States	0.291886195995785
RT_RCDATA	0x5caf84	0x38c	GIF image data, version 89a, 16 x 16	English	United States	0.21585903083700442
RT_RCDATA	0x5cb310	0x41a	GIF image data, version 89a, 16 x 16	English	United States	0.6266666666666667
RT_RCDATA	0x5cb72c	0x36e	GIF image data, version 89a, 16 x 16	English	United States	0.15945330296127563
RT_RCDATA	0x5cba9c	0x36d	GIF image data, version 89a, 16 x 16	English	United States	0.1573546180159635
RT_RCDATA	0x5cbe0c	0x354	GIF image data, version 89a, 16 x 16	English	United States	0.11854460093896714
RT_RCDATA	0x5cc160	0x394	GIF image data, version 89a, 16 x 16	English	United States	0.1965065502183406
RT_RCDATA	0x5cc4f4	0x3b0	GIF image data, version 89a, 16 x 16	English	United States	0.2552966101694915
RT_RCDATA	0x5cc8a4	0x3e7	GIF image data, version 89a, 16 x 16	English	United States	0.42842842842842843
RT_RCDATA	0x5ccc8c	0x3ee	GIF image data, version 89a, 16 x 16	English	United States	0.6272365805168986
RT_RCDATA	0x5cd07c	0x368	GIF image data, version 89a, 16 x 16	English	United States	0.13876146788990826
RT_RCDATA	0x5cd3e4	0x37f	GIF image data, version 89a, 16 x 16	English	United States	0.28044692737430166
RT_RCDATA	0x5cd764	0x37f	GIF image data, version 89a, 16 x 16	English	United States	0.27932960893854747
RT_RCDATA	0x5cdae4	0x362	GIF image data, version 89a, 16 x 16	English	United States	0.13279445727482678
RT_RCDATA	0x5cde48	0x531b	ASCII text, with very long lines (16079)	English	United States	0.2575323149236193
RT_RCDATA	0x5d3164	0x3457	ASCII text, with very long lines (13399), with no line terminators	English	United States	0.27718486454213
RT_RCDATA	0x5d65bc	0x38c1	ASCII text, with very long lines (14529), with no line terminators	English	United States	0.2771697983343657
RT_RCDATA	0x5d9e80	0xa64	ASCII text, with very long lines (2660), with no line terminators	English	United States	0.3669172932330827
RT_RCDATA	0x5da8e4	0xbe1	ASCII text, with very long lines (3041), with no line terminators	English	United States	0.3909898059848734
RT_RCDATA	0x5db4c8	0x134a	ASCII text, with very long lines (4938), with no line terminators	English	United States	0.24807614418793034
RT_RCDATA	0x5dc814	0x677	ASCII text, with very long lines (1655), with no line terminators	English	United States	0.313595166163142
RT_RCDATA	0x5dce8c	0x4cd	HTML document, ASCII text, with very long lines (1229), with no line terminators	English	United States	0.49308380797396256
RT_RCDATA	0x5dd35c	0x1775	ASCII text, with very long lines (6005), with no line terminators	English	United States	0.24196502914238135
RT_RCDATA	0x5dead4	0xdcd	ASCII text, with very long lines (3533), with no line terminators	English	United States	0.3014435324087178
RT_RCDATA	0x5df8a4	0x17278	HTML document, Unicode text, UTF-8 text, with very long lines (32769)	English	United States	0.354924082665542
RT_RCDATA	0x5f6b1c	0xd0f	ASCII text, with very long lines (3142)	English	United States	0.4552796889021837
RT_RCDATA	0x5f782c	0x6ecc	ASCII text, with very long lines (28364), with no line terminators	English	United States	0.2744676350303201
RT_RCDATA	0x5fe6f8	0xc9c7	ASCII text, with very long lines (51655), with no line terminators	English	United States	0.24799148194753654
RT_RCDATA	0x60b0c0	0x1e82	ASCII text, with very long lines (7146), with CRLF line terminators	English	United States	0.3613316261203585
RT_RCDATA	0x60cf44	0xdb2	ASCII text, with CRLF line terminators	English	United States	0.32857957786651454
RT_RCDATA	0x60dcf8	0x1448	data			0.48112480739599384
RT_RCDATA	0x60f140	0x1f6304	data	English	United States	0.8600749969482422
RT_RCDATA	0x805444	0x33c2	empty	Dutch	Belgium	0
RT_RCDATA	0x808808	0x15f	empty			0
RT_GROUP_CURSOR	0x808968	0x14	empty	English	United States	0
RT_GROUP_CURSOR	0x80897c	0x14	empty	English	United States	0
RT_GROUP_CURSOR	0x808990	0x14	empty	English	United States	0
RT_GROUP_CURSOR	0x8089a4	0x14	empty	English	United States	0
RT_GROUP_CURSOR	0x8089b8	0x14	empty	English	United States	0
RT_GROUP_CURSOR	0x8089cc	0x14	empty	English	United States	0
RT_GROUP_CURSOR	0x8089e0	0x14	empty	English	United States	0
RT_GROUP_ICON	0x8089f4	0x84	empty			0
RT_VERSION	0x808a78	0x2e4	empty			0

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	CharNextW, LoadStringW
kernel32.dll	Sleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwindEx, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
kernel32.dll	GetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
user32.dll	SetClassLongPtrW, GetClassLongPtrW, SetWindowLongPtrW, GetWindowLongPtrW, CreateWindowExW, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCapture, SetActiveWindow, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsClipboardFormatAvailable, IsChild, InvalidateRect, InsertMenuItemW, InsertMenuW, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableW, CountClipboardFormats, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, AdjustWindowRectEx, ActivateKeyboardLayout
gdi32.dll	UnrealizeObject, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, ResizePalette, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetNearestPaletteIndex, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateEnhMetaFileW, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CloseEnhMetaFile, Chord, BitBlt, ArcTo, Arc, AngleArc, AbortDoc
version.dll	VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
kernel32.dll	WritePrivateProfileStringW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, UnmapViewOfFile, TryEnterCriticalSection, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryW, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, QueryDosDeviceW, IsDebuggerPresent, MulDiv, MapViewOfFile, LockResource, LocalFree, LoadResource, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalSize, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVolumeInformationW, GetVersionExW, GetVersion, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathW, GetTempFileNameW, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetPrivateProfileStringW, GetModuleHandleW, GetModuleFileNameW, GetLogicalDriveStringsW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesExW, GetFileAttributesW, GetExitCodeThread, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameW, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageW, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DeleteFileW, DeleteCriticalSection, CreateThread, CreateFileMappingW, CreateFileW, CreateEventW, CreateDirectoryW, CopyFileW, CompareStringA, CompareStringW, CloseHandle
advapi32.dll	RegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey
kernel32.dll	Sleep
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
oleaut32.dll	GetErrorInfo, GetActiveObject, SysFreeString
ole32.dll	CreateStreamOnHGlobal, OleRegEnumVerbs, IsAccelerator, OleDraw, OleSetMenuDescriptor, OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
comctl32.dll	InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
user32.dll	EnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow
msvcrt.dll	memset, memcpy
shell32.dll	Shell_NotifyIconW
shell32.dll	SHGetSpecialFolderPathW
winspool.drv	OpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter
winspool.drv	GetDefaultPrinterW
winmm.dll	timeGetTime

Exports

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x4985c0
__dbk_fcall_wrapper	2	0x416d30
dbkFCallWrapperAddr	1	0x8fcf58

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Dutch	Belgium

Network Behavior

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 27, 2024 08:53:00.116209984 CET	1.1.1.1	192.168.2.9	0x8509	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 08:53:00.116209984 CET	1.1.1.1	192.168.2.9	0x8509	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false

Statistics

⊘No statistics

System Behavior

⊘No system behavior

Disassembly

⊘No disassembly

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 60Zxcx88Uv.exe

Overview

General Information

Detection

Signatures

Classification

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Mitre Att&ck Matrix

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

DNS Answers

Statistics

System Behavior

Disassembly

Windows Analysis Report
60Zxcx88Uv.exe