Edit tour

Windows Analysis Report
Titan.exe

Overview

General Information

Sample name:	Titan.exe
Analysis ID:	1581526
MD5:	d615c92a9afcabe383cd651ab3cf90f2
SHA1:	1020eb83f5380092b71ddad40e44adda3634f255
SHA256:	feb67c5d1e5362132049270f7d8c9250573872cfda6ebf1817263f14af24d122
Infos:

Detection

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Machine Learning detection for sample

PE file contains section with special chars

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains long sleeps (>= 3 min)

Detected potential crypto function

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

Titan.exe (PID: 6256 cmdline: "C:\Users\user\Desktop\Titan.exe" MD5: D615C92A9AFCABE383CD651AB3CF90F2)

WerFault.exe (PID: 4464 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 2272 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Titan.exe	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2265779728.0000000003D31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
00000000.00000000.1671980484.0000000001572000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000000.1671980484.0000000000B72000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Titan.exe PID: 6256	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.Titan.exe.72f0000.7.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.Titan.exe.8810000.9.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.Titan.exe.4f92210.4.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Titan.exe	ReversingLabs: Detection: 15%
Source: Titan.exe	Virustotal: Detection: 37%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: Titan.exe

Joe Sandbox ML: detected

Source: Titan.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.168.136.235:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.136.235:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: Titan.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: Titan.exe
Source:	Binary string: Accessibility.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: costura.costura.pdb.compressed source: Titan.exe
Source:	Binary string: Siticone.Desktop.UI.pdb source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\stage\LibUsbDotNet\obj\Release\net45\LibUsbDotNet.LibUsbDotNet.pdbSHA256*/ source: Titan.exe, 00000000.00000002.2285194598.00000000063A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.plist-cil.pdb.compressed source: Titan.exe
Source:	Binary string: costura.easyhttp.pdb.compressed\|\|\|EasyHttp.pdb\|35D5D7694B3CD529E7A33C86F7A0077CB754F6D4\|210432 source: Titan.exe
Source:	Binary string: $^q0costura.libusbdotnet.libusbdotnet.pdb.compressed source: Titan.exe, 00000000.00000002.2265779728.0000000003D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Core.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: C:\development\SSH.NET\src\Renci.SshNet\obj\Release\net40\Renci.SshNet.pdb source: Titan.exe, 00000000.00000002.2275030999.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2289677511.0000000007510000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: $^q costura.plist-cil.pdb.compressed source: Titan.exe, 00000000.00000002.2265779728.0000000003D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdbL0 source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: costura.libusbdotnet.libusbdotnet.pdb.compressed source: Titan.exe
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\iproxy.pdb source: iproxy.exe0.0.dr
Source:	Binary string: Renci.SshNet.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\usbmuxd.pdb source: usbmuxd.dll0.0.dr
Source:	Binary string: Acostura.plist-cil.pdb.compressed source: Titan.exe
Source:	Binary string: C:\development\SSH.NET\src\Renci.SshNet\obj\Release\net40\Renci.SshNet.pdbSHA256i source: Titan.exe, 00000000.00000002.2275030999.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2289677511.0000000007510000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed\|\|\|Costura.pdb\|6C6000A5EAF8579850AB82A89BD6268776EB51AD\|2608 source: Titan.exe
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x64-windows-rel\svc-master-9db0095370\x64\Release\plist.pdb11 source: plist.dll.0.dr
Source:	Binary string: System.Net.Http.ni.pdbRSDS source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x64-windows-rel\svc-master-d74abb6db1\x64\Release\iproxy.pdb source: iproxy.exe.0.dr
Source:	Binary string: costura.libusbdotnet.libusbdotnet.pdb.compressed\|\|\|LibUsbDotNet.LibUsbDotNet.pdb\|C139CE00AA41A42EE15F6C85A9D7D2F7E0D7ADAC\|61852 source: Titan.exe
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x86-windows-rel\svc-master-9db0095370\Win32\Release\plist.pdb source: plist.dll0.0.dr
Source:	Binary string: LibUsbDotNet.LibUsbDotNet.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Titan.exe, 00000000.00000002.2324648698.000000000D37A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: costura.easyhttp.pdb.compressed source: Titan.exe
Source:	Binary string: System.Xml.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.ni.pdbRSDS source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x64-windows-rel\svc-master-d74abb6db1\x64\Release\usbmuxd.pdb source: usbmuxd.dll.0.dr
Source:	Binary string: n.pdb source: Titan.exe, 00000000.00000002.2324648698.000000000D37A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x64-windows-rel\svc-master-9db0095370\x64\Release\plist.pdb source: plist.dll.0.dr
Source:	Binary string: n0C:\Windows\mscorlib.pdb source: Titan.exe, 00000000.00000002.2324648698.000000000D37A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: easyhttp?costura.easyhttp.dll.compressed?costura.easyhttp.pdb.compressed%endianbitconverterScostura.endianbitconverter.dll.compressed source: Titan.exe
Source:	Binary string: jsonfx;costura.jsonfx.dll.compressed3libusbdotnet.libusbdotnetacostura.libusbdotnet.libusbdotnet.dll.compressedacostura.libusbdotnet.libusbdotnet.pdb.compressed+metroframework.designYcostura.metroframework.design.dll.compressed source: Titan.exe
Source:	Binary string: System.Configuration.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Net.Http.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.IO.Compression.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Configuration.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Xml.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x86-windows-rel\svc-master-9db0095370\Win32\Release\plist.pdb11 source: plist.dll0.0.dr
Source:	Binary string: System.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\stage\LibUsbDotNet\obj\Release\net45\LibUsbDotNet.LibUsbDotNet.pdb source: Titan.exe, 00000000.00000002.2285194598.00000000063A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: b.pdb4 source: Titan.exe, 00000000.00000002.2286709502.00000000070F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\iproxy.pdb source: iproxy.exe0.0.dr
Source:	Binary string: Siticone.Desktop.UI.pdbd source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Net.Http.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: costura.plist-cil.pdb.compressed\|\|\|plist-cil.pdb\|9210B7F64D141AD8650C0152B5D303D83CD782A2\|31424 source: Titan.exe
Source:	Binary string: System.Drawing.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: nC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Titan.exe, 00000000.00000002.2324648698.000000000D37A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: symbols\dll\mscorlib.pdbLb source: Titan.exe, 00000000.00000002.2324648698.000000000D37A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.IO.Compression.FileSystem.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: Siticone.Desktop.UI.pdb8@N@ @@_CorDllMainmscoree.dll source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: System.Xml.pdb\Tbq source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Net.Http.pdb#( source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Core.pdbh source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER6B2C.tmp.dmp.4.dr

Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_03C78F7C
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_03C78F58
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_03C798C5
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_03C79D74
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-24h]	0_2_07C90F28
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_07C90F28
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-24h]	0_2_07C90F2D
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_07C90F2D
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-20h]	0_2_07C90CD0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_07C90CD0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then push dword ptr [ebp-20h]	0_2_07C90CD5
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_07C90CD5
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 08534144h	0_2_08533F68
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 085344F5h	0_2_08533F68
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 08534EDAh	0_2_08533F68
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 08535192h	0_2_08533F68
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 08534144h	0_2_08533ED9
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then jmp 08534144h	0_2_08533EA8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-4Ch]	0_2_0856A858
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-4Ch]	0_2_0856A860
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_08E4DB70
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then lea edx, dword ptr [ebp-20h]	0_2_08E49928
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then lea edx, dword ptr [ebp-20h]	0_2_08E4991E
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_08E4DB64
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then lea eax, dword ptr [ebp-30h]	0_2_08E4DD98
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_08E491C0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_08E491B4
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_08E4F270
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_08E4D360
Source: C:\Users\user\Desktop\Titan.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_08E4F448

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 0.2.Titan.exe.72f0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Titan.exe.8810000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Titan.exe.4f92210.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic	HTTP traffic detected: GET /version_tool.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537Host: ic-titan.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /iphoneos HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36Host: ic-titan.netConnection: Keep-Alive

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /version_tool.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537Host: ic-titan.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /iphoneos HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36Host: ic-titan.netConnection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: ic-titan.net

Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Titan.exe, 00000000.00000002.2275030999.0000000004E19000.00000004.00000800.00020000.00000000.sdmp, iphoneos.0.dr	String found in binary or memory: http://certs.apple.com/wwdrg3.der01
Source: Titan.exe, 00000000.00000002.2275030999.0000000004E19000.00000004.00000800.00020000.00000000.sdmp, iphoneos.0.dr, plutil.0.dr	String found in binary or memory: http://crl.apple.com/root.crl0
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://gdata.youtube.com/feeds/api/videos/
Source: libusb-1.0.dll0.0.dr	String found in binary or memory: http://libusb.info
Source: Titan.exe, 00000000.00000002.2306805177.0000000008F10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.ad
Source: Titan.exe, 00000000.00000002.2306805177.0000000008F10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adbe.
Source: Titan.exe, 00000000.00000002.2275030999.0000000004E19000.00000004.00000800.00020000.00000000.sdmp, iphoneos.0.dr	String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootca0.
Source: plutil.0.dr	String found in binary or memory: http://ocsp.apple.com/ocsp03-wwdr110
Source: Titan.exe, 00000000.00000002.2275030999.0000000004E19000.00000004.00000800.00020000.00000000.sdmp, iphoneos.0.dr	String found in binary or memory: http://ocsp.apple.com/ocsp03-wwdrg3040
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, Titan.exe, 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.4.dr	String found in binary or memory: http://upx.sf.net
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://vimeo.com/api/v2/video/
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Titan.exe, 00000000.00000002.2275030999.0000000004E19000.00000004.00000800.00020000.00000000.sdmp, iphoneos.0.dr, plist.dll.0.dr, plutil.0.dr, ut.plist.0.dr, plist.dll0.0.dr	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: plutil.0.dr	String found in binary or memory: http://www.apple.com/certificateauthority/0
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: libusb-1.0.dll.0.dr, libusb-1.0.dll0.0.dr	String found in binary or memory: http://www.gnu.org/licenses/lgpl-2.1.htmlF
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Titan.exe, 00000000.00000002.2285194598.00000000063A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://www.mono-project.com/DllNotFoundException)
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Titan.exe, 00000000.00000002.2265779728.0000000004029000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2265779728.0000000003E4A000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: Titan.exe, 00000000.00000002.2265779728.0000000004029000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2265779728.0000000003E4A000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: Titan.exe	String found in binary or memory: https://dev.anthonyfessy.com/check.json
Source: Titan.exe	String found in binary or memory: https://dev.anthonyfessy.com/lottie.min.js
Source: Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gunaframework.com/api/licensing.php
Source: Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gunaui.com/
Source: Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gunaui.com/api/licensing.php
Source: Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gunaui.com/pricing
Source: Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ic-titan.net
Source: Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ic-titan.net/iphoneos
Source: Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ic-titan.net/version_tool.php
Source: Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: Titan.exe, 00000000.00000002.2265779728.0000000003D31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://payments.siticoneframework.com/api/licensing.php
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://payments.siticoneframework.com/api/licensing.php%Siticone
Source: Titan.exe, 00000000.00000002.2264223211.0000000001F50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/LibUsbDotNet/LibUsbDotNet/5dd91a2fda393cf11db2072f2b45c3aee2750388
Source: Titan.exe, 00000000.00000002.2289677511.0000000007510000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc4253#section-4.2
Source: Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: Titan.exe, 00000000.00000002.2275030999.0000000004E19000.00000004.00000800.00020000.00000000.sdmp, iphoneos.0.dr, plutil.0.dr	String found in binary or memory: https://www.apple.com/appleca/0
Source: Titan.exe, 00000000.00000002.2275030999.0000000004E19000.00000004.00000800.00020000.00000000.sdmp, iphoneos.0.dr	String found in binary or memory: https://www.apple.com/certificateauthority/0
Source: Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.siticoneframework.com/Mhttps://siticoneframework.com/pricing/Mhttps://siticoneframework.

Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 104.168.136.235:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.136.235:443 -> 192.168.2.4:49748 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: Titan.exe	Static PE information: section name: Wn(n~
Source: Titan.exe	Static PE information: section name: Wn(n~

Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03C78B01	0_2_03C78B01
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03C70941	0_2_03C70941
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03C70F8C	0_2_03C70F8C
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03C79348	0_2_03C79348
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03C7F621	0_2_03C7F621
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03C70870	0_2_03C70870
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03C79338	0_2_03C79338
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03C71FC8	0_2_03C71FC8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_03C71FB9	0_2_03C71FB9
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_07C91A1C	0_2_07C91A1C
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_07C94ABA	0_2_07C94ABA
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08532AD0	0_2_08532AD0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08532BC6	0_2_08532BC6
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08532D22	0_2_08532D22
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_085325B8	0_2_085325B8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08532E77	0_2_08532E77
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08533F68	0_2_08533F68
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_085319F9	0_2_085319F9
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08532AC0	0_2_08532AC0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08532B77	0_2_08532B77
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08532BFC	0_2_08532BFC
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08532B92	0_2_08532B92
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_085325A8	0_2_085325A8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08533ED9	0_2_08533ED9
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08533690	0_2_08533690
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08533680	0_2_08533680
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08533EA8	0_2_08533EA8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08530F70	0_2_08530F70
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0856E8B0	0_2_0856E8B0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_085680A8	0_2_085680A8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08567150	0_2_08567150
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08562C39	0_2_08562C39
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568568	0_2_08568568
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08563DF8	0_2_08563DF8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0856D788	0_2_0856D788
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0856E803	0_2_0856E803
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0856E827	0_2_0856E827
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08567140	0_2_08567140
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0856B24C	0_2_0856B24C
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568AB8	0_2_08568AB8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568AA8	0_2_08568AA8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568B45	0_2_08568B45
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568B69	0_2_08568B69
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0856F3D2	0_2_0856F3D2
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568BEA	0_2_08568BEA
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568BA9	0_2_08568BA9
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568C6F	0_2_08568C6F
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568558	0_2_08568558
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568D24	0_2_08568D24
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08563DE8	0_2_08563DE8
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0856F5BA	0_2_0856F5BA
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568E36	0_2_08568E36
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08568EB5	0_2_08568EB5
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0856DEA0	0_2_0856DEA0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0856F790	0_2_0856F790
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08E43224	0_2_08E43224
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08E43E10	0_2_08E43E10
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08E44288	0_2_08E44288
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08E43338	0_2_08E43338
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08ECDD97	0_2_08ECDD97
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08ECE1C0	0_2_08ECE1C0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08EC2278	0_2_08EC2278
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08EC2240	0_2_08EC2240
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08EFD5F0	0_2_08EFD5F0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08EFC5B0	0_2_08EFC5B0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08EFD180	0_2_08EFD180
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B00DB38	0_2_0B00DB38
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B009270	0_2_0B009270
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B006788	0_2_0B006788
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B002660	0_2_0B002660
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B00545E	0_2_0B00545E
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B00DB1F	0_2_0B00DB1F
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B009260	0_2_0B009260
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B007958	0_2_0B007958
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B00C800	0_2_0B00C800
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B006860	0_2_0B006860
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B00687C	0_2_0B00687C
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B00973F	0_2_0B00973F
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B00C7F1	0_2_0B00C7F1
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B002651	0_2_0B002651
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B00C43C	0_2_0B00C43C
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B009449	0_2_0B009449
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B00C470	0_2_0B00C470
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B00349F	0_2_0B00349F
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B0034B0	0_2_0B0034B0
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0B00D4E8	0_2_0B00D4E8

Source: C:\Users\user\Desktop\Titan.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 2272

Source: libusb-1.0.dll.0.dr	Static PE information: Number of sections : 12 > 10
Source: libusb-1.0.dll0.0.dr	Static PE information: Number of sections : 11 > 10

Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSiticone.Desktop.UI.dllH vs Titan.exe
Source: Titan.exe, 00000000.00000002.2264223211.0000000001EBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Titan.exe
Source: Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSiticone.Desktop.UI.dllH vs Titan.exe
Source: Titan.exe, 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameGuna.UI2.dllD vs Titan.exe
Source: Titan.exe, 00000000.00000002.2286445236.0000000007040000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameGuna.UI2.dllD vs Titan.exe
Source: Titan.exe, 00000000.00000002.2275030999.0000000004E20000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMetroFramework.dll@ vs Titan.exe
Source: Titan.exe, 00000000.00000002.2275030999.0000000004E20000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRenci.SshNet.dll0 vs Titan.exe
Source: Titan.exe, 00000000.00000002.2283035425.0000000005D30000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMetroFramework.dll@ vs Titan.exe
Source: Titan.exe, 00000000.00000002.2289677511.0000000007510000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameRenci.SshNet.dll0 vs Titan.exe
Source: Titan.exe, 00000000.00000002.2285194598.00000000063A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameLibUsbDotNet.LibUsbDotNet.dllT vs Titan.exe

Source: Titan.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: Titan.exe

Static PE information: Section: Wn(n~ ZLIB complexity 1.0003244500411184

Source: classification engine

Classification label: mal84.troj.spyw.evad.winEXE@2/29@1/1

Source: C:\Users\user\Desktop\Titan.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6256
Source: C:\Users\user\Desktop\Titan.exe	Mutant created: \Sessions\1\BaseNamedObjects\TitanMutex

Source: C:\Users\user\Desktop\Titan.exe

File created: C:\Users\user\AppData\Local\Temp\TitanTmp

Jump to behavior

Source: Titan.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.90%

Source: C:\Users\user\Desktop\Titan.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Titan.exe	ReversingLabs: Detection: 15%
Source: Titan.exe	Virustotal: Detection: 37%

Source: C:\Users\user\Desktop\Titan.exe

File read: C:\Users\user\Desktop\Titan.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Titan.exe "C:\Users\user\Desktop\Titan.exe"
Source: C:\Users\user\Desktop\Titan.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 2272

Source: C:\Users\user\Desktop\Titan.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: mobiledevice.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Titan.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Titan.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Titan.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Titan.exe

Static file information: File size 15447040 > 1048576

Source: Titan.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0xe21400

Source: Titan.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: Titan.exe
Source:	Binary string: Accessibility.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: costura.costura.pdb.compressed source: Titan.exe
Source:	Binary string: Siticone.Desktop.UI.pdb source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\stage\LibUsbDotNet\obj\Release\net45\LibUsbDotNet.LibUsbDotNet.pdbSHA256*/ source: Titan.exe, 00000000.00000002.2285194598.00000000063A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.plist-cil.pdb.compressed source: Titan.exe
Source:	Binary string: costura.easyhttp.pdb.compressed\|\|\|EasyHttp.pdb\|35D5D7694B3CD529E7A33C86F7A0077CB754F6D4\|210432 source: Titan.exe
Source:	Binary string: $^q0costura.libusbdotnet.libusbdotnet.pdb.compressed source: Titan.exe, 00000000.00000002.2265779728.0000000003D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Core.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: C:\development\SSH.NET\src\Renci.SshNet\obj\Release\net40\Renci.SshNet.pdb source: Titan.exe, 00000000.00000002.2275030999.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2289677511.0000000007510000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: $^q costura.plist-cil.pdb.compressed source: Titan.exe, 00000000.00000002.2265779728.0000000003D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdbL0 source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: costura.libusbdotnet.libusbdotnet.pdb.compressed source: Titan.exe
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\iproxy.pdb source: iproxy.exe0.0.dr
Source:	Binary string: Renci.SshNet.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\usbmuxd.pdb source: usbmuxd.dll0.0.dr
Source:	Binary string: Acostura.plist-cil.pdb.compressed source: Titan.exe
Source:	Binary string: C:\development\SSH.NET\src\Renci.SshNet\obj\Release\net40\Renci.SshNet.pdbSHA256i source: Titan.exe, 00000000.00000002.2275030999.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2289677511.0000000007510000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed\|\|\|Costura.pdb\|6C6000A5EAF8579850AB82A89BD6268776EB51AD\|2608 source: Titan.exe
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x64-windows-rel\svc-master-9db0095370\x64\Release\plist.pdb11 source: plist.dll.0.dr
Source:	Binary string: System.Net.Http.ni.pdbRSDS source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x64-windows-rel\svc-master-d74abb6db1\x64\Release\iproxy.pdb source: iproxy.exe.0.dr
Source:	Binary string: costura.libusbdotnet.libusbdotnet.pdb.compressed\|\|\|LibUsbDotNet.LibUsbDotNet.pdb\|C139CE00AA41A42EE15F6C85A9D7D2F7E0D7ADAC\|61852 source: Titan.exe
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x86-windows-rel\svc-master-9db0095370\Win32\Release\plist.pdb source: plist.dll0.0.dr
Source:	Binary string: LibUsbDotNet.LibUsbDotNet.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Titan.exe, 00000000.00000002.2324648698.000000000D37A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: costura.easyhttp.pdb.compressed source: Titan.exe
Source:	Binary string: System.Xml.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.ni.pdbRSDS source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x64-windows-rel\svc-master-d74abb6db1\x64\Release\usbmuxd.pdb source: usbmuxd.dll.0.dr
Source:	Binary string: n.pdb source: Titan.exe, 00000000.00000002.2324648698.000000000D37A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x64-windows-rel\svc-master-9db0095370\x64\Release\plist.pdb source: plist.dll.0.dr
Source:	Binary string: n0C:\Windows\mscorlib.pdb source: Titan.exe, 00000000.00000002.2324648698.000000000D37A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: easyhttp?costura.easyhttp.dll.compressed?costura.easyhttp.pdb.compressed%endianbitconverterScostura.endianbitconverter.dll.compressed source: Titan.exe
Source:	Binary string: jsonfx;costura.jsonfx.dll.compressed3libusbdotnet.libusbdotnetacostura.libusbdotnet.libusbdotnet.dll.compressedacostura.libusbdotnet.libusbdotnet.pdb.compressed+metroframework.designYcostura.metroframework.design.dll.compressed source: Titan.exe
Source:	Binary string: System.Configuration.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Net.Http.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.IO.Compression.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Configuration.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Xml.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libplist\x86-windows-rel\svc-master-9db0095370\Win32\Release\plist.pdb11 source: plist.dll0.0.dr
Source:	Binary string: System.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\stage\LibUsbDotNet\obj\Release\net45\LibUsbDotNet.LibUsbDotNet.pdb source: Titan.exe, 00000000.00000002.2285194598.00000000063A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: b.pdb4 source: Titan.exe, 00000000.00000002.2286709502.00000000070F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: D:\a\1\s\vcpkg\buildtrees\libusbmuxd\x86-windows-rel\svc-master-d74abb6db1\Win32\Release\iproxy.pdb source: iproxy.exe0.0.dr
Source:	Binary string: Siticone.Desktop.UI.pdbd source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Net.Http.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: costura.plist-cil.pdb.compressed\|\|\|plist-cil.pdb\|9210B7F64D141AD8650C0152B5D303D83CD782A2\|31424 source: Titan.exe
Source:	Binary string: System.Drawing.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: nC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Titan.exe, 00000000.00000002.2324648698.000000000D37A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: symbols\dll\mscorlib.pdbLb source: Titan.exe, 00000000.00000002.2324648698.000000000D37A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.IO.Compression.FileSystem.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: Siticone.Desktop.UI.pdb8@N@ @@_CorDllMainmscoree.dll source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: System.Xml.pdb\Tbq source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Net.Http.pdb#( source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Core.pdbh source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.ni.pdb source: WER6B2C.tmp.dmp.4.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER6B2C.tmp.dmp.4.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Titan.exe

Unpacked PE file: 0.2.Titan.exe.b70000.0.unpack Wn(n~:EW;Wn(n~:EW;.text:ER;.rsrc:R;inVRGFmg:ER;.reloc:R; vs Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:ER;Unknown_Section3:R;Unknown_Section4:ER;Unknown_Section5:R;

Yara detected Costura Assembly Loader

Source: Yara match	File source: Titan.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000002.2265779728.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1671980484.0000000001572000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1671980484.0000000000B72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Titan.exe PID: 6256, type: MEMORYSTR

Source: Titan.exe

Static PE information: 0xCD8A2C9F [Mon Apr 10 20:37:51 2079 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: inVRGFmg

Source: Titan.exe	Static PE information: section name: Wn(n~
Source: Titan.exe	Static PE information: section name: Wn(n~
Source: Titan.exe	Static PE information: section name: inVRGFmg
Source: libusb-1.0.dll.0.dr	Static PE information: section name: .xdata
Source: libusb-1.0.dll0.0.dr	Static PE information: section name: /4

Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0853C861 push es; ret	0_2_0853C870
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08536065 push FFFFFF8Bh; retf	0_2_08536067
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08533931 push cs; iretd	0_2_08533932
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0856E3CE pushfd ; retf	0_2_0856E3D1
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_0856D694 push edi; retf	0_2_0856D695
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08E4FAA8 push esp; ret	0_2_08E4FAA9
Source: C:\Users\user\Desktop\Titan.exe	Code function: 0_2_08E4A411 push es; retn 0004h	0_2_08E4A420

Source: Titan.exe

Static PE information: section name: Wn(n~ entropy: 7.999419325988196

Source: Titan.exe, CFString.cs	High entropy of concatenated method names: 'Dispose', 'Dispose', 'Equals', 'vRduYpwsPAmwdZLhHyCfpqsWWkNXKPASWZDdRFrHhEZAEgBnQoMkMMUFYGXncYiAAUZEWhQBGvykQrSqiaHVDQGKEyFKiDeIWZAkGxRjYKdQNjohohFBQMxjOPzXbFTCQpOrrhjlJYxsmpwVJXWAydrJcQWrxtHSrbzXUxqGxTssOFwYSeOEiSDnyFOaKsnPRfALpYAMhPDekzuXTyYTeDkYXMZPiPwEfcbjElitdCWSPYDzKrGMTUkOucndyldRTyzHXKSiPeqcgRJyJaEqJjkLsNocxFvrYEyQZvbzZXxpeIhdSoUXgnHkNnPKWqkKjyDbStZNzFRlmvhjfLJJkXLlwOClgRdinnFfEFKZPGYbVWySGfeKhbZMmSeErnhibjyzqBfaBkteykQaQkfAnTBMNtsmbFibZqzmYzcEAEIwhvNCBEoGIhvIhmlwIsywCSEIkdCQHaziKEeSfqkXQbTsvrElNfvIFMuPqFSXBXzhhMxdHSRSIbfbzMMsZQDcfrdxKPcaXMVtclKjtbeuOcAdhTQdsZykUWCqiASsqqvvGlyNBdyymIOCrAPrzyhxOkZFjUAtImEXhEXvUDcObzyLHzzikbssIxgVMtdhdFqzErUmcUXwWTWOlNykVSJgtLOjXCjbZulWJzHQeMFQEwWpbRjzutMKvJFsclOakwWbhAFmFiFIMtcxpZIGSjggiaaztOntyffIZuHbMwuMnDyChIDDcIHBPptGaGtquLKgNUXuRhtWpTsecXSlLjRqYeskBBAGDDSctSpMkImvOlLwwOeCnIeKuUIjbntQgnSlBQlKiFACxWbmSwnmWySvYHiZJFlxPWOaSZugdUUhHcNYsWQeAGtiVXMuiLAcUCnaHATsCGJBdlnwtKgnpGxIdgFvM', 'GetHashCode'
Source: Titan.exe, API.cs	High entropy of concatenated method names: 'CloseHandle', 'CreatePipe', 'CreateProcess', 'FreeLibrary', 'DfxgldpuOcjOAtjnRvbcfnpNubPKtApgZHhiBXBLVquKRONAqyYZPcdPpkmJOeBOnCpsLBltuQHotfwfNOUvbPRxeRsRlrwqpfXOZVppMffyUoWKoHwAKGmXlrOtIUHDTRzOIhFsYfjwkScpvicevwfjszciGvgrYbfDpICGBDbfWqnSPZyZrcHWlPVIFXlcyrYInZzngWdrVAMCMKThxGzvUIRamtAeRygfRfepZKtVzQBlDSwvDEfrscofHZAmVyZWThlgfdHnNewDGgWUxFaNTomoqziAJHzAqeRWhPQawseNgkZaCgpPXLDfuw', 'GetProcAddress', 'LoadLibrary', 'ReadFile'
Source: Titan.exe, CFBoolean.cs	High entropy of concatenated method names: 'GetModuleHandle', 'LoadLibrary', 'GetProcAddress', 'qfuHdGfvNbPAmhpARbJZIGaHydRjdebmckZkfoPYikWxLBtHaXucVUojFmJzovRjAdYCIFUcMlqXjcwwjKJGjzQHwpftfPkmSnxidrzUCRQkeQzcqMPdmLzAMRFSZbxwAEFwfOSsKoDSigcgqDDSzGzHowVMlgubUTjaLDwbuXTyHgSgoZcWYexuExIjtGHetcyOwCVmGbYcnAzHeoYMEYDpWpVNvNinQoFfiDklEpQwFVGDyAEEivZVYIsGhHrstkMyuTYaEnHPHHjAjROuIdFUPkHaKeDwxYC'
Source: Titan.exe, EnumHelper.cs	High entropy of concatenated method names: 'tsJxdlDuKrwBTvIduGryWBsxKVsXcVLXoBfCtkSMxZPipUnMxGKSaPwrzMmIsfSpfZNSPGjKneBwlKHphgaVLtwZEnChxJURHaCQHVwrXAewNAGpFwbMFwelcoNcDBMeKjoLHqiLkjyKPALEhNbAhHMLwRoTHUnVnAleLvhONPcVyTWbcJvpaLwCXdOqCPEPvcWPPhsmgNmSfqNcuMqyZyvbDiGigqMyLMZVwHMuQIINZeXgPmvqZFqxguLgaKFpAoGTRrgnzvhQpiCZKaSuvVZFVcpBvfUGCSMkXEPYFHqdYaHysmWAsLufPAxoCesTbbNXWSBGLuonewhuVrJJJTNrYgVWGaVbPWBwNkbZkPoxXGATTDSLViKINWypxfAkYMXHukhlPkZueQTRgCD', 'DIKGhMtjrllcFOEZKisYiVgvlJPdxChIvbxbOGqvBBqAdHUfaqJiodVhbOVXwQloEdhdRcKDswXgfgSdpkDGtyURFQAAlTylPBvAaqOxfFqrGpBuwriMMfvFIPYBcKSYymQelRDyWGbnHcLQOFDtkmYkFpsKSMUUmRtUYXJeojqGEHxfEHnWGYoMNfYvZsgJlGAqjrrqwZEBwRgyrMGKZyONdgGszOFwCgVxGHvNQwahUmQwzaDMmWjnsmMCkyqiTIyPwirkQsucXgtqQKtZKsJgxiFTuscRGsOMoAzQiTwtcGPLtWmaERXaySRNcXpXQcWfShCQKdqrwQEqTuaYGBMoUnOVjlnLdYdzjjtLTWQbagehNauiwRQOQiLeTggYpfNYnEHjAOEklkOoJgHIrFOMHOjBYPsmprmvTGuJTLiiMfdfTXUmZYhjQBQYVFKlVSvtxTVDlyofXgAbkDhBuFNQJCeRpVnOAwMtkkhABRBajCMkAooRXJqPFejvpDNPLafaTGrAWhzcEmgHqtRBhVqrGwoFAmLyDlPJWmQuxovqJNLSybEvlMipjnUXRlAkWAZSXXkDdWEtaAhskVHYhPMrDaZiStdLnLTJotvaqBSPIoOjGbmvebCGnhOxyClkttFPgYDraghgxxjPLqcqGhgMINVGeycoPiWPjzCiYuVxuWJqyzlHZudLMtGTDwNcEsQOaUgLnuSLMiSmEeIfMUPVEKCpsiebhttBGuPeTaUfcSzdaUPYohPjdvKQRqSEPqdTpQgJPdMmAksmLZPYTGnzdJYLkyNcHPPmognJoFI', 'KVditCXFsbulICdpgsVZQQjelUGxelFkNxdeAaeIMtUBNdGjKqHRTgstmyxYvZaGVKXKZzpFOMMWvhRHNWnodoQgFjrBdGMnTOfCFwKLACCGUVyFhqLZmlchtrFpIocIzZDhBOBRMbnblKMjllTnunAhlyJOqVCMZuHvRQESotNKyAwjfVEWUpNLZWvDEmaqZbCqDRRUhByAapjkBajURfrkhvVvUANBSWlWyGgNDjoTqMljnLBeDGZtjSIHvWzgnxhEEMlvuVQhrYtVKmHJzjyMwsngxYShkIgtegfbZGjhpsCKYnxIOqhDyVILZFxWDjxiszqdGgjszQXDpcHKaJStacvJYTBUJNeGuTSZwUChGpDiyEWxymvtQDIQEhEnfPimmRJWKhOGHlnlYNLUxEWWSkprLBVOPOCrGRvgvzmQYomfQWrrWkpatMTBbRKIMzrsivfHReZxRFxdyKapKdreZcxtytFdpeDZxtwUqkZsLsInOpDRqVxiINTGxlIXYvInBYgENGyZDySgTKfIqomTgVRkaqWEbCTQkVlpJzDkWYeJummnGAhkIoGgHwdXjuyBfCwyYpyqkBwIqHpoDjxaUjHvOFhMVgBcZcdrpoPQBqzGryqzGpTAw', 'XhwvBjSIlVEAUiNdyyPThZdjAEQPhGgMBgCvhwoEwIPVvGXPcVIqDgOyDMuxTDaforzngRwBKLWYJInugBmLypJURDsVCrktikgDGjiLZGgsKqovYAQSROhzifWcZazTadqZbknxSbmrJQKbPxwCbSbTDhVbNFlyHNSgzPToNSzpcppRUuNcewrHBXVuOLkNpnjwydczdHoITmrNrDGSsJUKVKectYZBilzpGtTrSNyWIjnPgIDKERVgSYbnzAFEhnZhmBHxkPAeLxClXOvlVPwQQTWhSfrRItoUJFdeBFZpQqVUVpQkEUjSqJRSfZfFYiWRJibSlRkQpHzayBMcPHNnKVeAoKzbZURiUDLnNyznkSdiJrUdMCpQViHnEbdaRIqUqRFuqZORHZDrrvrxqWPXeAMmwYjmUYVbcJrrlZnnnYJvePvIkgkvtTpqFSyRpcxjEbPiDzLQibjGqQIgcaCnnZiJTBmTbVxLbZrCANFkVTMSjjzoKRpPaJwetGOCMrpNdYeRZFgPVRRTNQZjByJJgikRdMJtyCXdezoLFiOEkauIrcRcgfAOighunNoMwnQSuopNcOeTjEYFocZAvgMTCJvyStXstCIxJcODnDASAheeHbGKnnQPawQktrviqmZhvbwLOWNsguTUeQqrmMEFltXMLdKwHScNHxigfvwRaYigdvGcAEvdhUwCDjzkL'

Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\plist.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\iproxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\iproxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\plist.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\usbmuxd.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\libusb-1.0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\iproxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\libusb-1.0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\plist.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\usbmuxd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\usbmuxd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\iproxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\plist.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	File created: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\usbmuxd.dll (copy)	Jump to dropped file

Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: 3C70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: 3D30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: 5D30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: 76C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: 86C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: C280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Memory allocated: 78F0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe	Window / User API: threadDelayed 3059			Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Window / User API: threadDelayed 2724			Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\plist.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\iproxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\iproxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\plist.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\usbmuxd.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\libusb-1.0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\libusb-1.0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\iproxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\plist.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\usbmuxd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\usbmuxd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x86\iproxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\plist.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\x64\usbmuxd.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Titan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\libusb-1.0.dll	Jump to dropped file

Source: C:\Users\user\Desktop\Titan.exe TID: 1460

Thread sleep time: -11990383647911201s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: Amcache.hve.4.dr	Binary or memory string: VMware
Source: Titan.exe	Binary or memory string: nOItTLmkwPwLlDfzTnjOiAeCjAankWeNRWbpYwTupVJAJpoVtcSNzAInjFKSlyAaliuObpaXUoYMqetuLEtHEQOROnGSlAIqViOauatEButKbvwEMPHgFsWUTdznjIlTghrHPTzkKpGJXEpSrBGWtbldMuGRbGVtJaeuEoptPWWPmMxPogwhBPZEvOvVMiJETMAwZvOCMNGXFWqzwqduJnrtAayptTggMRvZMAqsSuVoICyZXvZVFPugUGwzwYIsgZLoaRnvAkbPSCkxbYSyuKbwWPEFDqvtmcIjrKzGHdVVoeOSWzYYGJyVyPRKMhrJohdpuBGRYLqQpGHrBmjESXncemlbtoualLgGBYXUsHzuThgrHZJZxmrRuBLIQeXjRPfdZBqcOOMLXsJwFtUTfUcyUPMANPENjQdDCDSGihKiaftBsOCWJEEwngJJoqOzKycHOFuCaOlyKuYoVKIzMhEeLhQVtIRsSKYcDmnmTAwvSGmsIVodiPncuxvhpYJRxsfzVwkiXVfLlILFvXNYUnKDXwhGrGxureyabmXMkFGMjbrllqlSLkxJibbZOerRYlUGKldIzBnPhxUvEwUAUejGgorzLxxFNooyGkbzMdSKxickHfURKrxtBOaVtexCDhBsJWoUVUnqMZIyMGsfdgvVruwsKFFigQGPgjbkqAwpDGgcFbImmRYXlfBOZwKPPFKwStRdfHodjGRkNTnixSwOrjeAiMLuphayvkKMKfHedvnfOQAGJbRwIwFiOQuSwtnBgTodJbYRLRkvvzmSLElOPepzebxtloikImyubXwiDAkrLJnPdcHrIZmCdpyidegWjAnJAsqoIDKPtynVnhQIhqbizwRmYOEYTNILVdPllSjEOXIfBduwOXpsYEJEaEQtymvfqczJSeWOHXUcnmkvUIJvYPmRUKKhCpFb
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.4.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Titan.exe	Binary or memory string: ftJEdKMKdMKrhbTOMfRrjwCCVQDMmBzyNNXXdkIGsaktBeILnUdDvSjirGiMGzYbNLeUEvlcXKzJMIAqIrZRYwCudofXBvzsBIgqAnHrjBgkTaWjFsDPaGDRIjqPQNabLGHDbKqVjhhXQSaCRwSJrkRvFPhQxrbWaEZNTTHuBiftYfBqJnyUvRjboLyMdZXsGLwLtMjyoXHJFYWZOrHJtHaJVyZHVvQbKmmMjpxwEzfYJaVPpYxmSOyzlnpvnbdsGgySmJqYuKEtbCAvcJSwyeJwnnbwABIcWnRdcDdfiZsHJFYjnuSdJhubWBeziuYsCcXnkWSYgnNYmBmiPrIFieTpspGaZdwoAAFhikyQbuxWTVpUOvkqlTJXJivvQsyCqZYmwFAessdohxVXzlLdtFChqhYApDzjvuftxDXJvFyspUpMMXvegVIlWqvOhAppsusnScawNCioHKrWrMnRIVCaltWGIJbuPJAvcCtjxyQemUdMzZXVMYgXsSBYFUoEaoZyKwupSEUKEXoRPKGjmGhqccDJBVecKLDxufCCehDIDVSUdjIvNFSTGiVhtknwZrztTqXkIEEEDZnGKifRMjPFskrLJUIutGiMWYAnMYmIAOQhvOWK
Source: Amcache.hve.4.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Titan.exe	Binary or memory string: VVybtsitSHxIBsZabQstPHELTSdEhCpwfqIwnAxTalWenAUHwCejsUCORmIbPdLPRBdKjdnbSYSdkaXSyWHfYGDKoueArWEwaHMmXKXTPDQUBYeqPqcsVgrLxSVpynjvUWDcNlunyoPVpjIPPokBtLatQApFoiUcTUzfVBcdvpthQWWNJGZKChBIvJMNwpyPUnBUkduOLGGEStduebviJJZlSqkLoPhGqdMcUBdgLKzvbxqBgSjUtQGKOPBtsjZvZzOogBZcxPWyKeKVAieVgMNaXCOEAknclDWbjCVftHXetHzjFgsKEDPMmnQemUbNbuNHIimxNzcZpjgPCezTrdXhoJpvlqsYfJDyusbXuuwEaqXDHAbIVHWxWgSysqLWHEtfghVKCbZwhSGylmokPkCXnFcOZceDjaxWwrXZfRFuiZQDaUNGBaHXCWsaFGkawWNHVkCuOPFyeIpOpYoFPYBISaTZzwTZgfxLLJipSSrmVJsuhekhSfKYUFovQcuSwgRzKdCgqymwgPmJhZsVMlGBUYrGVmZpYZqpssjEbErUsNrFTeNrkZFKZPellvLDYxYHZwRppntHtmJHhmnqYiEyTfQcNySfsovuokgWMYCwfyRnFXEzIUeqsZnugobrVNOFqOSxFQeAgITVNcWptSXYJFCOwmqXwKbRjLxrEHtsqdKkGSgDRlxCqqvlMEATZGDVhBmCfflmYeiguRIdFnFLNYasPMeAGZTkapDEgeYlALdLIPquvXOmAsHIbtmSBkfzLxGFODxbPTKCuPkAWjEjLhjhhudmrFkPfeAKJkfrZmXgiEOLJlwRgwneOYYTaLjJjuXPOaqlEMKZKCzcgRdGITjirVvkMMROCNxnhyxjvKNTmNU
Source: Amcache.hve.4.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Titan.exe, 00000000.00000002.2296512499.0000000008049000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.4.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Titan.exe	Binary or memory string: ZUOprLkmDNcnvOPOOgXnbBeXOKDUuvRbHeWYHKJEleKFhVTlbmPiMdEXprbhHQrIwBfQrrHDXTBxrZqsrStIfiOeaziQicwVmCIfqCtjfLLtbGgQBjqpWjcNmBqrIqUvWgLoQKCoYJdTXUCTSSPzlGyDZvsoMCborQWvvrzqhBRNFIpSyWZqbVJPhHOURNbWiocHyHYaSYRjplxRFaqqckNVGHNncfZUaveQgiUqyyXDDZawKxOqXktxbHAqtkynyxJuGglWGzseNKRhhRdfQjxpBgoYidxNAkEFPfpdMsjXsOkRpSJcHSXOATsarModCfecFMRBczSYAZxmvXjQTUFhNpF
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.4.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Titan.exe	Binary or memory string: HWlQkAVYrwsRXDbNvRmlONzdXLxczuXXsjcsLEElOyoHZABYBAOzVsJuWItYCsYwZVZnbiCrMBWQYrDWKZayfXBAahVCKgiVZrhDbNwTyXmUWsVeEWOcSZQBUZNtMzggSArhKAvwdHAHkgehMqyoRGDzafiCADGyrGCVBoUEbSzKZIRnufhVBsPLwrGeRsvZBBQeeIgXVtMzGsaROuHVVkxzrqYJiqmiWZJXsmJmyJzHfPEERoPWlaEQEQnnjXofGdchjCZblVWLkpUblUrubQxwVtTczWCbUUBBnXVPPnlQEsfPwMBPfuDqggLpiwcOSuqQnSoOzcfnfgrdOEgmUnwaQKVGLfgSLWyJBPbeYnQDPQLAoibeQptfyQzdwhCTvMcIiicycBOhWsKAzVRdDCBVcSKkPyhqkwICoCRGFcCObLIFGzdbPYQtLGfPXrjeUXxakHLwDLXaAmuQKFeQUFaLgPrhWBiOtXuDOhVynhXEBptYMOFSNTK
Source: Amcache.hve.4.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Titan.exe	Binary or memory string: rsTNjcJYWRIzdNCSiHllCSytKPIgbrXRsXKUIYKyJCHGniWBspufbqgYuaDTUcwftqHGChKJxnbzLrFbtGomxsqCqmahVqdhFcMwbQzKflhoOgNCUbaOoKiBAEPQHcoHJuujfJAcHdHLKBnKZXMtPPsvtLwWAiDCxaeUmdXLbxHLCWqyRFrjQuruBypTMdcYZEOkXSXvAARRIhsXUyFurUlCijTonDzyVilyHGayiviQdZmTFRzNXhgFSMBnzjHwASwZwuPNYHMvlVYJxziVElanBgfvFmyzomPKdMXKClpQVlTwnrpAAlsPsJXQPUIlINHzGOflbYTTwJRQMiINwxyCuASToHvicEIIeUqZMEZcSYSirHDgLuoKOEFGvLwTclqrBImrsiBsYWkVhjchDPWhPxuZPjdAHFAgibhjVLndtwmsUjZMjPQMOIcDOMcIFBkTWDnGCtLsbtoTLCFfKRQspnRZzdUIieXsMSVQwTJqDYkVUIrMHxyokrdilOHZYDJwVvHsgojrHZoRCwEqlHBlgjHUpmeiLkSAOnAYBzfSOGgKDMgpJQnQBXQlonDtKAfXHnCOvgpmciXZDwQcGpYvwBzrXOkNvmINbJDPJStdbBoSAqhrWanUckaGoKqhvbqpaJyutBSnwvUvMgrghsqUynlriwazbMhzKysqsnxVHzYgQetITKzDkVrmYHLwaTMjOUlNoAotuVMyPEaECSfRMdOoHFSlbAvomoSvtfTTWGIPJsXTgHuHovXkGwGihCStZYLamfKWyLv
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\Titan.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\Desktop\Titan.exe

Code function: 0_2_03C79F78 CheckRemoteDebuggerPresent,

0_2_03C79F78

Source: C:\Users\user\Desktop\Titan.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: Titan.exe, 00000000.00000002.2275030999.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2283035425.0000000005D30000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2275030999.0000000004E20000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2283035425.0000000005D30000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWndGMetroFramework.Properties.ResourcesfJ

Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Users\user\Desktop\Titan.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Titan.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Titan.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.4.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Titan.exe

File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	2 Process Injection	1 Disable or Modify Tools	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Data from Local System	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Process Injection	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	12 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
Titan.exe	16%	ReversingLabs
Titan.exe	38%	Virustotal	Browse
Titan.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\TitanTmp\ref\iphoneos	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\ref\plutil (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\plutil	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\iproxy.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\libusb-1.0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\plist.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\usbmuxd.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\iproxy.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\libusb-1.0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\plist.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\usbmuxd.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x64\iproxy.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x64\libusb-1.0.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x64\plist.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x64\usbmuxd.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x86\iproxy.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x86\libusb-1.0.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x86\plist.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\TitanTmp\x86\usbmuxd.dll (copy)	0%	ReversingLabs

Source	Detection	Scanner	Label
https://www.siticoneframework.com/Mhttps://siticoneframework.com/pricing/Mhttps://siticoneframework.	0%	Avira URL Cloud	safe
https://dev.anthonyfessy.com/check.json	0%	Avira URL Cloud	safe
https://ic-titan.net/version_tool.php	0%	Avira URL Cloud	safe
https://payments.siticoneframework.com/api/licensing.php%Siticone	0%	Avira URL Cloud	safe
https://ic-titan.net	0%	Avira URL Cloud	safe
https://ic-titan.net/iphoneos	0%	Avira URL Cloud	safe
http://ns.adbe.	0%	Avira URL Cloud	safe
http://www.mono-project.com/DllNotFoundException)	0%	Avira URL Cloud	safe
http://ns.ad	0%	Avira URL Cloud	safe
https://dev.anthonyfessy.com/lottie.min.js	0%	Avira URL Cloud	safe
https://gunaui.com/api/licensing.php	0%	Avira URL Cloud	safe
https://payments.siticoneframework.com/api/licensing.php	0%	Avira URL Cloud	safe
https://gunaui.com/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ic-titan.net	104.168.136.235	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ic-titan.net/version_tool.php	false	Avira URL Cloud: safe	unknown
https://ic-titan.net/iphoneos	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.com/designersG	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers?	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	Titan.exe, 00000000.00000002.2265779728.0000000004029000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2265779728.0000000003E4A000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.tiro.com	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
https://raw.githubusercontent.com/LibUsbDotNet/LibUsbDotNet/5dd91a2fda393cf11db2072f2b45c3aee2750388	Titan.exe, 00000000.00000002.2264223211.0000000001F50000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sajatypeworks.com	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.typography.netD	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/staff/dennis.htm	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dev.anthonyfessy.com/check.json	Titan.exe	false	Avira URL Cloud: safe	unknown
https://tools.ietf.org/html/rfc4253#section-4.2	Titan.exe, 00000000.00000002.2289677511.0000000007510000.00000004.08000000.00040000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dev.anthonyfessy.com/lottie.min.js	Titan.exe	false	Avira URL Cloud: safe	unknown
https://www.siticoneframework.com/Mhttps://siticoneframework.com/pricing/Mhttps://siticoneframework.	Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fonts.com	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.mono-project.com/DllNotFoundException)	Titan.exe, 00000000.00000002.2285194598.00000000063A0000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sandoll.co.kr	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.urwpp.deDPlease	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zhongyicts.com.cn	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ns.adbe.	Titan.exe, 00000000.00000002.2306805177.0000000008F10000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sakkal.com	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gunaui.com/pricing	Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://vimeo.com/api/v2/video/	Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	Titan.exe, 00000000.00000002.2265779728.0000000004029000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2265779728.0000000003E4A000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://gdata.youtube.com/feeds/api/videos/	Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp	false		high
http://upx.sf.net	Amcache.hve.4.dr	false		high
https://payments.siticoneframework.com/api/licensing.php%Siticone	Titan.exe, 00000000.00000002.2275030999.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, Titan.exe, 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ns.ad	Titan.exe, 00000000.00000002.2306805177.0000000008F10000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.gnu.org/licenses/lgpl-2.1.htmlF	libusb-1.0.dll.0.dr, libusb-1.0.dll0.0.dr	false		high
http://libusb.info	libusb-1.0.dll0.0.dr	false		high
http://www.carterandcone.coml	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/cabarga.htmlN	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ic-titan.net	Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gunaframework.com/api/licensing.php	Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	Titan.exe, 00000000.00000002.2265779728.000000000425E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://payments.siticoneframework.com/api/licensing.php	Titan.exe, 00000000.00000002.2265779728.0000000003D31000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers8	Titan.exe, 00000000.00000002.2307970266.000000000A022000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gunaui.com/api/licensing.php	Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://gunaui.com/	Titan.exe, 00000000.00000002.2265779728.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.168.136.235	ic-titan.net	United States		54290	HOSTWINDSUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581526
Start date and time:	2024-12-28 01:51:16 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Titan.exe
Detection:	MAL
Classification:	mal84.troj.spyw.evad.winEXE@2/29@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 343 Number of non-executed functions: 53
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.22, 184.30.17.174, 40.126.53.8, 20.109.210.53, 13.107.246.63
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HOSTWINDSUS	Support.Client.exe	Get hash	malicious	ScreenConnect Tool	Browse	104.168.134.232
	arm5.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	192.236.219.113
	lFxGd66yDa.exe	Get hash	malicious	NetSupport RAT	Browse	23.254.224.41
	Jjv9ha2GKn.exe	Get hash	malicious	NetSupport RAT, DarkTortilla	Browse	23.254.224.41
	5q1Wm5VlqL.exe	Get hash	malicious	NetSupport RAT	Browse	23.254.224.41
	xd.mpsl.elf	Get hash	malicious	Mirai	Browse	142.11.240.128
	loligang.arm.elf	Get hash	malicious	Mirai	Browse	192.119.104.64
	loligang.ppc.elf	Get hash	malicious	Mirai	Browse	142.11.240.155
	ppc.elf	Get hash	malicious	Mirai	Browse	23.254.189.226

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	SharcHack.exe	Get hash	malicious	Ades Stealer, BlackGuard, NitroStealer, VEGA Stealer	Browse	104.168.136.235
	iviewers.dll	Get hash	malicious	LummaC	Browse	104.168.136.235
	Flasher.exe	Get hash	malicious	Luca Stealer, Rusty Stealer	Browse	104.168.136.235
	738KZNfnzz.exe	Get hash	malicious	LummaC	Browse	104.168.136.235
	TCKxnQ5CPn.exe	Get hash	malicious	Unknown	Browse	104.168.136.235
	OiMp3TH.exe	Get hash	malicious	LummaC	Browse	104.168.136.235
	n5Szx8qsFB.lnk	Get hash	malicious	Unknown	Browse	104.168.136.235
	A4FY1OA97K.lnk	Get hash	malicious	DanaBot	Browse	104.168.136.235
	vreFmptfUu.lnk	Get hash	malicious	DanaBot	Browse	104.168.136.235

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Titan.exe_8cb473512a7e91fa42a4426884a73d12e15a229_bfbfc816_de6b77fe-1066-466c-878f-452d294bd539\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.3866301791692734
Encrypted:	false
SSDEEP:	192:Vk2TiCae2Z0BU/aauw25gm8Zr5nnv6zuiFwZ24IO8BH:u2Naf6BU/aaogDv6zuiFwY4IO8R
MD5:	C1E22109653A5BF095C93B0C81AFCBB4
SHA1:	68FE33AEAA3A0EE7B8691FF25DBB360AA3B47690
SHA-256:	4ABBC7387D2276CB78258D09FC0F04C39D4ACAA9DA5F0282F719B1F05DA09093
SHA-512:	92596B43DD8284E6BFDF7AA4E471399441502FE55DDAFC9B41AC68C25B344DD22AFA71790A5F32C896F365E5DB4CE179386F5175127715085ECE18D37BC566FB
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.8.2.0.7.3.1.1.5.7.4.6.1.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.8.2.0.7.3.1.8.9.1.8.3.7.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.e.6.b.7.7.f.e.-.1.0.6.6.-.4.6.6.c.-.8.7.8.f.-.4.5.2.d.2.9.4.b.d.5.3.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.6.7.d.a.8.a.3.-.2.e.5.6.-.4.e.4.9.-.a.2.3.6.-.5.d.3.b.5.a.7.d.e.a.7.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.T.i.t.a.n...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.T.i.t.a.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.7.0.-.0.0.0.1.-.0.0.1.4.-.e.1.c.c.-.1.7.b.8.c.2.5.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.4.3.4.2.7.7.6.5.f.7.3.3.0.8.9.c.9.3.f.d.3.9.6.8.8.9.0.5.e.d.3.0.0.0.0.0.0.0.0.!.0.0.0.0.1.0.2.0.e.b.8.3.f.5.3.8.0.0.9.2.b.7.1.d.d.a.d.4.0.e.4.4.a.d.d.a.3.6.3.4.f.2.5.5.!.T.i.t.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6B2C.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Sat Dec 28 00:52:11 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	499970
Entropy (8bit):	3.9823926950131385
Encrypted:	false
SSDEEP:	3072:DuRcaCbN+Wdv84I4uEq0d0U4OrXLTgqkyhOpAXF2yfUs+1lvqoOuBJ:DuRvC0gvlI4N0U4gTgqkyspA1MPOu
MD5:	F0944CC6D8584232D0D379BFAB36E135
SHA1:	B642E2ACA0B5C25829AEC95F3CD658166D06AD86
SHA-256:	C8AD478A54ED2CA195E08E1DC02E70FC323F999AF575605B003EA71702E67EC9
SHA-512:	485988221F82B2701C26240C2BE07389EC372812E1D579F76B999A5CBAAD24559CBF8FD80B85ECF52DE4E4CD2FDE3DE5822E5B474D16CD4D60ED04689873E01E
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ........Kog.........................+..........<....6.......N..n...........`.......8...........T............Y..jG..........P6..........<8..............................................................................eJ.......8......GenuineIntel............T.......p....Kog.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D6F.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8356
Entropy (8bit):	3.6896162996547996
Encrypted:	false
SSDEEP:	192:R6l7wVeJQQ6gH2U06Y9+SU9OCgmfZQkiprr89bYTdZsfdpom:R6lXJ36gH2n6YUSU9OCgmfOkrYTdyfdD
MD5:	AD54B4609401037BF47B346A50AE3055
SHA1:	2C482CB5ED62D1256112FC46CAA900249811DB40
SHA-256:	1CDFFFD1E4E2BCE41E7B16A1DFEB6404C8E8EF2EA0B0BF0E12EDFAA3E69DC95E
SHA-512:	07FEAF5F400EFE55953BD76AA99BB8EFCC6899686940FC777856A98B2114A21A55C33007F4DEA306E2EC992983D283F7ECED6863F60B09B5C2C1EFD6D28DDACF
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.5.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D8F.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4693
Entropy (8bit):	4.426623087263579
Encrypted:	false
SSDEEP:	48:cvIwWl8zsLJg77aI9qNWpW8VY3Ym8M4Jl3gbF2Ak+q8vN3gWXAZE2d:uIjflI7A87VjJrFK1XAZNd
MD5:	3D87DB87F04DDFF14771B32B0ED57F24
SHA1:	4DA635727E94ADD55A85862F73778E51C071F44D
SHA-256:	F424C00F2575470285D9F48B14E2536B8049F3C08B3CA75BAB82EE2D736A79EB
SHA-512:	35B9E275B620C368DDD01C26CB1DE266E554A88069819E5A076F6EA78BF7F4AFDB1D657BEA5249DC3AD5E30CD77B9773A4FC1D5F949C5A209E065B5E192A6E47
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="650394" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\iphoneos

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	Mach-O 64-bit arm64 executable, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL\|PIE>
Category:	modified
Size (bytes):	175440
Entropy (8bit):	2.574145408302095
Encrypted:	false
SSDEEP:	768:nbJN0wGaqsBlhEd0k+n5qsugVAHTVrQba86U:/wazk+n5qsugVW5Qba2
MD5:	4EF17F84A359E9E6233144B5FF155906
SHA1:	012FEA5C03A2C0EBF4751A88BB738E4E28ABB547
SHA-256:	A691A729C651E641377636111729CD7B652DBEF4461E9E834D65FBF2A35AC765
SHA-512:	2E8E1B3409402F59CF2AA7389015A021EE9CAD1CDD0CA4A931C07485A465FAA4EC75416497F98E42FE98634B7450119286838014C53D0C283346CD3A4671BBB9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	....................x..... .........H...__PAGEZERO..........................................................x...__TEXT..........................................................__text..........__TEXT...........y......\........y..............................__stubs.........__TEXT..........t.......,.......t...............................__objc_stubs....__TEXT..........................................................__gcc_except_tab__TEXT..........`...............`...............................__cstring.......__TEXT..........8........!......8...............................__objc_methname.__TEXT........................................................__unwind_info...__TEXT..........x.......\|.......x.......................................__DATA_CONST.............@...............@......................__got...........__DATA_CONST....................................................__const.........__DATA_CONST....................................................__cfstring......__DATA_CONST....

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\libirecovery-1.0.3.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	1100
Entropy (8bit):	5.811993948162244
Encrypted:	false
SSDEEP:	24:g+OmvWzY55ftFjHiUfyRUi+lmqXsnx46VFIcsE7iI4My/SU:gDBz857XaRUi5IVI7CL
MD5:	1EBD827269728E15CAEA34A2BCE762EA
SHA1:	F7CE3B5B68A5DD251420A2EAF546828DE689BA4C
SHA-256:	C43157470B15963125473A5F2A3F17972332320A7912EBF6C0664EB732E4B8AD
SHA-512:	55E5F34D29DFA3BC32AF5136A960FD4423B44E2FCEFA425DE3E37FED396D70ECB32652C5A50E34BD447959974A585886856F64A991AE8DA33599D35D8F424CB2
Malicious:	false
Reputation:	low
Preview:	bplist00.. ............................... !"""%"'")"+""."2"4"6%:%'"=""""""\SetupVersion_..UserChoseLanguage_..PBDiagnostics4Presented_..PrivacyPresented_..WebKitAcceleratedDrawingEnabled_..PaymentMiniBuddy4Ran_.+WebKitLocalStorageDatabasePathPreferenceKey^Mesa2PresentedVLocale_.!PhoneNumberPermissionPresentedKey_..setupMigratorVersion_..HSA2UpgradeMiniBuddy3Ran_..SetupFinishedAllSteps_..lastPrepareLaunchSentinel_..AppleIDPB10Presented_..PrivacyContentVersion_..UserInterfaceStyleModePresentedXLanguage_..HomeButtonCustomizePresentedYchronicle_..AnimateLanugageChoice]SetupLastExit_..MagnifyPresented_..WebDatabaseDirectory_.'WebKitOfflineWebApplicationCacheEnabledZSetupState_..AutoUpdatePresented]RestoreChoice_..ScreenTimePresented_..Passcode4PresentedYSetupDone_."WebKitShrinksStandaloneImagesToFit......._../var/mobile/Library/Caches.Ues_DO....../03A.`Ly.........Ues-DO..78Xfeatures..3A.`Lu.fw.._..SetupUsingAssistant.........K.X.l...............:.Q.l...............#.;.I.\.s...............&

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\plutil (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	Mach-O universal binary with 1 architecture: [arm64:Mach-O 64-bit arm64 executable, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL\|PIE>]
Category:	dropped
Size (bytes):	156896
Entropy (8bit):	4.080446969463163
Encrypted:	false
SSDEEP:	3072:zXZBMbqcduT8q6kKWyyWnf7ClG3nvIETVG:jbvAdkJ/Wnf7QQ
MD5:	D522E0D578A3AE147FB185560B8AF11E
SHA1:	8BBAFD8942EDBB032CA59561F2BE9CD212F467C7
SHA-256:	1438E8844C0A038891161D44BCD691AAF97485C560408CC0DC5B0230032A01C6
SHA-512:	1EDF73EA7704DF7ABB864BAEBA89BAA5136008C4A83B15A44F0B76219A2C3052EDF1E3DDCCDEE36DA424BC67BC0B878084C173323B844118B4E3678B66EDAAD6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	..................@...$.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\ut.plist (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	30922
Entropy (8bit):	4.786049148601881
Encrypted:	false
SSDEEP:	768:/xKg6haWguzKqE0WHERiwYHok4m0Ug4t0prB+79EPSxkGHnshc2jzZxKg6haWgur:v6haWguzKqE0WHERiwYHok4m0Ug4t0pc
MD5:	6AA87070538A40521A302D1429A78759
SHA1:	97E83BE8BAD422C74D27F5BC0FF2ABCC0429F8E6
SHA-256:	983863B37F94991D33B6023576CC6FC58B68A460818E040673FEF06A6E642FDD
SHA-512:	C95687D04EC6BA5B7D862C264841DC5E0FE5012FB1C874662DD6CF5527F4A23DF96D40C3EB7E42220C81A33C73B551EA1E47A4AD517A3DA02C390678AFEEE2CC
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">.<plist version="1.0">.<dict>..<key>abs-client</key>..<string>1563636331</string>..<key>adi-client</key>..<string>822300215</string>..<key>application-identifier</key>..<string>com.apple.purplebuddy</string>..<key>aps-environment</key>..<string>development</string>..<key>backupd-connection-initiate</key>..<true/>..<key>com.apple.BTServer.allowRestrictedServices</key>..<true/>..<key>com.apple.BTServer.appleMfgDataScanner</key>..<true/>..<key>com.apple.BTServer.programmaticPairing</key>..<true/>..<key>com.apple.BTServer.supportsPairing</key>..<true/>..<key>com.apple.CommCenter.fine-grained</key>..<array>...<string>cellular-plan</string>...<string>spi</string>...<string>data-allowed-write</string>..</array>..<key>com.apple.Contacts.database-allow</key>..<true/>..<key>com.apple.Diagnostics.host-view-service</key>..<true/>..<key>com.apple.DiagnosticsSe

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\libirecovery-1.0.3.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	1100
Entropy (8bit):	5.811993948162244
Encrypted:	false
SSDEEP:	24:g+OmvWzY55ftFjHiUfyRUi+lmqXsnx46VFIcsE7iI4My/SU:gDBz857XaRUi5IVI7CL
MD5:	1EBD827269728E15CAEA34A2BCE762EA
SHA1:	F7CE3B5B68A5DD251420A2EAF546828DE689BA4C
SHA-256:	C43157470B15963125473A5F2A3F17972332320A7912EBF6C0664EB732E4B8AD
SHA-512:	55E5F34D29DFA3BC32AF5136A960FD4423B44E2FCEFA425DE3E37FED396D70ECB32652C5A50E34BD447959974A585886856F64A991AE8DA33599D35D8F424CB2
Malicious:	false
Preview:	bplist00.. ............................... !"""%"'")"+""."2"4"6%:%'"=""""""\SetupVersion_..UserChoseLanguage_..PBDiagnostics4Presented_..PrivacyPresented_..WebKitAcceleratedDrawingEnabled_..PaymentMiniBuddy4Ran_.+WebKitLocalStorageDatabasePathPreferenceKey^Mesa2PresentedVLocale_.!PhoneNumberPermissionPresentedKey_..setupMigratorVersion_..HSA2UpgradeMiniBuddy3Ran_..SetupFinishedAllSteps_..lastPrepareLaunchSentinel_..AppleIDPB10Presented_..PrivacyContentVersion_..UserInterfaceStyleModePresentedXLanguage_..HomeButtonCustomizePresentedYchronicle_..AnimateLanugageChoice]SetupLastExit_..MagnifyPresented_..WebDatabaseDirectory_.'WebKitOfflineWebApplicationCacheEnabledZSetupState_..AutoUpdatePresented]RestoreChoice_..ScreenTimePresented_..Passcode4PresentedYSetupDone_."WebKitShrinksStandaloneImagesToFit......._../var/mobile/Library/Caches.Ues_DO....../03A.`Ly.........Ues-DO..78Xfeatures..3A.`Lu.fw.._..SetupUsingAssistant.........K.X.l...............:.Q.l...............#.;.I.\.s...............&

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\plutil

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	Mach-O universal binary with 1 architecture: [arm64:Mach-O 64-bit arm64 executable, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL\|PIE>]
Category:	dropped
Size (bytes):	156896
Entropy (8bit):	4.080446969463163
Encrypted:	false
SSDEEP:	3072:zXZBMbqcduT8q6kKWyyWnf7ClG3nvIETVG:jbvAdkJ/Wnf7QQ
MD5:	D522E0D578A3AE147FB185560B8AF11E
SHA1:	8BBAFD8942EDBB032CA59561F2BE9CD212F467C7
SHA-256:	1438E8844C0A038891161D44BCD691AAF97485C560408CC0DC5B0230032A01C6
SHA-512:	1EDF73EA7704DF7ABB864BAEBA89BAA5136008C4A83B15A44F0B76219A2C3052EDF1E3DDCCDEE36DA424BC67BC0B878084C173323B844118B4E3678B66EDAAD6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	..................@...$.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\ut.plist

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	30922
Entropy (8bit):	4.786049148601881
Encrypted:	false
SSDEEP:	768:/xKg6haWguzKqE0WHERiwYHok4m0Ug4t0prB+79EPSxkGHnshc2jzZxKg6haWgur:v6haWguzKqE0WHERiwYHok4m0Ug4t0pc
MD5:	6AA87070538A40521A302D1429A78759
SHA1:	97E83BE8BAD422C74D27F5BC0FF2ABCC0429F8E6
SHA-256:	983863B37F94991D33B6023576CC6FC58B68A460818E040673FEF06A6E642FDD
SHA-512:	C95687D04EC6BA5B7D862C264841DC5E0FE5012FB1C874662DD6CF5527F4A23DF96D40C3EB7E42220C81A33C73B551EA1E47A4AD517A3DA02C390678AFEEE2CC
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">.<plist version="1.0">.<dict>..<key>abs-client</key>..<string>1563636331</string>..<key>adi-client</key>..<string>822300215</string>..<key>application-identifier</key>..<string>com.apple.purplebuddy</string>..<key>aps-environment</key>..<string>development</string>..<key>backupd-connection-initiate</key>..<true/>..<key>com.apple.BTServer.allowRestrictedServices</key>..<true/>..<key>com.apple.BTServer.appleMfgDataScanner</key>..<true/>..<key>com.apple.BTServer.programmaticPairing</key>..<true/>..<key>com.apple.BTServer.supportsPairing</key>..<true/>..<key>com.apple.CommCenter.fine-grained</key>..<array>...<string>cellular-plan</string>...<string>spi</string>...<string>data-allowed-write</string>..</array>..<key>com.apple.Contacts.database-allow</key>..<true/>..<key>com.apple.Diagnostics.host-view-service</key>..<true/>..<key>com.apple.DiagnosticsSe

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\iproxy.exe

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	17408
Entropy (8bit):	5.150709929809416
Encrypted:	false
SSDEEP:	192:+TB7EQ+bx0xCK9t2fPMmMNvlhPQ20GRjsgGts1+T7660+VHFp1zjUm3Q5tfpnd8C:Yl+N0xCK9t2nQv742FMlZ7znAm3i
MD5:	9972DD0557FEC1832455F01A1D141D12
SHA1:	FBB37704A68F028026956FA54D8D64E00361FC39
SHA-256:	6B107FBF266E45ABF394A033E5E9959EFDD9A7D9B7CDAD071AD0E4FC256D2D15
SHA-512:	F1CE4E65E57EF3EDEFA9A311DFCBB26F4372C6BFAB828831619ECC22F255228950E84B080287CFAF5E39E751A27C64B59B8C057B89AC39BC105265E81374D2F5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Rv.....Q...Q...Q.o0Q...QD..P...QD..P...QD..P...QD..P...Q\|..P...Qys.P...Q...QE..Q\|..P...Q\|.\Q...Q\|..P...QRich...Q........PE..d...r.>\.........."..........*....... .........@..........................................`.................................................$?.......p.......`..X...................08..p............................8...............0...............................text...(........................... ..`.rdata.......0....... ..............@..@.data...X....P.......:..............@....pdata..X....`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\libusb-1.0.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	214745
Entropy (8bit):	6.311489614007665
Encrypted:	false
SSDEEP:	3072:lwhaakECr5GrXKm5UcC8KXvnw8seD5cAECoOJhEg2ptfXd3ZkZPO+e3NRwP3HVw:lViKkKm5Xa3snM2bl3ZkZU9iP3G
MD5:	31A5D095AAC8B96BB00B7436459F98B3
SHA1:	332B76859E9418A54AA90577835F2A6E41E678A4
SHA-256:	76055314E4E69641FB889E88B858BCC14B50AFF06F197E5F8D5A112BA2E13ED7
SHA-512:	83F1B1AD34F59DED60B8D873E846E46DA1D9607C15A3C6C77274C73F8A07A6FB565366F22E500A00B4992AF5FCC54DF8CF4FBF0A332767F3FB48B4CA681E5FAB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........8..f.....&"...&.2...4......P.........2...........................................`... ......................................`..I.......................................D........................... ...(...................L................................text...h1.......2..................`..`.data...0....P.......6..............@....rdata.......`.......<..............@..@.pdata..............................@..@.xdata..,.... ......................@..@.bss....p....@...........................edata..I....`......................@..@.idata..............................@....CRT....X............*..............@....tls.................,..............@....rsrc...............................@....reloc..D............4..............@..B................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\plist.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	52224
Entropy (8bit):	6.042806370775442
Encrypted:	false
SSDEEP:	768:X355SGub/Yr1CpCcgaOKkemPktwb+bhg+xBqkeS03c+XfXje6:Xp50b/rga1kFGx5+PXjb
MD5:	B47DD9488AC6002C4D5E9D5114B822D4
SHA1:	DE2D2899562221E9C815AC11FD63F667784ADB3F
SHA-256:	9106A4136EBDCDD26778A1E53998BDAA3215F5EEA10028714FD5353F9B720AE2
SHA-512:	C16EAFD0BEA07939B34AC66DEA48FA65448BD3FD6B3B9695F2860267E0BDC1F1D9F1FDA12388B53962623CF5D4C8B507230C2CFFE4456ADB5D1E079245C136B2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f.3.a...=..j.....g.n...=..m...=..}...=..g......m...o.../......c......d......n....._.n......n...Richo...................PE..d...\.>\.........." .........<......p........................................ ............`.............................................p...p...................\...................`...p...........................................................................text.............................. ..`.rdata..0#.......$..................@..@.data...............................@....pdata..\...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\usbmuxd.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	5.855477654799774
Encrypted:	false
SSDEEP:	768:dqzK4nasQQfbBTtSt+1nf6tQyz9BLtkHu:Qe4RvNpW2nf6tfzbtkH
MD5:	766F04C22A6B7F82880172F0377AB176
SHA1:	E1FDAA1BCCB8DB30CA5C463224CBC1A73CF87CD1
SHA-256:	198FB6ABF469869E6462DDEB4994985A7483562D9035A19F7EB27487CEBDF228
SHA-512:	FA2EFC140CD1F34D252E02D90D34AE900D72FC31A623BBB20662225CA269F9677F516DE3FB140D9F26170061DE9D2C028CD821546F2E6E240EC7F33D7B55934A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........xSOw+SOw+SOw+Z7.+_Ow+.'vQOw+..+ROw+.'tQOw+.'rXOw+.'s[Ow+9'vQOw+<+vVOw+SOv+.Ow+9'sPOw+9'wROw+9'.+ROw+9'u*ROw+RichSOw+................PE..d...q.>\.........." .....L...B.......P....................................................`.........................................p~......x...................................,....t..p...........................pt...............`...............................text....K.......L.................. ..`.rdata..Z+...`...,...P..............@..@.data................\|..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\iproxy.exe

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.726362601796716
Encrypted:	false
SSDEEP:	192:DhzIqfbKzgh1JsOGejZ46JCFrqhiTL6aU+zPImifDrqhqrUqF7E5pz6l9u:D6AKzgF0eja6JCUh6Zbzm6hqoU7
MD5:	928622B500417FD7AF3DC636ACD73783
SHA1:	F87563EF44AA94339F132473104FFDE038FEFFA9
SHA-256:	5F8A420B9DEBC686DF514E294C828CB6603F563F413AC27C51516634580EC91F
SHA-512:	4C90352F7D62AD33A2444D2007AF582E75F0C87338E4F48151C7487851A54F36900E55A0EA2CDB7ADDDA2034BA896CDD4038B77DD4FB7E7FB52E237AF4517098
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,...My..My..My..5..My..%x..My..%z..My..%\|..My..%}..My..%x..My..)x..My..Mx..My..%}..My..%...My..%{..My.Rich.My.........................PE..L...W.>\............................T........0....@.......................................@..................................:.......`.......................p..L...@6..p............................6..@............0..<............................text............................... ..`.rdata.......0......................@..@.data........P......................@....rsrc........`.......0..............@..@.reloc..L....p.......2..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\libusb-1.0.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	230998
Entropy (8bit):	6.494886982257161
Encrypted:	false
SSDEEP:	3072:IymC3p6XIL/p7kQaQZZRO4afFA8ixwCt/5JrQbw4YxBU6vUoO8Eq+fNfZxuEHjvU:51LOQauZ9adexJrQk4YEflr/g
MD5:	37809E8C32CA652D6D6843687A954F8C
SHA1:	CF4AC32E545573128D389BC7F811377CB427E4D2
SHA-256:	43A8011BC39CD786857C996DAF69F0D94579B5050F3DC140E76A20465E14B949
SHA-512:	6DA833B3BA8F04FF9BD59DBE5EEC9F6DA489DD4125ADF25512F90D631733530C1DD5C01C9E558C1434399AE615EE188205645534BD0F09D038482B86AEC8D6F9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........v..j......#...&.B...r...............`.....k................................u.....@... ......................p..I.......$...................................................................................................................text....@.......B..................`..`.data........`.......F..............@....rdata..`....p.......J..............@..@/4.......Q.......R..................@..@.bss.........`...........................edata..I....p.......(..............@..@.idata..$............D..............@....CRT....,............P..............@....tls.................R..............@....rsrc................T..............@....reloc...............Z..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\plist.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	45568
Entropy (8bit):	6.461810277701716
Encrypted:	false
SSDEEP:	768:dIIvCUBV6YpfSKtOmWz1bUCyK1NDv+TAyiMGDeZIK2XS0XF:dzvCUBPfS0OmEzyGNDWE2GUIK2C0X
MD5:	6593861573E6B16C96E9D56037DE7F67
SHA1:	4298F4FD85311BD44272E46F200CE52C8634A98B
SHA-256:	0CF5976EF7ECF21F53341BE750E812658C3F35F171F6ACB317E330C080F066AE
SHA-512:	8D75504AC062EF7D54B16256A87547DED84DC9942A30A59FAB647E39AA59519085BCDFE1A91ED0C6CE9F9FB0E73E489A6AED9498916DB5BF513681C1F23F6481
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1..1..1..I<.1...Y..1....h.1...Y..1...Y..1...Y..1...U..1..1..1...Y..1...Y..1...Y..1...YP.1...Y..1..Rich.1..........................PE..L...A.>\...........!.........$............................................................@............................p...`...........................................p...............................@............................................text.............................. ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\usbmuxd.dll

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	29184
Entropy (8bit):	6.27900443113766
Encrypted:	false
SSDEEP:	768:7V+RjoyZCkC7ITsAhexjkE3sIV37zXBO3w+:ERjnC7ITveB37zE3R
MD5:	3149B3F99865A240D5367300F2B248A4
SHA1:	6B06CB0CAB504E76226E2E4BB8F5AD40099CA9CF
SHA-256:	0EA8054C6ED6311D87E581EEB3C255BDFE700157A453D97C2D4F47AA3B8CB07D
SHA-512:	0DBDEB697D63D820534468D581BDC7C73DADC1DA441302CD2D21FCA61A7E2FBAFE7632A66A99E71944D703DED2C27DFC3CECBE3E92ECB77022E5522A0290C9C0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ir...!...!...!...!...!... ...!0P.!...!... ...!... ...!... ...!.. ...!... ...!...!...!.. ...!.. ...!..!...!.. ...!Rich...!................PE..L...V.>\...........!.....B...2.......G.......`............................................@..........................u.......x.......................................q..p............................r..@............`..h............................text...%A.......B.................. ..`.rdata...!...`..."...F..............@..@.data................h..............@....rsrc................j..............@..@.reloc...............l..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\utils.zip

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	343491
Entropy (8bit):	7.996817711249706
Encrypted:	true
SSDEEP:	6144:sbq87YWfAnCmIB9bE/Qw6C3vxwSpO3JUSL1L1TBshTgrzje:UXXAF/QPC/+S+11TqhT2zK
MD5:	AC48173510245BF623324539B958E779
SHA1:	D5CC385039D18B51C7774C3A2279EF697A2EDC1D
SHA-256:	C85E70D775996C8E7ABDA8789E43C0E9DFC945EBBB267BED6F2C870BEFDBF515
SHA-512:	1042773CFF187FAAE3962AE6D5A802E8642393FD0824E58A28A9A71914C52F46F8C2EF1904F34D26D3D87FD557861B8828B1EC2B4DB589F53DC88C93004FDA83
Malicious:	false
Preview:	PK...........Y................x86/PK........6.xW.Z..7....6......x86/iproxy.exe.:}\|T.w..0.@"%...C...q&..\|N2....5...$.&3/....71Q..a,.G.mqW..OK..]..V.X[.....D.RZXE...dm.Qb7.....$...._..../..u.9.{.9..2ko....B.Pd..>.<......Y.~5.<1...>....yw....../.t.\|~.i.`..}L..:..wq.3g..<.Yz.K/..3Q...;...].;#.i{.....mw.........Di;.Rx7..Z\|.........N....^lVB.ht.....<I.....$90.....C...j..).......J.'.XvQD..o.....#d.;.`].e...\|......}..S....\|>~..u....JU.......R..]..A..W.{.=.....Z..42.FeStC.?......N..u..g... ..;....[.g.n"_>....Wg!...M.p.5..N.p...K.dx.Z. g.1ZH.HNs.6...<..Y..u,.1.G.y.u.....-f...y..9.#r....}...z...V.......=0'..3...K'D\|k.b.z.......x...XhB....]2....,.y...F..o.S@49..........S....3.M..."G..].H.:.,....5......~...J..3P...........<F..9...r8..'..A......,.P..)..n....ts]...a...j..l...4....U...-.a.T%S}.L.h.kh.......'*w.F.50...F...:..'.....]<.U..fu!qmN.7c.e :..N........K..~/.....#v...7....Qt.F.Q......\|\,....F..k;..l..l!qB;..3..k.../R......K.......ee.v0.?

C:\Users\user\AppData\Local\Temp\TitanTmp\x64\iproxy.exe (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	17408
Entropy (8bit):	5.150709929809416
Encrypted:	false
SSDEEP:	192:+TB7EQ+bx0xCK9t2fPMmMNvlhPQ20GRjsgGts1+T7660+VHFp1zjUm3Q5tfpnd8C:Yl+N0xCK9t2nQv742FMlZ7znAm3i
MD5:	9972DD0557FEC1832455F01A1D141D12
SHA1:	FBB37704A68F028026956FA54D8D64E00361FC39
SHA-256:	6B107FBF266E45ABF394A033E5E9959EFDD9A7D9B7CDAD071AD0E4FC256D2D15
SHA-512:	F1CE4E65E57EF3EDEFA9A311DFCBB26F4372C6BFAB828831619ECC22F255228950E84B080287CFAF5E39E751A27C64B59B8C057B89AC39BC105265E81374D2F5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Rv.....Q...Q...Q.o0Q...QD..P...QD..P...QD..P...QD..P...Q\|..P...Qys.P...Q...QE..Q\|..P...Q\|.\Q...Q\|..P...QRich...Q........PE..d...r.>\.........."..........*....... .........@..........................................`.................................................$?.......p.......`..X...................08..p............................8...............0...............................text...(........................... ..`.rdata.......0....... ..............@..@.data...X....P.......:..............@....pdata..X....`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x64\libusb-1.0.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	214745
Entropy (8bit):	6.311489614007665
Encrypted:	false
SSDEEP:	3072:lwhaakECr5GrXKm5UcC8KXvnw8seD5cAECoOJhEg2ptfXd3ZkZPO+e3NRwP3HVw:lViKkKm5Xa3snM2bl3ZkZU9iP3G
MD5:	31A5D095AAC8B96BB00B7436459F98B3
SHA1:	332B76859E9418A54AA90577835F2A6E41E678A4
SHA-256:	76055314E4E69641FB889E88B858BCC14B50AFF06F197E5F8D5A112BA2E13ED7
SHA-512:	83F1B1AD34F59DED60B8D873E846E46DA1D9607C15A3C6C77274C73F8A07A6FB565366F22E500A00B4992AF5FCC54DF8CF4FBF0A332767F3FB48B4CA681E5FAB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........8..f.....&"...&.2...4......P.........2...........................................`... ......................................`..I.......................................D........................... ...(...................L................................text...h1.......2..................`..`.data...0....P.......6..............@....rdata.......`.......<..............@..@.pdata..............................@..@.xdata..,.... ......................@..@.bss....p....@...........................edata..I....`......................@..@.idata..............................@....CRT....X............*..............@....tls.................,..............@....rsrc...............................@....reloc..D............4..............@..B................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x64\plist.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	52224
Entropy (8bit):	6.042806370775442
Encrypted:	false
SSDEEP:	768:X355SGub/Yr1CpCcgaOKkemPktwb+bhg+xBqkeS03c+XfXje6:Xp50b/rga1kFGx5+PXjb
MD5:	B47DD9488AC6002C4D5E9D5114B822D4
SHA1:	DE2D2899562221E9C815AC11FD63F667784ADB3F
SHA-256:	9106A4136EBDCDD26778A1E53998BDAA3215F5EEA10028714FD5353F9B720AE2
SHA-512:	C16EAFD0BEA07939B34AC66DEA48FA65448BD3FD6B3B9695F2860267E0BDC1F1D9F1FDA12388B53962623CF5D4C8B507230C2CFFE4456ADB5D1E079245C136B2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f.3.a...=..j.....g.n...=..m...=..}...=..g......m...o.../......c......d......n....._.n......n...Richo...................PE..d...\.>\.........." .........<......p........................................ ............`.............................................p...p...................\...................`...p...........................................................................text.............................. ..`.rdata..0#.......$..................@..@.data...............................@....pdata..\...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x64\usbmuxd.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	5.855477654799774
Encrypted:	false
SSDEEP:	768:dqzK4nasQQfbBTtSt+1nf6tQyz9BLtkHu:Qe4RvNpW2nf6tfzbtkH
MD5:	766F04C22A6B7F82880172F0377AB176
SHA1:	E1FDAA1BCCB8DB30CA5C463224CBC1A73CF87CD1
SHA-256:	198FB6ABF469869E6462DDEB4994985A7483562D9035A19F7EB27487CEBDF228
SHA-512:	FA2EFC140CD1F34D252E02D90D34AE900D72FC31A623BBB20662225CA269F9677F516DE3FB140D9F26170061DE9D2C028CD821546F2E6E240EC7F33D7B55934A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........xSOw+SOw+SOw+Z7.+_Ow+.'vQOw+..+ROw+.'tQOw+.'rXOw+.'s[Ow+9'vQOw+<+vVOw+SOv+.Ow+9'sPOw+9'wROw+9'.+ROw+9'u*ROw+RichSOw+................PE..d...q.>\.........." .....L...B.......P....................................................`.........................................p~......x...................................,....t..p...........................pt...............`...............................text....K.......L.................. ..`.rdata..Z+...`...,...P..............@..@.data................\|..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x86\iproxy.exe (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.726362601796716
Encrypted:	false
SSDEEP:	192:DhzIqfbKzgh1JsOGejZ46JCFrqhiTL6aU+zPImifDrqhqrUqF7E5pz6l9u:D6AKzgF0eja6JCUh6Zbzm6hqoU7
MD5:	928622B500417FD7AF3DC636ACD73783
SHA1:	F87563EF44AA94339F132473104FFDE038FEFFA9
SHA-256:	5F8A420B9DEBC686DF514E294C828CB6603F563F413AC27C51516634580EC91F
SHA-512:	4C90352F7D62AD33A2444D2007AF582E75F0C87338E4F48151C7487851A54F36900E55A0EA2CDB7ADDDA2034BA896CDD4038B77DD4FB7E7FB52E237AF4517098
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,...My..My..My..5..My..%x..My..%z..My..%\|..My..%}..My..%x..My..)x..My..Mx..My..%}..My..%...My..%{..My.Rich.My.........................PE..L...W.>\............................T........0....@.......................................@..................................:.......`.......................p..L...@6..p............................6..@............0..<............................text............................... ..`.rdata.......0......................@..@.data........P......................@....rsrc........`.......0..............@..@.reloc..L....p.......2..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x86\libusb-1.0.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	230998
Entropy (8bit):	6.494886982257161
Encrypted:	false
SSDEEP:	3072:IymC3p6XIL/p7kQaQZZRO4afFA8ixwCt/5JrQbw4YxBU6vUoO8Eq+fNfZxuEHjvU:51LOQauZ9adexJrQk4YEflr/g
MD5:	37809E8C32CA652D6D6843687A954F8C
SHA1:	CF4AC32E545573128D389BC7F811377CB427E4D2
SHA-256:	43A8011BC39CD786857C996DAF69F0D94579B5050F3DC140E76A20465E14B949
SHA-512:	6DA833B3BA8F04FF9BD59DBE5EEC9F6DA489DD4125ADF25512F90D631733530C1DD5C01C9E558C1434399AE615EE188205645534BD0F09D038482B86AEC8D6F9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........v..j......#...&.B...r...............`.....k................................u.....@... ......................p..I.......$...................................................................................................................text....@.......B..................`..`.data........`.......F..............@....rdata..`....p.......J..............@..@/4.......Q.......R..................@..@.bss.........`...........................edata..I....p.......(..............@..@.idata..$............D..............@....CRT....,............P..............@....tls.................R..............@....rsrc................T..............@....reloc...............Z..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x86\plist.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	45568
Entropy (8bit):	6.461810277701716
Encrypted:	false
SSDEEP:	768:dIIvCUBV6YpfSKtOmWz1bUCyK1NDv+TAyiMGDeZIK2XS0XF:dzvCUBPfS0OmEzyGNDWE2GUIK2C0X
MD5:	6593861573E6B16C96E9D56037DE7F67
SHA1:	4298F4FD85311BD44272E46F200CE52C8634A98B
SHA-256:	0CF5976EF7ECF21F53341BE750E812658C3F35F171F6ACB317E330C080F066AE
SHA-512:	8D75504AC062EF7D54B16256A87547DED84DC9942A30A59FAB647E39AA59519085BCDFE1A91ED0C6CE9F9FB0E73E489A6AED9498916DB5BF513681C1F23F6481
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1..1..1..I<.1...Y..1....h.1...Y..1...Y..1...Y..1...U..1..1..1...Y..1...Y..1...Y..1...YP.1...Y..1..Rich.1..........................PE..L...A.>\...........!.........$............................................................@............................p...`...........................................p...............................@............................................text.............................. ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TitanTmp\x86\usbmuxd.dll (copy)

Download File

Process:	C:\Users\user\Desktop\Titan.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	29184
Entropy (8bit):	6.27900443113766
Encrypted:	false
SSDEEP:	768:7V+RjoyZCkC7ITsAhexjkE3sIV37zXBO3w+:ERjnC7ITveB37zE3R
MD5:	3149B3F99865A240D5367300F2B248A4
SHA1:	6B06CB0CAB504E76226E2E4BB8F5AD40099CA9CF
SHA-256:	0EA8054C6ED6311D87E581EEB3C255BDFE700157A453D97C2D4F47AA3B8CB07D
SHA-512:	0DBDEB697D63D820534468D581BDC7C73DADC1DA441302CD2D21FCA61A7E2FBAFE7632A66A99E71944D703DED2C27DFC3CECBE3E92ECB77022E5522A0290C9C0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ir...!...!...!...!...!... ...!0P.!...!... ...!... ...!... ...!.. ...!... ...!...!...!.. ...!.. ...!..!...!.. ...!Rich...!................PE..L...V.>\...........!.....B...2.......G.......`............................................@..........................u.......x.......................................q..p............................r..@............`..h............................text...%A.......B.................. ..`.rdata...!...`..."...F..............@..@.data................h..............@....rsrc................j..............@..@.reloc...............l..............@..B........................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.4656052132065644
Encrypted:	false
SSDEEP:	6144:HIXfpi67eLPU9skLmb0b4TWSPKaJG8nAgejZMMhA2gX4WABl0uNkdwBCswSbb:oXD94TWlLZMM6YFHq+b
MD5:	60AD77953513BB3E8F9F3FA6BCFAA924
SHA1:	33964E9022EFE786471D180399D265600030B699
SHA-256:	ECB0F77C314B619CED45B006FE6EFDB1A906B58AE08E96801C62CA0B09D1DFA7
SHA-512:	902C899AB5F74676D7D711148CFB8AC1A3EB74905C15643C7C3F512B9B64B51F96F00EF22869A2B4091AABE35B6F4B386320E0A8E11F22D2DF6688C725C7702F
Malicious:	false
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..I..X................................................................................................................................................................................................................................................................................................................................................^.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.943977922701104
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.90% Win32 Executable (generic) a (10002005/4) 49.85% InstallShield setup (43055/19) 0.21% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01%
File name:	Titan.exe
File size:	15'447'040 bytes
MD5:	d615c92a9afcabe383cd651ab3cf90f2
SHA1:	1020eb83f5380092b71ddad40e44adda3634f255
SHA256:	feb67c5d1e5362132049270f7d8c9250573872cfda6ebf1817263f14af24d122
SHA512:	aa473ecd1488917edb5a043165d3f6964fa0945237bc41fa1a4854ba66083a2d6f18a36ab1ad31a6aedd88f76da49dd30f5ecafe6b20daa60dc4d64af5f393e9
SSDEEP:	196608:5HZpYAmscVO0lYzgqv4YAmscVO0lYzgqvPvkKHEyUzeApkSIfSKYODT:55pLmVPGz2LmVPGz1vkAEySpkScv
TLSH:	7FF63316A1B68D42FB1E373871C416201F7170CE9BA7F7372784A8842B877BD89D8997
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,............"...0...................... ....@.. ....................... ............`................................

File Icon


Icon Hash:	5dc0c372b232f04d

Static PE Info

General

Entrypoint:	0x12be00a
Entrypoint Section:	inVRGFmg
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xCD8A2C9F [Mon Apr 10 20:37:51 2079 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [012BE000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x9b594	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xebc000	0x1686	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xec0000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xebe000	0x8	inVRGFmg
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x9a000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
Wn(n~	0x2000	0x4bfe4	0x4c000	caec85eb3fb1262222c864fe37d9c46d	False	0.5090010793585527	data	6.4981399055306985	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Wn(n~	0x4e000	0x4bfe4	0x4c000	417dcf023961f0452326fa8b23739336	False	1.0003244500411184	data	7.999419325988196	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.text	0x9a000	0xe213db	0xe21400	31260ffa20950f82bdde2b58a5f41142	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xebc000	0x1686	0x1800	4dcda0d1142af8353ef4d101737a5d9e	False	0.4910481770833333	data	5.807858457114281	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
inVRGFmg	0xebe000	0x10	0x200	0a02ae2f84339d197b33778e4eaad560	False	0.048828125	data	0.16299007530476972	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0xec0000	0xc	0x200	46017c669932f520fe81ead767031f1a	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xebc130	0x1024	Device independent bitmap graphic, 32 x 62 x 32, image size 3968, resolution 2835 x 2835 px/m	0.5554211035818006
RT_GROUP_ICON	0xebd154	0x14	data	1.05
RT_VERSION	0xebd168	0x334	data	0.41585365853658535
RT_MANIFEST	0xebd49c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 01:52:37.091038942 CET	49747	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:37.091092110 CET	443	49747	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:37.091186047 CET	49747	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:37.091336012 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:37.091434956 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:37.091485977 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:37.125925064 CET	49747	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:37.125943899 CET	443	49747	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:37.129930019 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:37.129970074 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:38.851484060 CET	443	49747	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:38.851618052 CET	49747	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:38.853971004 CET	49747	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:38.853981018 CET	443	49747	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:38.854465961 CET	443	49747	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:38.886706114 CET	49747	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:38.896390915 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:38.896576881 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:38.897775888 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:38.897805929 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:38.898560047 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:38.903429985 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:38.931332111 CET	443	49747	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:38.951330900 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.274241924 CET	443	49747	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.274425030 CET	443	49747	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.274477005 CET	49747	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.302407980 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.302459002 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.302541018 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.302594900 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.356790066 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.356873035 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.356904984 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.400434017 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.507997990 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.508023024 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.508083105 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.508116007 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.508116007 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.508150101 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.541177034 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.541197062 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.541253090 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.541286945 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.566481113 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.566499949 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.566561937 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.566602945 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.591690063 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.591772079 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.707618952 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.707731009 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.729074955 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.729161978 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.748883963 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.748970032 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.767242908 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.767337084 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.781399965 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.781471968 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.795341015 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.795437098 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.813710928 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.813795090 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.824677944 CET	49747	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.898061991 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.898148060 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.912168026 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.912246943 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.923692942 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.923774958 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.934547901 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.934624910 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.947437048 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.947515965 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.954279900 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.954396009 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.960107088 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.960186005 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.965549946 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.965611935 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.972683907 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.972748041 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.972784996 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.972811937 CET	443	49748	104.168.136.235	192.168.2.4
Dec 28, 2024 01:52:39.972861052 CET	49748	443	192.168.2.4	104.168.136.235
Dec 28, 2024 01:52:39.973417044 CET	49748	443	192.168.2.4	104.168.136.235

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 01:52:11.689659119 CET	53887	53	192.168.2.4	1.1.1.1
Dec 28, 2024 01:52:12.034569979 CET	53	53887	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 28, 2024 01:52:11.689659119 CET	192.168.2.4	1.1.1.1	0x9875	Standard query (0)	ic-titan.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 28, 2024 01:52:12.034569979 CET	1.1.1.1	192.168.2.4	0x9875	No error (0)	ic-titan.net		104.168.136.235	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ic-titan.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49747	104.168.136.235	443	6256	C:\Users\user\Desktop\Titan.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-28 00:52:38 UTC	204	OUT	GET /version_tool.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537 Host: ic-titan.net Connection: Keep-Alive
2024-12-28 00:52:39 UTC	532	IN	HTTP/1.1 200 OK Date: Sat, 28 Dec 2024 00:52:39 GMT Server: Apache X-Powered-By: PHP/8.0.30 Content-Security-Policy: upgrade-insecure-requests; X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: geolocation=(), microphone=(), camera=() Upgrade: h2,h2c Connection: Upgrade, close Cache-Control: max-age=172800 Expires: Mon, 30 Dec 2024 00:52:39 GMT Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-12-28 00:52:39 UTC	13	IN	Data Raw: 33 0d 0a 31 2e 34 0d 0a 30 0d 0a 0d 0a Data Ascii: 31.40

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49748	104.168.136.235	443	6256	C:\Users\user\Desktop\Titan.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-28 00:52:38 UTC	199	OUT	GET /iphoneos HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Host: ic-titan.net Connection: Keep-Alive
2024-12-28 00:52:39 UTC	530	IN	HTTP/1.1 200 OK Date: Sat, 28 Dec 2024 00:52:39 GMT Server: Apache Content-Security-Policy: upgrade-insecure-requests; X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: geolocation=(), microphone=(), camera=() Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 15 Dec 2024 08:08:19 GMT Accept-Ranges: bytes Content-Length: 175440 Cache-Control: max-age=172800 Expires: Mon, 30 Dec 2024 00:52:39 GMT Vary: Accept-Encoding
2024-12-28 00:52:39 UTC	7662	IN	Data Raw: cf fa ed fe 0c 00 00 01 00 00 00 00 02 00 00 00 17 00 00 00 78 08 00 00 85 00 20 00 00 00 00 00 19 00 00 00 48 00 00 00 5f 5f 50 41 47 45 5a 45 52 4f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 78 02 00 00 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 00 00 00 00 05 00 00 00 05 00 00 00 07 00 00 00 00 00 00 00 5f 5f 74 65 78 74 00 00 00 00 00 00 00 00 00 00 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 18 79 00 00 01 00 00 00 5c 1c 00 00 00 00 00 00 18 79 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 04 00 80 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: x H__PAGEZEROx__TEXT__text__TEXTy\y
2024-12-28 00:52:39 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-12-28 00:52:39 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-12-28 00:52:39 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-12-28 00:52:39 UTC	8000	IN	Data Raw: 18 f8 08 81 00 91 e8 2f 00 f9 a0 03 5e f8 a7 06 00 94 a1 83 53 f8 e2 33 40 f9 e3 37 40 f9 e8 03 00 aa e0 3b 40 f9 a8 83 18 f8 da 06 00 94 e0 3f 00 f9 01 00 00 14 e0 3f 40 f9 fd 03 1d aa a1 06 00 94 a1 83 53 f8 a0 03 19 f8 a0 03 59 f8 39 07 00 94 01 00 00 14 a0 c3 01 d1 01 00 80 d2 e1 2b 00 f9 9b 06 00 94 e0 2f 40 f9 e1 2b 40 f9 98 06 00 94 e1 2b 40 f9 a0 a3 01 d1 95 06 00 94 e1 2b 40 f9 a0 83 01 d1 92 06 00 94 e1 2b 40 f9 a0 63 01 d1 8f 06 00 94 e1 2b 40 f9 a0 43 01 d1 8c 06 00 94 e1 2b 40 f9 a0 e3 00 d1 89 06 00 94 e1 2b 40 f9 a0 c3 00 d1 86 06 00 94 e1 2b 40 f9 a0 a3 00 d1 83 06 00 94 01 00 00 14 a0 83 00 d1 01 00 80 d2 e1 27 00 f9 7e 06 00 94 e1 27 40 f9 a0 63 00 d1 7b 06 00 94 fd 7b 5d a9 fc 6f 5c a9 ff 83 07 91 c0 03 5f d6 e8 03 01 aa a0 03 1c f8 a8 Data Ascii: /^S3@7@;@??@SY9+/@+@+@+@+@c+@C+@+@+@'~'@c{{]o\_
2024-12-28 00:52:39 UTC	8000	IN	Data Raw: 44 00 00 01 00 00 3c 25 01 00 ff 9b 3d 01 33 00 98 01 00 00 98 01 4c cc 03 01 e4 01 88 01 00 00 ec 02 04 cc 03 01 f0 02 94 01 00 00 84 04 08 d4 04 00 8c 04 14 00 00 a0 04 14 d4 04 00 b4 04 3c 00 00 01 00 00 00 fc 24 01 00 42 6a 2f 53 6f 50 72 35 70 35 58 4e 57 70 39 62 36 71 33 43 78 46 70 33 57 6d 39 56 62 6e 52 33 55 6d 74 68 64 57 31 51 62 57 68 76 4d 46 6f 31 51 58 42 50 54 7a 42 55 59 55 68 44 4f 58 64 30 4d 46 67 32 56 48 68 44 5a 32 59 34 4d 48 4d 32 61 69 39 75 4c 79 39 58 62 58 70 35 4d 55 38 76 55 56 51 32 4b 32 6c 73 55 44 67 3d 00 61 48 52 30 63 48 4d 36 4c 79 39 70 59 79 31 30 61 58 52 68 62 69 35 75 5a 58 51 76 63 47 68 77 58 32 46 77 61 53 39 57 59 57 78 70 5a 47 46 30 62 33 49 75 63 47 68 77 50 32 6c 74 5a 57 6b 39 00 25 40 25 40 26 73 69 Data Ascii: D<%=3L<$Bj/SoPr5p5XNWp9b6q3CxFp3Wm9VbnR3UmthdW1QbWhvMFo1QXBPTzBUYUhDOXd0MFg2VHhDZ2Y4MHM2ai9uLy9XbXp5MU8vUVQ2K2lsUDg=aHR0cHM6Ly9pYy10aXRhbi5uZXQvcGhwX2FwaS9WYWxpZGF0b3IucGhwP2ltZWk9%@%@&si
2024-12-28 00:52:39 UTC	8000	IN	Data Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000100000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2024-12-28 00:52:39 UTC	8000	IN	Data Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 36 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 Data Ascii: 000000000000000000000000004601000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000001000000000000000100000000000000040000000000000000000
2024-12-28 00:52:39 UTC	8000	IN	Data Raw: 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 41 30 30 30 30 30 30 30 30 30 30 30 30 30 30 36 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 45 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 45 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 44 30 30 37 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 Data Ascii: 0000000000001000000000000000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000001000000000000000A000000000000006400000000000000E400000000000000E400000000000000D0070000000000000000
2024-12-28 00:52:39 UTC	8000	IN	Data Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 Data Ascii: 000000000000000000000000000000000000000000000000000000000000010000000000000001000000000000000100000000000000000000000000000001000000000000000100000000000000010000000000000001000000000000000100000000000000010000000000000001000000000000000000000000000000010

Target ID:	0
Start time:	19:52:07
Start date:	27/12/2024
Path:	C:\Users\user\Desktop\Titan.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Titan.exe"
Imagebase:	0xb70000
File size:	15'447'040 bytes
MD5 hash:	D615C92A9AFCABE383CD651AB3CF90F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2265779728.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.2287569116.00000000072F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.2300625638.0000000008810000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.1671980484.0000000001572000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.1671980484.0000000000B72000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	19:52:10
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 2272
Imagebase:	0xf20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	14.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	17.4%
Total number of Nodes:	258
Total number of Limit Nodes:	18

Executed Functions

Function 07C91A1C Relevance: 6.9, Strings: 5, Instructions: 623
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 07C9522D
Hbq, xrefs: 07C951A3
Hbq, xrefs: 07C95089
Hbq, xrefs: 07C952EB
Hbq, xrefs: 07C9511C

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq$Hbq$Hbq
API String ID: 0-1677660839
Opcode ID: 96f31efb56c3cbd8aadde8381473e0f5127b328ee0e371483c114bed233b472f
Instruction ID: 7f2ebb8a0b72046c7e445ff5ca78fbb5b66bbe4556287fdb94645454a97d99ae
Opcode Fuzzy Hash: 96f31efb56c3cbd8aadde8381473e0f5127b328ee0e371483c114bed233b472f
Instruction Fuzzy Hash: A9328170A002598FDF98DFB9D4947AEBBF2BF84300F14816AD409AB395DB349D46CB91

Function 0856D788 Relevance: 4.1, Strings: 3, Instructions: 366
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`Q^q, xrefs: 0856DA1E
KTUj^, xrefs: 0856DC04, 0856DC09
`Q^q, xrefs: 0856DA5B

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: `Q^q$`Q^q$KTUj^
API String ID: 0-3016037774
Opcode ID: 80dde21e24d1c964ceb5c90aee5fbd9abf1b29c3795054a5ff7721b47ed254aa
Instruction ID: 2eb734bbe639b6c564d65fcd4f4e40e33276c4223defeaf5d57c20dd0963cd60
Opcode Fuzzy Hash: 80dde21e24d1c964ceb5c90aee5fbd9abf1b29c3795054a5ff7721b47ed254aa
Instruction Fuzzy Hash: 5202A474A01219CFCB54DFA9D980A9DB7F2FF89301F2085A9D409AB355DB31AE86CF50

Function 03C70F8C Relevance: 3.1, Strings: 2, Instructions: 594COMMON

Download Yara Rule

Strings

(, xrefs: 03C7189C
@, xrefs: 03C7160B

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID: ($@
API String ID: 0-1311469180
Opcode ID: 77c80d87486d5d4cdf2cda067b7ce17a2ebb8eccefed3ac330f917e411bd1d46
Instruction ID: fce35cc95714d1b240ed63fe46712322048c9a3f4798772fe637adf55cca80b6
Opcode Fuzzy Hash: 77c80d87486d5d4cdf2cda067b7ce17a2ebb8eccefed3ac330f917e411bd1d46
Instruction Fuzzy Hash: 0A52C0749012198FDB64CF59C984A8EFBF2BF49311F19D1A5E908EB612DB30AE81CF54

Function 03C70941 Relevance: 2.9, Strings: 2, Instructions: 375
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

<, xrefs: 03C70A70
4'^q, xrefs: 03C709E7

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID: 4'^q$<
API String ID: 0-4256100571
Opcode ID: c260027ce40c3cf21813ecb3f5e4e376d6fd3b892a174b3bfd2be1fca4432d1f
Instruction ID: 72e4b4710b91e221f3b5f1108fccd8b0e51a7e1e4367605f63b1e2e9f591c73c
Opcode Fuzzy Hash: c260027ce40c3cf21813ecb3f5e4e376d6fd3b892a174b3bfd2be1fca4432d1f
Instruction Fuzzy Hash: 42128D74E012288FDB64CF69C984B9EBBF1BB49305F1490A9E849EB351DB309E81CF51

Function 03C79348 Relevance: 2.8, Strings: 2, Instructions: 287
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 03C793AF
@ubq, xrefs: 03C79410

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID: 4'^q$@ubq
API String ID: 0-1482002812
Opcode ID: 0fe7d9f1b055f4629dd13c01ec466d51754c3c6d3f6a2db20fd7d5ff6eb506b7
Instruction ID: 484e8be016959947fa9f582e8859fcbe70f3ecac95018f62ba06bcc1a1dad218
Opcode Fuzzy Hash: 0fe7d9f1b055f4629dd13c01ec466d51754c3c6d3f6a2db20fd7d5ff6eb506b7
Instruction Fuzzy Hash: 1EC1D474E052198FDB64DFA9D981BDDBBB2BF49300F2481A9D409EB251DB349E42DF40

Function 08563DE8 Relevance: 2.7, Strings: 2, Instructions: 219
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

]R, xrefs: 08563E13
ec=, xrefs: 085640CC

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: ]R$ec=
API String ID: 0-3903173408
Opcode ID: ac9e748b080eea6eaa85dc542aa9a2175019eef0ac52082f2c19550977fc7579
Instruction ID: c41e202dd0591a27a8d9139c4466406ae153b67603655e10a7516b75ad4b863d
Opcode Fuzzy Hash: ac9e748b080eea6eaa85dc542aa9a2175019eef0ac52082f2c19550977fc7579
Instruction Fuzzy Hash: 72A1F874E14209EFCB08CFA5E99099EBBF6FB88311F10896AD105AB365D7349D26CF50

Function 08563DF8 Relevance: 2.7, Strings: 2, Instructions: 216
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

]R, xrefs: 08563E13
ec=, xrefs: 085640CC

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: ]R$ec=
API String ID: 0-3903173408
Opcode ID: 004491e0ead7bfbb0b200a7c79721cb339a2bba7b05dd77eb7e5adfa05cabf62
Instruction ID: cf3d6f57a0232da30225cb5c40516d896d2f3dadd91d568fb7d8772c205f008f
Opcode Fuzzy Hash: 004491e0ead7bfbb0b200a7c79721cb339a2bba7b05dd77eb7e5adfa05cabf62
Instruction Fuzzy Hash: E8A1F974E14209EFCB08CFA5E99099EBBF6FB88351F108966D105AB364DB349D26CF50

Function 08568558 Relevance: 2.7, Strings: 2, Instructions: 167COMMON

Download Yara Rule

Strings

cy/o, xrefs: 085685B6
7x/o, xrefs: 085686BA

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: 7x/o$cy/o
API String ID: 0-2589458744
Opcode ID: c40ff37aeae3bf39a3d3ac4904f7dcee7a3aae22e20007f83be31ba2f03115a6
Instruction ID: 2dce0fc9d56f89fd44dd245222cd6ad1c1ceee8b3050dad44234beba077f3a81
Opcode Fuzzy Hash: c40ff37aeae3bf39a3d3ac4904f7dcee7a3aae22e20007f83be31ba2f03115a6
Instruction Fuzzy Hash: D0612AB4E5520A9FCB04CFA9D481AAFFBF2BF89211F14952AD115FB350D2349A428F91

Function 08568568 Relevance: 2.7, Strings: 2, Instructions: 167COMMON

Download Yara Rule

Strings

cy/o, xrefs: 085685B6
7x/o, xrefs: 085686BA

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: 7x/o$cy/o
API String ID: 0-2589458744
Opcode ID: 46dfad6d8e9134aad050829a9931ed8835e828b054ce390cf27c4360695fbc92
Instruction ID: 6511561778645e9829e4c2d4698390bb69f57e16a038ccfcc77ef4c3a804f075
Opcode Fuzzy Hash: 46dfad6d8e9134aad050829a9931ed8835e828b054ce390cf27c4360695fbc92
Instruction Fuzzy Hash: 39610AB4E5520A9FCB04CFA9D481AAFFBF2BF89211F149529D115F7354D3349A428F90

Function 085325B8 Relevance: 2.6, Strings: 2, Instructions: 145COMMON

Download Yara Rule

Strings

tz]+, xrefs: 0853262D
1J[+, xrefs: 0853268F

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID: 1J[+$tz]+
API String ID: 0-24436594
Opcode ID: 9645b1b99da4dcd113402c90e49428b86d442cef2077e80542d333b2346db023
Instruction ID: d1ce9f92bff2f1fe523e0b2079ba16c2eeb4b97272028c47d31f80a2d9f57e10
Opcode Fuzzy Hash: 9645b1b99da4dcd113402c90e49428b86d442cef2077e80542d333b2346db023
Instruction Fuzzy Hash: 4D51D3B5E0521A8FCF08CFA9D881AEEBBF2BF88241F14952AD415FB354D73499428F54

Function 085325A8 Relevance: 2.6, Strings: 2, Instructions: 142COMMON

Download Yara Rule

Strings

tz]+, xrefs: 0853262D
1J[+, xrefs: 0853268F

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID: 1J[+$tz]+
API String ID: 0-24436594
Opcode ID: 81efda90e2154dcd1840a1916f2969aed165c609657e8f7d3de56e4776d931da
Instruction ID: 9d97daf40a5bf80c9fbd8aa09af5a8ff19997732416286323a5be8e6de0ba43a
Opcode Fuzzy Hash: 81efda90e2154dcd1840a1916f2969aed165c609657e8f7d3de56e4776d931da
Instruction Fuzzy Hash: F15101B5E0521A8FCF08CFA9D8819AEBBF2BF89242F14852AD405FB350D7349942CB50

Function 03C79338 Relevance: 2.6, Strings: 2, Instructions: 132COMMON

Download Yara Rule

Strings

4'^q, xrefs: 03C793AF
@ubq, xrefs: 03C79410

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID: 4'^q$@ubq
API String ID: 0-1482002812
Opcode ID: 344cef92cff71975a28693d6c24f573c3520fda35bda64fafac530a6b063acff
Instruction ID: d9cd0c07c2275909f37529b3f5171227292bebe68ef647d96e877441c206aa37
Opcode Fuzzy Hash: 344cef92cff71975a28693d6c24f573c3520fda35bda64fafac530a6b063acff
Instruction Fuzzy Hash: 4F514B74D02218DFCB18DFA9D981A9DFBB2BF89300F2491A9E409EB255DB345E46CF50

Function 03C7F621 Relevance: 1.8, APIs: 1, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 1494236c66d92d3d4857d0eb59f0608bbc2149325d4811a44f4fab939b2e170c
Instruction ID: bc45655f2f5f877f5cc5b37f76deb2e9b092d05376850358438b95c4cbd98b47
Opcode Fuzzy Hash: 1494236c66d92d3d4857d0eb59f0608bbc2149325d4811a44f4fab939b2e170c
Instruction Fuzzy Hash: 97D18B75A003099FCB14EF79D8909AEBBF5FF89300B14856AD846EB351DB34E946CB90

Function 08E4DB64 Relevance: 1.6, APIs: 1, Instructions: 115COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?), ref: 08E4DC70

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 118e2d09a3cb07a54f1a0bbce4b8a507c3610aece4743e654bed0220b5a6317a
Instruction ID: 50c660322689c12513b12bd58377f425e9476c29c151d671342cc685c723c1da
Opcode Fuzzy Hash: 118e2d09a3cb07a54f1a0bbce4b8a507c3610aece4743e654bed0220b5a6317a
Instruction Fuzzy Hash: CC51A9B5D012589FDB20CFA9D984ADDFBF4BB49314F20902AE419BB250D774998ACF50

Function 08E4DB70 Relevance: 1.6, APIs: 1, Instructions: 111COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?), ref: 08E4DC70

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 0b8c00f2422bea91f3535c978c25bce146efcb67dbaddadf75386c5a0c026e6d
Instruction ID: 90ac33f2bfed70afa73ff02ce44303d89ceba037364a151c8dbbb4a22fb1f896
Opcode Fuzzy Hash: 0b8c00f2422bea91f3535c978c25bce146efcb67dbaddadf75386c5a0c026e6d
Instruction Fuzzy Hash: C35199B5E01258DFDB10CFA9D984ADDFBF4BB49304F20902AE418BB250D774A98ACF54

Function 03C79F78 Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 03C7A006

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: CheckDebuggerPresentRemote
String ID:
API String ID: 3662101638-0
Opcode ID: 2b12911860f64e026ae4205fc3e3fd6bffab8fad263b0201e5be0606f7373e6e
Instruction ID: 9efad77f63dac70a5f07d6aa87b8e7827caada24be24d11e70b1ad5567c15d0a
Opcode Fuzzy Hash: 2b12911860f64e026ae4205fc3e3fd6bffab8fad263b0201e5be0606f7373e6e
Instruction Fuzzy Hash: BE3197B9D012189FCB10CFAAD984A9EFBF1FB49310F20942AE819B7300D735A945CF94

Function 08E43E10 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

4'^q, xrefs: 08E43E34

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: feb88f07a1df0bffe9df41d0e29c77501680d6fcdfb45e55eb54ceccb8f62fdb
Instruction ID: ae3e8ab3cdc38b5d1d96b2e5a8c2f85676957b62d22747138ddd69bca78e1c10
Opcode Fuzzy Hash: feb88f07a1df0bffe9df41d0e29c77501680d6fcdfb45e55eb54ceccb8f62fdb
Instruction Fuzzy Hash: 20A1AC35705301DFD388DB38D984A6AB7A6EB84601F10A57AC81E9F3A1CF35EC46CB95

Function 08E43224 Relevance: 1.5, Strings: 1, Instructions: 259COMMON

Download Yara Rule

Strings

4'^q, xrefs: 08E43E34

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: fadc6c43e57ee3ed82d38199f6d2d57a05fa87f7997a9feac5bf6830c392440d
Instruction ID: 313414ae553b6dcaae94d1b8e92414884235e727481b28e4436c9566098c8fc5
Opcode Fuzzy Hash: fadc6c43e57ee3ed82d38199f6d2d57a05fa87f7997a9feac5bf6830c392440d
Instruction Fuzzy Hash: 92A1AD35705301DFD388DB38D984A6AB7A6EB84601F10A979C41E9F3A4CF35EC46CB95

Function 08533F68 Relevance: 1.0, Instructions: 958COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47e531eb265ec8a8c67700b194a66185aa613d1fa69c184620f055a994674cbb
Instruction ID: 6307a56b933d24e96333bb8ecbb1c5c81f889802388eb3cbd505122f213eb2e0
Opcode Fuzzy Hash: 47e531eb265ec8a8c67700b194a66185aa613d1fa69c184620f055a994674cbb
Instruction Fuzzy Hash: C6A2A574A4122A9FCB64DF68C980ADDBBF1BF89300F1191E5D409AB365DB34AE85CF44

Function 0856E803 Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c06f78ea089de943e32bed6a3370efe40ee42ce673c928b758963f908216577c
Instruction ID: 73c6adc9f1aa303b07d9bf32dbe94170f08b1235d842ea11e8f1cbad1fd9900d
Opcode Fuzzy Hash: c06f78ea089de943e32bed6a3370efe40ee42ce673c928b758963f908216577c
Instruction Fuzzy Hash: 28E11879E46259CFCF04CFA9C842ADEFBF2BF8A211B249519D405FB255D33899028B64

Function 0856E827 Relevance: .4, Instructions: 387COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90d4f97a2f405d251a40bb7c6bc93d60954493de98bd5044d1e23e3136569d14
Instruction ID: e30311bcde4e8b5beef73444a5adbc0e9bdd5d9577e5945ae50d227be772677f
Opcode Fuzzy Hash: 90d4f97a2f405d251a40bb7c6bc93d60954493de98bd5044d1e23e3136569d14
Instruction Fuzzy Hash: 3EE12979E46259CFCF04CFA9C842ADEFBF2BF8A211B249519D005FB255D3389912CB64

Function 0856E8B0 Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56d24996513c97b310edbcc6fcb576a6231217527d1cf4b9f563ecf6b3af680a
Instruction ID: 91ed1c7352fb8e5398b573a1a06a1c33b319336bc1f120dd3956217b24497802
Opcode Fuzzy Hash: 56d24996513c97b310edbcc6fcb576a6231217527d1cf4b9f563ecf6b3af680a
Instruction Fuzzy Hash: EBE1B379E45219CFCF44CFA9C881ADEBBF2BF89311F249529D405F7254D738A9028B64

Function 085680A8 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 432d5532e7eb2550e7dbd9ba280283e4f609b681ae6cbb4af239119455ec6b79
Instruction ID: 5bbc58f676b9792ed8107cba61bfeff08b7089a5955713b49dda2729bf39f2be
Opcode Fuzzy Hash: 432d5532e7eb2550e7dbd9ba280283e4f609b681ae6cbb4af239119455ec6b79
Instruction Fuzzy Hash: 21E13A35E51209EFCB14CFA9E89099DFBB2BF89310F649669E409E7350DB309A85CF41

Function 08562C39 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f104dc1f7f1292e6ccd1c850b9ae983f69dc8b7a82ed1d471c521bf58f400718
Instruction ID: 4e5e90ba8dbe5d85bf079aad032e5250954000c89cd2e711e5988d877bc1f4e2
Opcode Fuzzy Hash: f104dc1f7f1292e6ccd1c850b9ae983f69dc8b7a82ed1d471c521bf58f400718
Instruction Fuzzy Hash: 3FD14C34A00209CFDB14DFA9C948BADBBF1FF84326F158568E405AF3A5DB749956CB80

Function 0B006788 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667e905d0e76a8778c033b2bc8824ef913d2c769f11db3c2a804d2975c184825
Instruction ID: 1a066d4881b8da486aa8b9eadd201649ace8b224e46b5582d9fa1b54daaf8ca0
Opcode Fuzzy Hash: 667e905d0e76a8778c033b2bc8824ef913d2c769f11db3c2a804d2975c184825
Instruction Fuzzy Hash: 36D13D74A11619CFDB54DF24C884B9AB7B6FF85300F5081E9D409AB3A1DB35AE86CF42

Function 0B007958 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ff17a6f1bdd2b7b06fc81b5adf7ff8bf62246c9aa8224a86c45950fdb8a590b
Instruction ID: 361b40c369469c09c558d8bdf0bc5adaeb27e66334854b8c2dd7ba37de790762
Opcode Fuzzy Hash: 2ff17a6f1bdd2b7b06fc81b5adf7ff8bf62246c9aa8224a86c45950fdb8a590b
Instruction Fuzzy Hash: 4AD12B74A11719CFDB54DF24C844B9ABBB6FF85300F1081E9D409AB2A1DB35AE86CF42

Function 03C78B01 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c34dfcc2184728fd23ac15b813f71f3d0d4d54c8759e2977441585a5167f727
Instruction ID: a6fe8bd703c36467b9cb870b8557917ca77610c5e11b9c8f86afcb22cec1f48a
Opcode Fuzzy Hash: 7c34dfcc2184728fd23ac15b813f71f3d0d4d54c8759e2977441585a5167f727
Instruction Fuzzy Hash: EBC14C74E0520A9FCB04CFA9D8869AFFBB2BFC9310F28D515D915EB744D734A8428B64

Function 08533ED9 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 722698f98c8340b4af808e77539a9b634f6c846f7f9d80029f1d371897a20775
Instruction ID: 994f012774fcc80e5c0d8d7656d928eef595665f2f8fdb8e3b92ad66d8579d84
Opcode Fuzzy Hash: 722698f98c8340b4af808e77539a9b634f6c846f7f9d80029f1d371897a20775
Instruction Fuzzy Hash: 7DD13474A042599FCB54CF68D984ADEBBF5BF89300F1581E9D448AB366DB309E85CF40

Function 0B002651 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63b62d98cf12eb6c017a12be6727238dc3f7a949002cd8ed1c7f76dd142915ac
Instruction ID: a7db9975c435b86d0fde4bafe9756259007ac5f7e8b619d6b3e8985b3a3dc155
Opcode Fuzzy Hash: 63b62d98cf12eb6c017a12be6727238dc3f7a949002cd8ed1c7f76dd142915ac
Instruction Fuzzy Hash: 91B1A231A1410AEFEF091FA4CD497BEBF36AB81700F504495F8997A2D5CF3589B09B86

Function 0B002660 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac4fe015c958c64b34eaadffa25f2df2e000d0af36152578f4ce4f7f25a404c3
Instruction ID: 49b31488404c24629abd54cb82694de4500fcc6397fc9371c7b53d4accb95956
Opcode Fuzzy Hash: ac4fe015c958c64b34eaadffa25f2df2e000d0af36152578f4ce4f7f25a404c3
Instruction Fuzzy Hash: 2DB1B231A1410AEFFF091EA4CD497BEBE37AB81700F504451F8997A2D4CF3589B09B86

Function 07C94ABA Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7073a680834ad27185dbfbd48bb2766992d0533fe1a775bce1cace1e3136b393
Instruction ID: 59fafcad67375b478625261855f137b04cdac6f5afa2c472e5515e77cdbeeaf2
Opcode Fuzzy Hash: 7073a680834ad27185dbfbd48bb2766992d0533fe1a775bce1cace1e3136b393
Instruction Fuzzy Hash: 76C19DB1D002499FDF59CF65D88479EBBF2AF88300F14C1A9D449AB255EB30DA86CF51

Function 08533EA8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb70ef0a975730de94e776daae43e5fc15063067a6cab04726d3d6d434c7f414
Instruction ID: b0c08cf615b3234cfa0409b46fd6005f29df0f41165dde37164b69c8c3d3e85c
Opcode Fuzzy Hash: eb70ef0a975730de94e776daae43e5fc15063067a6cab04726d3d6d434c7f414
Instruction Fuzzy Hash: B8C10374E0026A9FCB54DF69D984ADDBBF1BF89300F1181A9D408AB365EB349E85CF40

Function 0B00545E Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edb50253dd8c219ff42ead234368b12a961273828c3dd887e1b08cd9493cf027
Instruction ID: a795e51b6041e9de353671d702e09f54d633d915de96b3f60c71db8636f55f85
Opcode Fuzzy Hash: edb50253dd8c219ff42ead234368b12a961273828c3dd887e1b08cd9493cf027
Instruction Fuzzy Hash: 9AB15D3092461ACFDB64DF68CC9469DB772FFA5300F1086AAE44977290EB70AAD5CF41

Function 08EFD5F0 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306562425.0000000008EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8ee0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c34aa57aa349f91d24d3e6b3dffe1d2250c31feb1f5e3f22e5e105aefd7300b4
Instruction ID: d175da8e0a0e4804c145f740b3b6be20ebe780b688b7d6730f8d56a231556523
Opcode Fuzzy Hash: c34aa57aa349f91d24d3e6b3dffe1d2250c31feb1f5e3f22e5e105aefd7300b4
Instruction Fuzzy Hash: 3F61C371B082029BE3489E38D941766BA96BBC4701F01953AE61FCF3D5CBB9DC158BD1

Function 08ECDD97 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306373146.0000000008EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8ec0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c414b3a53b4b0ddb004d105a0007d3d86a0424ddc51b9150d6178d2ea001bab2
Instruction ID: cecbbe7098c2288b6897f06459cef59c5847890659afc55761d55777b6c4445c
Opcode Fuzzy Hash: c414b3a53b4b0ddb004d105a0007d3d86a0424ddc51b9150d6178d2ea001bab2
Instruction Fuzzy Hash: D3714C35E04659DEDB04CFA4C9806AEBBB2FF88301F14953EE809AB791D735D946CB41

Function 08532AD0 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c798918195103add2dd4b07f9caa65dd6b5d3d5b7281c7f22f679f0709c9ed7
Instruction ID: 51824bb56ec49e9eefcacf0afbdfeac8e8a86758378bcbdaed1c63aad85cbe18
Opcode Fuzzy Hash: 0c798918195103add2dd4b07f9caa65dd6b5d3d5b7281c7f22f679f0709c9ed7
Instruction Fuzzy Hash: E161E674E0421ACFDB14CFA9C8916AEBBB2BF89301F14856AD419FB354D7389942CF50

Function 08567140 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 066a4205a62a1d21e6a1ca8cbdab0566be117e0eed391d80fbeaa2b51df4a2e6
Instruction ID: 8225da5efcaa50adf7837bc2120a3e50f6aff7cd5a6d61e46fb29f299388bddf
Opcode Fuzzy Hash: 066a4205a62a1d21e6a1ca8cbdab0566be117e0eed391d80fbeaa2b51df4a2e6
Instruction Fuzzy Hash: BD513B74E4010A9FCB04CFA8D9819EEFBB6FF89310F648666D415BB314D730AA55CBA1

Function 08567150 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0881ed617927f19fabc357c8427c2f72bc1ed331a3479166ab8719dcd3e3b6e
Instruction ID: 4a9f4ed266267ec2c309f2d71171b64715fa44a8d8b4cbcc76954cc544e5790a
Opcode Fuzzy Hash: a0881ed617927f19fabc357c8427c2f72bc1ed331a3479166ab8719dcd3e3b6e
Instruction Fuzzy Hash: 6C515C74E4010A9FCB04CFA8D9819EEFBB6FF89310F648666D415BB314D730AA55CBA1

Function 08532AC0 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd68e19038f96137bb704fe5db7bfdfca7737c77e60b65d3ba001d485376a70
Instruction ID: 4c98c93f12111ceb6bfce8f2333e6cbe603291d04c810adce9c73d9b8b439b20
Opcode Fuzzy Hash: 8fd68e19038f96137bb704fe5db7bfdfca7737c77e60b65d3ba001d485376a70
Instruction Fuzzy Hash: 0351F474E0421ACFDB14CFA9C891AAEBBB2BF89301F14856AD419FB354D7389942CF51

Function 03C79D74 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1a31796f8d4ba1a4c59a477f48ddd728635f2f0f2af957e2aece518800029ef
Instruction ID: 2e4ae48e76abebf077d4f2ffff437dcafc8745e3de6f7a398954f6141420e654
Opcode Fuzzy Hash: e1a31796f8d4ba1a4c59a477f48ddd728635f2f0f2af957e2aece518800029ef
Instruction Fuzzy Hash: 6B5100B0D102189FCB14CFA9D885BDDFBB1BB09304F24912AE815EB350DB749946CF85

Function 0B00DB1F Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 961ab897a1da3560394824d22d0fbddca7e26e478708da9495de587b818e9e9a
Instruction ID: 49b1e1e96833aafde7cda2cb5b6c68c9feda0b312f579b6b233846cd6ae16108
Opcode Fuzzy Hash: 961ab897a1da3560394824d22d0fbddca7e26e478708da9495de587b818e9e9a
Instruction Fuzzy Hash: 09515074E15259DFDB08DFE8C8815AEBBB6FF88700F10413AE805E7291DB359901CB95

Function 03C78F7C Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4a5a84de7aea0bf3be2b57b59ece754e10127b35248d146a11de17552552d55
Instruction ID: 5675bf7b3f7a6a261374d51ffd3e40dc3d3b4ca6b55cde5b0bf50724f9d8ca29
Opcode Fuzzy Hash: c4a5a84de7aea0bf3be2b57b59ece754e10127b35248d146a11de17552552d55
Instruction Fuzzy Hash: 3851FDB0D102588FDB14CFA9D885B9DFBF1BB49304F24912AE815EB350DB749946CF85

Function 0B009260 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 482c10659b07b853c393c119979e78e9d54a59815a0556b080cf3f7590386b26
Instruction ID: 8eeeefb7218bf91d40064d2baf5274d63f05067a8b93b314fe7a4327caf49b6d
Opcode Fuzzy Hash: 482c10659b07b853c393c119979e78e9d54a59815a0556b080cf3f7590386b26
Instruction Fuzzy Hash: AB515D75E14218DFDB08DFE9D8805AEBBB6FF88710F10812AE815E7391DB359941CB91

Function 08532D22 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59e054cd50350108d85580ec7944ee1600beb28b06e0e76a2749fd1529ed6b7e
Instruction ID: 45d4993c20d9896f0345dbe4d46e5a4aacd4d4a0f1fabdeefaa73c8950010221
Opcode Fuzzy Hash: 59e054cd50350108d85580ec7944ee1600beb28b06e0e76a2749fd1529ed6b7e
Instruction Fuzzy Hash: 7351D674E4422ACFDB14CFA4C891AAEBBB2BF89241F148569D419FB354D7389982CF50

Function 08532E77 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34ce48bff92fed8756cdb70e40593c5c42052b6a7ea7aaf65da16c656c25f012
Instruction ID: 5a0bd81e187847e0dd8b5d6691a172c6204a50ef78e1f815c0b2a205217ac6f0
Opcode Fuzzy Hash: 34ce48bff92fed8756cdb70e40593c5c42052b6a7ea7aaf65da16c656c25f012
Instruction Fuzzy Hash: D351E3B4E4422ACFCB14CFA4C891AAEFBB2BF89241F248569D415FB354D7389942CF54

Function 08532BFC Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 910cda59c5e6bdbfb1b149dfe014355c7e9b68a9cb0a2b6b93b5cc5a7dfeb179
Instruction ID: ed4999fc805bbc547066977813923e5c995caedeab372bdde35df9fba0f85cfa
Opcode Fuzzy Hash: 910cda59c5e6bdbfb1b149dfe014355c7e9b68a9cb0a2b6b93b5cc5a7dfeb179
Instruction Fuzzy Hash: FD51D2B4E0522ADFCB54CFA8C891AAEFBB2BF89241F14856AD415F7354D3389942CF50

Function 08532B92 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36026baff4cd727cb0b0cb4c49567f1ba33d8d737a941fe1b2a4f102486e37a2
Instruction ID: fcaf2e01c83b42229237b844a264e15da65142b058744b2e24e7fbe4149ece3b
Opcode Fuzzy Hash: 36026baff4cd727cb0b0cb4c49567f1ba33d8d737a941fe1b2a4f102486e37a2
Instruction Fuzzy Hash: EE51E3B4E4422ACFCF14CFA4C891AAEBBB2BF89242F149569D415FB354D3389942CF54

Function 08E491B4 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fde65ac201954bf21d3008070a1d9ba0c3fcdd329fb085a82c288a80453c729
Instruction ID: 37e0167f3d519d889695532d05f5f810bff3a44a4e3225ac6dd179f94eec77ed
Opcode Fuzzy Hash: 6fde65ac201954bf21d3008070a1d9ba0c3fcdd329fb085a82c288a80453c729
Instruction Fuzzy Hash: 4C5114B5D042489FCB10DFA9E584AAEFFF5AF49304F20A42AE449BB361C7349846CF54

Function 0B00DB38 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f4eafce68bb568e5e48e96b0240b3a076e1c951757ebc8ec011d47a51194d52
Instruction ID: a5151b1a4b03a480ab69b1f8f39ad30d329b8c4e2a818559560edb9cbef3de81
Opcode Fuzzy Hash: 2f4eafce68bb568e5e48e96b0240b3a076e1c951757ebc8ec011d47a51194d52
Instruction Fuzzy Hash: 6F412C74E10259DBDF08DFE8D8815AEBBB6FF88700F10813AE815A7390DB359902CB95

Function 0B009270 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1a7df9f65a89ab15494abdcf715adbba45899b72b85c6c61b1ecfc6dc0a2107
Instruction ID: 101e91d5b469110a6aca43bce51f9a345ba8d7f920a96d6ead54ff552bab5596
Opcode Fuzzy Hash: b1a7df9f65a89ab15494abdcf715adbba45899b72b85c6c61b1ecfc6dc0a2107
Instruction Fuzzy Hash: DE414D75E14218DFEB08DFE9D8805AEBBB6FF88710F10802AE815E7390DB359941CB81

Function 08532BC6 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d762c328d3af8e472e616d03da7b7a9bcd0b8628de4ef1ada6600c14294520a2
Instruction ID: 3db8985cafd703e6b12ce792adcdec749c1dbfdf89f96a2db4bdd73e54dae3ff
Opcode Fuzzy Hash: d762c328d3af8e472e616d03da7b7a9bcd0b8628de4ef1ada6600c14294520a2
Instruction Fuzzy Hash: DF51C2B4E0422ACFCB14CFA4C891AAEFBB2BF89241F149569D419FB354D7389942CF54

Function 08532B77 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca3b4a47aa2a87286ebfaf59526b7cb68f6ed2d1f762e72070af2172bd5d986d
Instruction ID: 2f48e8abb79f8eaee1cfdca122b7c147a252facff373afe7826a900c87e26747
Opcode Fuzzy Hash: ca3b4a47aa2a87286ebfaf59526b7cb68f6ed2d1f762e72070af2172bd5d986d
Instruction Fuzzy Hash: 5341D3B4E1422ACFCB14CFA4C891AAEFBB2BF89242F148569D415FB354D3389942CF54

Function 07C90F28 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5008c21e318a9ee56ba7854cadfe1d883118a52b4a3cf4fcc716bf837428206c
Instruction ID: b03e289d54bf95d2290fb260290418a68992a0a6a849c6c42c94ccf7572e954e
Opcode Fuzzy Hash: 5008c21e318a9ee56ba7854cadfe1d883118a52b4a3cf4fcc716bf837428206c
Instruction Fuzzy Hash: 33217FB4D01209DFDF44CFAAC4846EEBBB1AB49350F10D129E814B7250D7349681CF98

Function 07C90F2D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0adb3235e2b80b4e1f0d6feda92b092508858d0e0c36f7ce3ec4281150f15eee
Instruction ID: b91d09176073c5ea813eb81538f7d01db800009a03912c5dea35648c34c69f4c
Opcode Fuzzy Hash: 0adb3235e2b80b4e1f0d6feda92b092508858d0e0c36f7ce3ec4281150f15eee
Instruction Fuzzy Hash: 9C11B6B4D01219DFDF54CFA9C4846EDBBB1BB4A360F20E125E82477294D7349A85CF54

Function 07250498 Relevance: 5.2, Strings: 4, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 072506E2
xbq, xrefs: 07250627
xbq, xrefs: 072505CB
(bq, xrefs: 0725070E

Memory Dump Source

Source File: 00000000.00000002.2287514250.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7250000_Titan.jbxd

Similarity

API ID:
String ID: (bq$(bq$xbq$xbq
API String ID: 0-2582918839
Opcode ID: d2c358fb8a66e298d74bb9c843fee4a5d098a5af897b20ba66f07f4742d298b8
Instruction ID: 44e9057e52782c792d64deb4f7a7e2f377eb1ba4dc284294fecec3839dc782f5
Opcode Fuzzy Hash: d2c358fb8a66e298d74bb9c843fee4a5d098a5af897b20ba66f07f4742d298b8
Instruction Fuzzy Hash: 8761CC753002059FDB159F28D950BAE7BA2EFC9314F14856DE80A9B3A1DE36EC42CB91

Function 07C905A0 Relevance: 2.8, Strings: 2, Instructions: 305
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 07C9072E
(bq, xrefs: 07C907E4

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 3cf5fa296d5b5512fc6548253db76f241698aa42e8ce34c9a7709442f1197cfd
Instruction ID: c8872f2f7442f4b3f955bda206ae06cb08ee26ba934ea7f3dc57fcddbf76253c
Opcode Fuzzy Hash: 3cf5fa296d5b5512fc6548253db76f241698aa42e8ce34c9a7709442f1197cfd
Instruction Fuzzy Hash: E0B16D70E002198FDB54DFA8C454BAEBBB6FF89300F10856AD406AB394DF749986CF55

Function 0B0067B8 Relevance: 2.7, Strings: 2, Instructions: 187COMMON

Download Yara Rule

Strings

Hbq, xrefs: 0B00862F
(bq, xrefs: 0B008603

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 89a8bf201f09d61f6f0a1a8976efceead6da7ce812d0c579548f1e8016c8addc
Instruction ID: 89fa41dd5617a60b4dd1ff8c60745c0f9e372d5403767016b7f1cc05fd12c09d
Opcode Fuzzy Hash: 89a8bf201f09d61f6f0a1a8976efceead6da7ce812d0c579548f1e8016c8addc
Instruction Fuzzy Hash: B3619135B002499FDB09EFA4C854AADBBB2FFC8700F108169E406AB394DF349D46CB91

Function 085673F8 Relevance: 1.7, Strings: 1, Instructions: 443COMMON

Download Yara Rule

Strings

a^q, xrefs: 08567683

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: a^q
API String ID: 0-3411664965
Opcode ID: 62a74602ad28d3823f309f5ad1bcaea3c9e03017df0c31d4e6edbcdd107b0cbb
Instruction ID: 2f57ee8a26ca81465b795a915e019d31989d23d08a1aecb6081595e007103df8
Opcode Fuzzy Hash: 62a74602ad28d3823f309f5ad1bcaea3c9e03017df0c31d4e6edbcdd107b0cbb
Instruction Fuzzy Hash: 4812A478A01218DFCB54DFA8D480A9DBBF6FF89320F108599E809AB355DB31AD85CF51

Function 085673E9 Relevance: 1.7, Strings: 1, Instructions: 420COMMON

Download Yara Rule

Strings

a^q, xrefs: 08567683

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: a^q
API String ID: 0-3411664965
Opcode ID: 097a34acd282d9e93f9a3f383320b05b58ba0cb69f6350556cafbe2d939e2c1c
Instruction ID: 4b34010c8fa67e6f4e6598ae3d05b11f9a97403f2bbc63416e0ceb523a31c17c
Opcode Fuzzy Hash: 097a34acd282d9e93f9a3f383320b05b58ba0cb69f6350556cafbe2d939e2c1c
Instruction Fuzzy Hash: AE12C578A01218DFCB54DFA8D480A9DBBF6FF89320F108599E849AB355DB31AD81CF51

Function 03C7B3BC Relevance: 1.7, APIs: 1, Instructions: 158COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 03C7B4B9

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 26992c92946b69a8f619abdd8118cfce5739b9c4e6b7485e4cdca53bddd85dcd
Instruction ID: e2e05a2363e6cd6f723ecbe78454d7ff9739bc161a0d39cc01b8e790ad960a33
Opcode Fuzzy Hash: 26992c92946b69a8f619abdd8118cfce5739b9c4e6b7485e4cdca53bddd85dcd
Instruction Fuzzy Hash: BE5105B1D00219DFDB20CFA9C844BDEBBF5AF49300F1480AAD549FB250DA756A85CF91

Function 08ECB0B1 Relevance: 1.6, APIs: 1, Instructions: 127COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 08ECB1B3

Memory Dump Source

Source File: 00000000.00000002.2306373146.0000000008EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8ec0000_Titan.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 1e8052eb850fd43333ed075b37558600822df94fb74b5364c9de7a5e6e96cac4
Instruction ID: 4aa288794b75147d9d8cdf2e3082c3ed543b25cd3509e41fd05cc50f8c847ad1
Opcode Fuzzy Hash: 1e8052eb850fd43333ed075b37558600822df94fb74b5364c9de7a5e6e96cac4
Instruction Fuzzy Hash: A15155B5D012589FDB10CFA9D984ADEFBF1BB49314F24902AE818BB221D335A946CF54

Function 03C79160 Relevance: 1.6, APIs: 1, Instructions: 126COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 03C7B4B9

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 239d40d828f99e7a7cd8d81cf125a0602a540d5f6a402c8c88fa674ba6bbcfbd
Instruction ID: 9a451fbba8bdf6117aebea22a7172f23190c72b23c9d862c97cbebf4ca523d8f
Opcode Fuzzy Hash: 239d40d828f99e7a7cd8d81cf125a0602a540d5f6a402c8c88fa674ba6bbcfbd
Instruction Fuzzy Hash: 8951E3B0D00218CFDB60DFA9C944B9EBBF5AF49300F1080AAD509FB251DA756A89CF91

Function 08ECB0B8 Relevance: 1.6, APIs: 1, Instructions: 126COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 08ECB1B3

Memory Dump Source

Source File: 00000000.00000002.2306373146.0000000008EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8ec0000_Titan.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 2cc0b5a6c07ff61b9259f32826d17e435fd993624e0f68d2898d0d9d3b1c5444
Instruction ID: 233b232a78a6658dd93e00c56f740dc5ddbaa672c2371ad4ad79747b7a1317f6
Opcode Fuzzy Hash: 2cc0b5a6c07ff61b9259f32826d17e435fd993624e0f68d2898d0d9d3b1c5444
Instruction Fuzzy Hash: 645145B5D012589FDB10CFA9D984ADEFBF1BB49314F24902AE818BB321D335A946CF54

Function 03C71A68 Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 03C71B17

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: e4c8c805af09fbbfc087d5ada093003735368d8d9bca19ee76d2f3e9822af0b9
Instruction ID: 024e0b1eaad40b7f6dd490af2f4a3116e2631c7b4af8ff08d4671c7915ccdee8
Opcode Fuzzy Hash: e4c8c805af09fbbfc087d5ada093003735368d8d9bca19ee76d2f3e9822af0b9
Instruction Fuzzy Hash: 3F3198B9D01258DFCB10CFAAE884ADEFBB1FB19310F24902AE814B7210D775A945CF64

Function 03C71958 Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 03C71A07

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 0e1fc24fa6bf58deebf9d2d7c6fe368eaded7393fb85cf01246b69f630d3e00d
Instruction ID: 48ca8342c1fdddcdcfda387bb2919a7db94ae86bbb2b65c3044c361faaf02362
Opcode Fuzzy Hash: 0e1fc24fa6bf58deebf9d2d7c6fe368eaded7393fb85cf01246b69f630d3e00d
Instruction Fuzzy Hash: 213198B9D01258DFCF10CFAAE584ADEFBB1BB49310F24902AE814B7210D335A945CF64

Function 03C71A70 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 03C71B17

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: eebd1c91220c7301ee4f34970eb87753d0217a7209aac744b157421f64292f78
Instruction ID: 74bb3e3ef8ec44805f2afbc047bf90b29b7050cc8689559a5cdce4acd93b42f0
Opcode Fuzzy Hash: eebd1c91220c7301ee4f34970eb87753d0217a7209aac744b157421f64292f78
Instruction Fuzzy Hash: 9F3199B9D05258DFCB10CFAAD484ADEFBB1BB09310F24902AE814B7210D735A945CF64

Function 03C71960 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 03C71A07

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 4ba69ff51b02af20e3dfe5e138266396590f9bd20c3d864cb9f0e72a9c276896
Instruction ID: b09b8660f13006635d9c0849c6ee620e8764c13a1cce5ac08e52bece7af76c2b
Opcode Fuzzy Hash: 4ba69ff51b02af20e3dfe5e138266396590f9bd20c3d864cb9f0e72a9c276896
Instruction Fuzzy Hash: C43179B9D05258DFCB10CFAAE584ADEFBB5BB09310F24902AE814B7210D375A945CF64

Function 0853A84A Relevance: 1.6, APIs: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0853A8EB

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 3f84e5617905fd5b559bde555af003fa42f03ebc8478854f5c08ec53ad8d725a
Instruction ID: fdab790f42384ffe19470dbb3ca34d58393f4ee6a8da0e8b61a8c13c6fb3b0ed
Opcode Fuzzy Hash: 3f84e5617905fd5b559bde555af003fa42f03ebc8478854f5c08ec53ad8d725a
Instruction Fuzzy Hash: 153197B9D01268DFCB10CFA9E584ADEFBF1BB09314F14906AE854BB210D335AA45CF64

Function 03C79F70 Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 03C7A006

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: CheckDebuggerPresentRemote
String ID:
API String ID: 3662101638-0
Opcode ID: 382114038ad76ae3287f36c9a8b40a128ade5b47af4dd81bc5b76dc6db35bc10
Instruction ID: a9e978930555ac61e0a9d831a3df70844797a45d94bfb10b35cd3b797bf3a9b2
Opcode Fuzzy Hash: 382114038ad76ae3287f36c9a8b40a128ade5b47af4dd81bc5b76dc6db35bc10
Instruction Fuzzy Hash: F531BBB4D012189FCB10CFAAD984ADEFBF5FB49310F10842AE815B7200D735A945CF94

Function 08E4A96C Relevance: 1.6, APIs: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 08E4BBFB

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 355ce8e0c62f15b4d1fc8229e7f6842c458e0674df12076185a1279987b4179c
Instruction ID: 27f300eabd26285153684d6721f9ae22c0ceda1eebf1dba3d825d25ed0fecf41
Opcode Fuzzy Hash: 355ce8e0c62f15b4d1fc8229e7f6842c458e0674df12076185a1279987b4179c
Instruction Fuzzy Hash: CA3169B9D05258AFCB10CF99E584ADEFBF4EB49310F14A01AE818B7310D775A945CFA4

Function 0853A850 Relevance: 1.6, APIs: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0853A8EB

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 539c971ada98568db5a609900c80ea1f48b163e532669d30982cee413755d5b2
Instruction ID: 9af8c5331b6c17129cc6c5500d3bae2db1c0b085b9ebe3b014aad8985156c79c
Opcode Fuzzy Hash: 539c971ada98568db5a609900c80ea1f48b163e532669d30982cee413755d5b2
Instruction Fuzzy Hash: 5A3186B9D05268DFCB10CFA9E584ADEFBF5BB09314F14902AE858B7210D335AA45CF64

Function 08E4BB58 Relevance: 1.6, APIs: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 08E4BBFB

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: ec5db3b7ee15015b4a40ffe2ed1a23fffcdd3a836bdd9baf88446f71fca190e0
Instruction ID: 083cc8285b309023c5a3e5d22298bbe28b3193d2e9e9e9a5dd99709535243b57
Opcode Fuzzy Hash: ec5db3b7ee15015b4a40ffe2ed1a23fffcdd3a836bdd9baf88446f71fca190e0
Instruction Fuzzy Hash: 70318AB9D052589FCB10CFA9E584ADEFBF0AB49310F14A01AE818BB310D375A945CF64

Function 08ECFE28 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegisterDragDrop.OLE32(?,?), ref: 08ECFEDF

Memory Dump Source

Source File: 00000000.00000002.2306373146.0000000008EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8ec0000_Titan.jbxd

Similarity

API ID: DragDropRegister
String ID:
API String ID: 1555377906-0
Opcode ID: b05d0301b76fb9085e92516253c094f07ee88c145a412e0771a58245d7f93837
Instruction ID: 5b0ea6cdb4a296b7ab02b829b673c9422be0581e966ee2be4dad86bfe58ae50f
Opcode Fuzzy Hash: b05d0301b76fb9085e92516253c094f07ee88c145a412e0771a58245d7f93837
Instruction Fuzzy Hash: D331CBB5D002489FCB14CFA9C584ACEBFF1EF09314F20902AE819AB260DB759886CF54

Function 08EFD080 Relevance: 1.6, APIs: 1, Instructions: 85timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,?,?,?), ref: 08EFD11B

Memory Dump Source

Source File: 00000000.00000002.2306562425.0000000008EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8ee0000_Titan.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: b84d8b66611c9b2f63f00af09fa04a7fd70b45c6f46b4e316075f5bfca9fafa7
Instruction ID: 5bf6fbbba6d8d1fe55078a3eb124b9553baa2c2d94e3c44efdbd5257b2908c7d
Opcode Fuzzy Hash: b84d8b66611c9b2f63f00af09fa04a7fd70b45c6f46b4e316075f5bfca9fafa7
Instruction Fuzzy Hash: 3A3178B9D052589FCB10CFA9D984ADEFBF4EB09310F14902AE818B7310D375A945CF64

Function 08E4A440 Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 08E4A4DE

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 03250d89ff26ba340c18dc91374cba884de6aad9dfb098b024fd222b3b3126e2
Instruction ID: 7f12a01662d29c091b5c5cb33d8560f8d7ad5b1744386aa423952c9125931efe
Opcode Fuzzy Hash: 03250d89ff26ba340c18dc91374cba884de6aad9dfb098b024fd222b3b3126e2
Instruction Fuzzy Hash: 7F319BB5D01229DFCB10CF99D984ADEFBF5BB49314F14906AE458B7210D334AA45CF64

Function 08E4A439 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 08E4A4DE

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: f1481165cd4d21f008efcb33af333c5127c488878e3d156ee0b0fde240a10e64
Instruction ID: b54b58ef220aa348cf0982b181c2fedd1b22973abbe98a49b36acaf21baaccc7
Opcode Fuzzy Hash: f1481165cd4d21f008efcb33af333c5127c488878e3d156ee0b0fde240a10e64
Instruction Fuzzy Hash: 3E31BBB5D01229DFCB10CF99D984AEDFBF1BB49314F14906AE448B7210D335AA45CF54

Function 03C7E688 Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?), ref: 03C7FA02

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: e955f50d90ac472a5be8732e918934b2b33961bd3d35166363cb6edf428ccb23
Instruction ID: a6f5cab5eb290302af90c2e392a84c60d233e9b96ac29866f44352681ea27932
Opcode Fuzzy Hash: e955f50d90ac472a5be8732e918934b2b33961bd3d35166363cb6edf428ccb23
Instruction Fuzzy Hash: A53197B4D042599FCB14CFAAD484AEEFBF5AB49314F14906AE818B7320D374A945CFA4

Function 08E470CC Relevance: 1.6, APIs: 1, Instructions: 72comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?,?,?,?,?,08E47763), ref: 08E4780D

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: c806daa247f6a573e94eec2243700f0ad2fa6f52daa23f18719a132530cb7c2b
Instruction ID: ea804de12731c8419a407b7c28c54461dfc97c48214dd206b4deb2604abc7426
Opcode Fuzzy Hash: c806daa247f6a573e94eec2243700f0ad2fa6f52daa23f18719a132530cb7c2b
Instruction Fuzzy Hash: 9B318BB5D012589FCB10DFA9E884A9EFBF4EB09314F10A06AE818B7310D375A941CFA4

Function 0853E039 Relevance: 1.6, APIs: 1, Instructions: 71windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 0853E0BB

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: b3e0a95ee293270af44130bccec318e451fbea4d582ceaace4ea947a8714bd0a
Instruction ID: ca6ef9460699304eed225d69f579b31675d165a958faca002a50e0a192723086
Opcode Fuzzy Hash: b3e0a95ee293270af44130bccec318e451fbea4d582ceaace4ea947a8714bd0a
Instruction Fuzzy Hash: C831ACB9D002199FCB10CFA9D584ADEFBF4BB49320F14906AE518B7310D335A941CFA5

Function 08E47792 Relevance: 1.6, APIs: 1, Instructions: 70comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?,?,?,?,?,08E47763), ref: 08E4780D

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: e77cc374c8ba0a078389901ec916648776fa787368b850cf18dc319e442092c2
Instruction ID: 70c6c9a2f18e35a0e7be929415d1d6499bf855abd7b16e793f59e373ea3284f8
Opcode Fuzzy Hash: e77cc374c8ba0a078389901ec916648776fa787368b850cf18dc319e442092c2
Instruction Fuzzy Hash: 51319AB9D012189FCB10CFA9E985ADEFBF4BB09314F14A05AE818B7310D335A941CFA4

Function 0853E040 Relevance: 1.6, APIs: 1, Instructions: 68windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 0853E0BB

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: b826ad3e776f816e9eb18b6bc7a1c069aa702489d7a40b8fb2da2987a01e40f0
Instruction ID: 4aa02e8bf56a14b19f0a7a1273bf6db0a899f716afa7feca81a30f4244926241
Opcode Fuzzy Hash: b826ad3e776f816e9eb18b6bc7a1c069aa702489d7a40b8fb2da2987a01e40f0
Instruction Fuzzy Hash: F721ACB4D002199FCB10CFA9D584ADEFBF5BB49324F14902AE818B7310D335A941CFA5

Function 085665D0 Relevance: 1.5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

Strings

(&^q, xrefs: 08566809

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: (&^q
API String ID: 0-2067289071
Opcode ID: e494ccc6f24b9aa69433542967542669babfaa1f666d70125fb786ace04d50b4
Instruction ID: c96f5d9459fd05d74411d61721bc9e6809872e8068ed933b9a78356b6fdb0e55
Opcode Fuzzy Hash: e494ccc6f24b9aa69433542967542669babfaa1f666d70125fb786ace04d50b4
Instruction Fuzzy Hash: DDA13435B012168FCB15CF68E4909AEBBF6FBC5331F15466AD415DB281DB30AC66CB90

Function 0B002ED8 Relevance: 1.5, Strings: 1, Instructions: 267COMMON

Download Yara Rule

Strings

(bq, xrefs: 0B0064B7

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 8fb5492a88046d864c5699f69d213c622db13e8644e14b209c063f7451fc1f2b
Instruction ID: b0e150fd5b85af0831f9b623bba7fc8413a8d33ca28ecf5506a22f1522190d51
Opcode Fuzzy Hash: 8fb5492a88046d864c5699f69d213c622db13e8644e14b209c063f7451fc1f2b
Instruction Fuzzy Hash: F1A19AB5E00219AFCF05CFA9D9809EEBBF2FB49310F14912AE919B7250DB31A951CF54

Function 0B00817F Relevance: 1.4, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

(bq, xrefs: 0B008227

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 7b586d3139dab80a43330e46b78f9d38a3d905bdb3b4f4b0fa76862bcc540027
Instruction ID: 84fae058d3d1d9de31c1a26567d7ded41e990e0e2014c410a11025976db9529a
Opcode Fuzzy Hash: 7b586d3139dab80a43330e46b78f9d38a3d905bdb3b4f4b0fa76862bcc540027
Instruction Fuzzy Hash: A9514575E042589FCB04DFA9D884AAEBBF6FF89310F14802AE819E7350DB349D01CB95

Function 0B002E3C Relevance: 1.4, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

(bq, xrefs: 0B00712F

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 5f0d5f43722a6081d34c6e0ad9e797912128dd173d9b783b56e7d2d8f9a7d8ce
Instruction ID: a0f991809e90c95239a3b347ba0cf1437cd31062645c6be39455f695ffb7ac13
Opcode Fuzzy Hash: 5f0d5f43722a6081d34c6e0ad9e797912128dd173d9b783b56e7d2d8f9a7d8ce
Instruction Fuzzy Hash: 025149B5E002589FDB14DFA9D444AAEBBF6FF88310F14852AE409E7350DB34AD41CBA5

Function 0B0067A8 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

(bq, xrefs: 0B008227

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 5ae5cc48d3e7a9e75067acacde2bc7648d6b51e5f962e8bffa4aa17101d06238
Instruction ID: 7d456df9c3e075ac346c1b08a89459e6b0ce7c662ca67e16c0b0472d1bd46e4e
Opcode Fuzzy Hash: 5ae5cc48d3e7a9e75067acacde2bc7648d6b51e5f962e8bffa4aa17101d06238
Instruction Fuzzy Hash: E8513374E002189FCB04DFA9D884AAEBBF6FF89310F14842AE419E7350DB35AD01CB94

Function 08566DC0 Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

PH^q, xrefs: 08566F8B

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 36753fe652922040e9262aa75c1d37123b58615ab7c0a826b5c83487f8a916d7
Instruction ID: 673d50faeed7998cffb4da72c2d2f92c78d531a9266fd46db60afc65e602eb70
Opcode Fuzzy Hash: 36753fe652922040e9262aa75c1d37123b58615ab7c0a826b5c83487f8a916d7
Instruction Fuzzy Hash: 25613D35A00219CFCF14DF68D954AAEB7F2FF88326B104568E406AB3A4DB35EC51CB50

Function 0B002B84 Relevance: 1.4, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

(bq, xrefs: 0B003881

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 5e9376d293ca75cc3b769b1ddaa6202a9ac3942b1dce9eae959ae9125b116c74
Instruction ID: 69e356790fb26e15167f5224018f30e29833f1271de9b3b3d0bafebd9dfeb744
Opcode Fuzzy Hash: 5e9376d293ca75cc3b769b1ddaa6202a9ac3942b1dce9eae959ae9125b116c74
Instruction Fuzzy Hash: E651F3B5E102589FCF04DFA8D944AEEBBF5FF89310F10842AE815A7350DB71A905CBA5

Function 0B0089C8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

3, xrefs: 0B0088A4

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: 3
API String ID: 0-1842515611
Opcode ID: 6750513604b39f1cbbb42d87d9ccfb6b4c57bb37accf4a0a27bad97496798346
Instruction ID: 881615814e20c903a7bbffd5ec0ea0c5f5b9e65199ad0ed176ae226ba3dd1359
Opcode Fuzzy Hash: 6750513604b39f1cbbb42d87d9ccfb6b4c57bb37accf4a0a27bad97496798346
Instruction Fuzzy Hash: EC51D331A14308DFEB49EB64D891AADBBB2FF45314F1484A9E405AB3E2CF319C85CB40

Function 08566DB0 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

PH^q, xrefs: 08566F8B

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: c17155e24fb6c3728c0d032b6f3759c99dda40212600b98893134c40ff86f690
Instruction ID: 0d1c637c9a2b6aae4e546fef0c0387b3ae17850ff31297d27cc2b1a5a3f2485b
Opcode Fuzzy Hash: c17155e24fb6c3728c0d032b6f3759c99dda40212600b98893134c40ff86f690
Instruction Fuzzy Hash: AD511934A00214CFCF58DF64D994AAEB7F2FF99326B14456CE406AB3A5CB35AC51CB60

Function 07C9A008 Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

(bq, xrefs: 07C9A1A5

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 41c9879f455fbcea804901fc949abc387b927718840567950ff1081e48093a9c
Instruction ID: 58e2d8f1d29229301b4d3f8fe9abe4c00d81f68b6c573cdf631f5e9c22f68715
Opcode Fuzzy Hash: 41c9879f455fbcea804901fc949abc387b927718840567950ff1081e48093a9c
Instruction Fuzzy Hash: 3F51A175A00205DFDB54DF69C958BAEBBF6EF88600F108829E4069B390CF75AD41CB91

Function 07C90557 Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

(bq, xrefs: 07C90557

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: aa37059bd67ce44ea76a03183e1de06e012c9f3176b495ee3bc3c4a267f85d90
Instruction ID: 60dc3f9a712cbaa7ee375a83d4844b0e477d729190a888262e4a638e51488283
Opcode Fuzzy Hash: aa37059bd67ce44ea76a03183e1de06e012c9f3176b495ee3bc3c4a267f85d90
Instruction Fuzzy Hash: 55410875A003099FDB48EBB4D498AADBBB6FF85300F148439D502EB2A1DF349D46CB61

Function 0B008820 Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

(bq, xrefs: 0B00895D

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 3bc625b8a7148ce7673bddc6709dd81aefcc5f987f2f7f2785cd878daef5a442
Instruction ID: bf013b75f7b58a0348e60f4739fecf9e0cdf1bdae803975c046f68401d8e3028
Opcode Fuzzy Hash: 3bc625b8a7148ce7673bddc6709dd81aefcc5f987f2f7f2785cd878daef5a442
Instruction Fuzzy Hash: 65419D31E14719DFEB59EF69C854AADB7B2FF85300F148569E405AB2A2DF309C46CB80

Function 0B00AA18 Relevance: 1.4, Strings: 1, Instructions: 116COMMON

Download Yara Rule

Strings

(bq, xrefs: 0B00AB27

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: f7ce67b9d50d861b5332b6609dadcfb2e6c0fc34d7d59357e7929096eed87f0d
Instruction ID: c24f7931b4cba729b193786344836efc08dde098c1503dbdd23d92faa4bc60d3
Opcode Fuzzy Hash: f7ce67b9d50d861b5332b6609dadcfb2e6c0fc34d7d59357e7929096eed87f0d
Instruction Fuzzy Hash: BA41C530B142058FEB099B68C414AAD7BF3EF89310F14C56AD41AAB2A2DF75CC41CB95

Function 07C98389 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

(bq, xrefs: 07C98374

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: b4b95ab4a2f0068597aaef82c22fab3afe4970696b1c5ff94e4c96e74b5e067a
Instruction ID: 19f62b9385b0d68faa8eb29a37cb08637b10596b3e8e18db72a59f01a40562ab
Opcode Fuzzy Hash: b4b95ab4a2f0068597aaef82c22fab3afe4970696b1c5ff94e4c96e74b5e067a
Instruction Fuzzy Hash: D541E4B0608246DFCF54CF68D95865EBBF2FF86310B2485B9D406DB292DB31D901CB91

Function 07C90461 Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

Te^q, xrefs: 07C904E3

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 1103da98ed8ecdcc97035449a1cb918325239441a54c6467c3bb325f30078a44
Instruction ID: c3c1ab74f375fd4f46a70ab70680a3c34c20da50a07a23171a9a53dc449f8433
Opcode Fuzzy Hash: 1103da98ed8ecdcc97035449a1cb918325239441a54c6467c3bb325f30078a44
Instruction Fuzzy Hash: 74214C783006018FC744EB3DD99892ABBE6BF8971075195B9E24ACF3B6DA30EC45CB51

Function 03C7A070 Relevance: 1.3, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 03C7A0F6

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: d74753ba69fdb72afe2dc9a2cc44fdf9f12845898c47f5be5b08e9adf5b0070a
Instruction ID: 95a9d7af60c79077d3d860a254a6fcd987d77057b1bd87c2cbb1f2104c895d38
Opcode Fuzzy Hash: d74753ba69fdb72afe2dc9a2cc44fdf9f12845898c47f5be5b08e9adf5b0070a
Instruction Fuzzy Hash: 8D31EEB8D04208DFCB10CFA9E885ADEFBF0EB09314F10901AE814B7310C331A9458FA4

Function 07C92488 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

*;'], xrefs: 07C924D3

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID: *;']
API String ID: 0-166331675
Opcode ID: 236bed61757ada4f3f0df173acc57213b1786d82610d500e1d71c5b286e41575
Instruction ID: 03772fd5688756c81e7b9f723fdf7a6d587dc77acae24912475ab36ac8ae6445
Opcode Fuzzy Hash: 236bed61757ada4f3f0df173acc57213b1786d82610d500e1d71c5b286e41575
Instruction Fuzzy Hash: 373126B4D01209EFCF84DFA9D5895AEBBB0FF46310F20D0AAD844A7221D7345A42CF51

Function 0B0047F0 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

Hbq, xrefs: 0B004840

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: f2d3051a27e360647353837f82f53a0ff46fe0a31ebe803c744da6c1996bfe34
Instruction ID: 86441090848b3645702e4b1948c33077e2ef2c4c18d86c42ce6eb343045975fd
Opcode Fuzzy Hash: f2d3051a27e360647353837f82f53a0ff46fe0a31ebe803c744da6c1996bfe34
Instruction Fuzzy Hash: 4B21AD70E082889FDB44DBB8C445B6EBFF1EF84300F1488AAD5499B392DA349906CB95

Function 03C78F88 Relevance: 1.3, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 03C7A0F6

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 12e64cc0b8433929f59e020b2b968fa9619786e5b09b3732582521954a3c839c
Instruction ID: 3b77b0dc9e56ec9fc0bcdfcf330b84c03922be0d4762e1d4b8e5bee92b5ebeff
Opcode Fuzzy Hash: 12e64cc0b8433929f59e020b2b968fa9619786e5b09b3732582521954a3c839c
Instruction Fuzzy Hash: C53189B8D042189FCB10CFA9D585ADEFBF4AB09320F14906AE819B7310D335A945CFA4

Function 07C92498 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

*;'], xrefs: 07C924D3

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID: *;']
API String ID: 0-166331675
Opcode ID: 13041f6789d6efa477fe40a54151149f1877c4df099a416ff23a98915a1ae0bf
Instruction ID: d68ecc4f1bf4c15881662eaafd36321cd5ce674cd9e7bdc75cafd061bb2805cc
Opcode Fuzzy Hash: 13041f6789d6efa477fe40a54151149f1877c4df099a416ff23a98915a1ae0bf
Instruction Fuzzy Hash: 3321F6B4D41209EFCF44DFA9D5459AEBBB1FF49310F20D1A9D805A7210D7309A42CF90

Function 08563BD8 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

Hbq, xrefs: 08563C02

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: b8625196602d8009863f3cb0ef263b4757e93ba234261a3e948ac4e5436de9f0
Instruction ID: 19e4e89990028eccd4e4ce59dc0c7bcff752ba2bdb39c41cd81a6b900e7d3277
Opcode Fuzzy Hash: b8625196602d8009863f3cb0ef263b4757e93ba234261a3e948ac4e5436de9f0
Instruction Fuzzy Hash: E21103347092848FC709DB38986446A7FE7AFC621172981FFE146CB3D2DA348D11C761

Function 0B006B20 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

(bq, xrefs: 0B00C2BA

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 07daaa64d19e46d59e8df4602761d271c8ecee0436f1e6f714a685cc6d912a17
Instruction ID: 7ddd8e65b2d8248f956d952782f221762bcfd20a82544bec2e5c1f0aa1f0ef72
Opcode Fuzzy Hash: 07daaa64d19e46d59e8df4602761d271c8ecee0436f1e6f714a685cc6d912a17
Instruction Fuzzy Hash: 5101D6717182146FEB196E6C986097F7BABEBC6750B14852BE416D73C1CE319C0283A1

Function 07C99CF8 Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

Hbq, xrefs: 07C99D2B

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: 05470ba8500ff9952cef3b5aded72ba1084a80a7c1ffffd242d901d7d8cc29c5
Instruction ID: d411abf113c9a736bd346a6ae0d9e50f19140ead6af938d245d95f1fc6691605
Opcode Fuzzy Hash: 05470ba8500ff9952cef3b5aded72ba1084a80a7c1ffffd242d901d7d8cc29c5
Instruction Fuzzy Hash: ED01D1317043555BC714EA7AA89885FBFDAEFD5220364847ED58ACB341CE30D841C7A5

Function 0B004920 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

?`c, xrefs: 0B004933

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: ?`c
API String ID: 0-1630544122
Opcode ID: c0a244d8298a1d7049aaf83a55555ff80e4893e9879d832fd4c4bdf04ca8b630
Instruction ID: 6f678c274c8b29a023d1fde88c27edd96b50c2b64325d8234752ae40b5390582
Opcode Fuzzy Hash: c0a244d8298a1d7049aaf83a55555ff80e4893e9879d832fd4c4bdf04ca8b630
Instruction Fuzzy Hash: 37E086721643082ED781DA509D01EC17FAD7B11754F0480A3F640CB5A2DE10A6688762

Function 0B004702 Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

?`c, xrefs: 0B004713

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID: ?`c
API String ID: 0-1630544122
Opcode ID: 4dcee6436b7f6601ba22c330b6009f7d27c94e3de6fe4a23c873ae97ebfe6ba8
Instruction ID: 5954521c981ce3ec97a4150ff83c8e0688b4c3d84935d69eba0ed397500e46ab
Opcode Fuzzy Hash: 4dcee6436b7f6601ba22c330b6009f7d27c94e3de6fe4a23c873ae97ebfe6ba8
Instruction Fuzzy Hash: 4EE0C2371682085FEB81DAA09800E423FA57F25340F05C493E648CB1A2DA11C818D751

Function 07C965F1 Relevance: .5, Instructions: 530COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d89628fdcf44b68678ce7833f0dff111f6e4d3f005ebe43cc7b8286dffa2f78
Instruction ID: d21f8acb5774cc37eb5e1370c65f19a5f095df464b520d67624bd735d2152249
Opcode Fuzzy Hash: 6d89628fdcf44b68678ce7833f0dff111f6e4d3f005ebe43cc7b8286dffa2f78
Instruction Fuzzy Hash: B5420570D10619CFCF55EFA8C8886DCBBB1BF49300F5182A9D5497B265EB309A99CF81

Function 07C9A708 Relevance: .4, Instructions: 449COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e162a910f0e6dddaa354f82398a7b14fe09f28ee42f0884d3cee3bf27265af
Instruction ID: 240fb70500a15ab8e71043c2989834381efdad0d717181651d648c5a31d48577
Opcode Fuzzy Hash: c1e162a910f0e6dddaa354f82398a7b14fe09f28ee42f0884d3cee3bf27265af
Instruction Fuzzy Hash: 3FD1C1B0A00206CFCF55AB69C58C6AEBFF2FF85200F5684B9D442A7265DA30DD61CB95

Function 07250170 Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2287514250.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7250000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e336b62e2df07099bcf3463620d6bc1dad6199b9e67bc4c257a1c8430c834d08
Instruction ID: fcbb7088b21a2f388fc495bb967f0d04740dfec74acd1c6cc38fa6615f2f2557
Opcode Fuzzy Hash: e336b62e2df07099bcf3463620d6bc1dad6199b9e67bc4c257a1c8430c834d08
Instruction Fuzzy Hash: 26F027767053505FD701862AAC9491BFF6AEFC6720B1980A6FA888F376CA618C0583D1

Function 0B006A44 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2753c7462b79ec0fbafdb4be0cbe6921775afe002e08b68f0fa28f5f82291cb
Instruction ID: 45eb73777de260c579a0a2fdb32af2d4c6426b82ef73e7caa9e2da6dd76a071b
Opcode Fuzzy Hash: b2753c7462b79ec0fbafdb4be0cbe6921775afe002e08b68f0fa28f5f82291cb
Instruction Fuzzy Hash: 23E13935910619DFDF15CF64C880AD9B7B2FF49304F14C19AE908AB261E772EA96CF80

Function 07C9A6E4 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17afddeb1ddcef365eb9a40c6b540bd66f785385192a09cfe979eca7d179c82c
Instruction ID: 8b2a2716bf9350a47da5c0adf30f2cde4aeab79001b3e51c372dbb1d3958447f
Opcode Fuzzy Hash: 17afddeb1ddcef365eb9a40c6b540bd66f785385192a09cfe979eca7d179c82c
Instruction Fuzzy Hash: 76C15DB5A11209DFCF94DFA9D888A9DBBB1FF94310F114169E402AB3A1CB31DD81CB51

Function 0B00A383 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8609fb8fa39fd6b312f0cc3e95232e1e5b4a2a4a01519c646b0de6f762196127
Instruction ID: 1c224b4513b5e397c1cf43b1406554adb5a2bde98b87b2aa3c86576c6286e016
Opcode Fuzzy Hash: 8609fb8fa39fd6b312f0cc3e95232e1e5b4a2a4a01519c646b0de6f762196127
Instruction Fuzzy Hash: 17C13C35A1061ACFDB24DF68C894EE9B7B1FF49300F1581E9E549AB261EB31AD80DF50

Function 07C9F720 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d7863b5658446bbd6b5de84e305962c6a4e6ee325ec582d33020ba8f5169af3
Instruction ID: 7d4e1c61b7c58a9d961e90e5ff2da48a57b8bfd9d0ea62b067f98dea73c633db
Opcode Fuzzy Hash: 1d7863b5658446bbd6b5de84e305962c6a4e6ee325ec582d33020ba8f5169af3
Instruction Fuzzy Hash: 8D716DF0764111CBDED8A62986EC53D6387ABD6A14F28953FC406C7798DF78C9829383

Function 07C9EC80 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6060ccd11d1fcf22fe3201f8edfd14c6bc12bb8af8c1c70699021f335c9532ae
Instruction ID: 1223b32625b37ee4e69630056c51e1de9e8f3704d4596a124fe8e82843463023
Opcode Fuzzy Hash: 6060ccd11d1fcf22fe3201f8edfd14c6bc12bb8af8c1c70699021f335c9532ae
Instruction Fuzzy Hash: F5911EB6A10219CFDF94EBA5C898AAD73B2BF99700F144079D406AB3A0DB35DD41CB61

Function 07C9E820 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d571c74e8c065eef7ed1bbd60d7d08e84f8305d877c3e34bb8a8a8dfd12ffc
Instruction ID: 14835b72f13323919cc72faaf3b1c6cfd2b144205c9e73c6becdebc8af93d705
Opcode Fuzzy Hash: 51d571c74e8c065eef7ed1bbd60d7d08e84f8305d877c3e34bb8a8a8dfd12ffc
Instruction Fuzzy Hash: DEA117B5A10209DFDF94DFA9D888E9DB7B2BF58310F154168E411AB7A1CB31D981CB50

Function 08567E34 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84fd2815ab9915258765a21b34a77fcb7b9d51418d7d30296eae3e5e909a2d86
Instruction ID: 7b2165da7c79d09866cc0df64f2f5b5a8f1451109ce7144cf51edb4d5624ca9c
Opcode Fuzzy Hash: 84fd2815ab9915258765a21b34a77fcb7b9d51418d7d30296eae3e5e909a2d86
Instruction Fuzzy Hash: 4C914935A102099FCB01DFA8C9848AEBBF6FF8D310B05855AE905EB321EB31ED51CB50

Function 07C9F011 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03db2669882d6c5037248811bc3e7edd84bc6e4730cd86bdb7e42bf0b7dab82a
Instruction ID: d4daef2520a942352d3220e0020b38ce0f0d3de939e88edf552714b736f88760
Opcode Fuzzy Hash: 03db2669882d6c5037248811bc3e7edd84bc6e4730cd86bdb7e42bf0b7dab82a
Instruction Fuzzy Hash: 0C8148B4A10259CFDF95EB64C898AAD77B6BF88304F04407DE402AB3A0DB35ED02DB41

Function 07C9BF75 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f4094975552c0b24b2b3d4772d90e038e884486c9de7e0fa0ab9c970cc1750
Instruction ID: c988f96b851584519f2f76deab8310d1f0b87fa0938e487397496b134b211bc1
Opcode Fuzzy Hash: a6f4094975552c0b24b2b3d4772d90e038e884486c9de7e0fa0ab9c970cc1750
Instruction Fuzzy Hash: A2A1B775910619CFCB10EF68C954A98FBB1FF49314F05C6A9D949BB311EB30AA89CF90

Function 07C9F020 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7c91720fa8ea437c69d1f4e4e1d162f0008593b716e6760d21757af01cb96ac
Instruction ID: ae97c7742b46677dea4af93ec3673099904ca08195204b98f7c6b9865167cd7d
Opcode Fuzzy Hash: a7c91720fa8ea437c69d1f4e4e1d162f0008593b716e6760d21757af01cb96ac
Instruction Fuzzy Hash: 8F8148B4A10219CFDF95EB64CCA9AAD73B6BF88304F044078E402AB3A0DB35ED41DB51

Function 0B00C4FC Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67268e449d9b12b54cf1fa1c21f838d447f4fd3676acc826c56cc9f2796dfb9c
Instruction ID: 1cbb34c0523268aa72f5f22607e59824e3750fbd4377805c7eb59a8486cccedb
Opcode Fuzzy Hash: 67268e449d9b12b54cf1fa1c21f838d447f4fd3676acc826c56cc9f2796dfb9c
Instruction Fuzzy Hash: 7CA1F674955228CFDB65DF68C888AD9B7B1FF98300F1486EAD409A72A1DB319ED0CF41

Function 07C93810 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f6ddbadcf81dcfedecefc6598b859ef0afc769440e9ec8c41f46337271431f
Instruction ID: d0afade77a5964a38642ecb5b975075901c4534bcf1a7167a0220272cc262ec9
Opcode Fuzzy Hash: 67f6ddbadcf81dcfedecefc6598b859ef0afc769440e9ec8c41f46337271431f
Instruction Fuzzy Hash: 4991E3B5A0064A9FDF50CFA8C984AEEB7F2BF48310F058569E929E7350D730EA51CB50

Function 0B004298 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 300a89127138478b87dd19f5d166d86b5eec6b9038dc2fab242c0ad13ab6405f
Instruction ID: 1556141365e8e9d5159658e8bb50f8c75e146c726dcc8739ab4b344e3d104d8f
Opcode Fuzzy Hash: 300a89127138478b87dd19f5d166d86b5eec6b9038dc2fab242c0ad13ab6405f
Instruction Fuzzy Hash: 13811A74A10609DFDB58DF68C494AAEBBF2FF89301F148569E406DB3A0DB31E941CB40

Function 07C9CDB0 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe65256f541275d5a65cc3c4257c4162a55513e0560a2125e601f270abfb5b13
Instruction ID: e4b0f93ce6b8935694034019f0071eff6ce68e2a213f9b0c2f1cc65ffddb5f7c
Opcode Fuzzy Hash: fe65256f541275d5a65cc3c4257c4162a55513e0560a2125e601f270abfb5b13
Instruction Fuzzy Hash: 958170B0A10209DFCF61EF78D4986ACBBB1FF45300F114179E056AB2A4EB30DA65CB91

Function 07C93C80 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33dbb54e8c9f6688e1c9f74f0df9b508a922cb6dad9ef2897c36692bda13dc64
Instruction ID: 92ab328ee1ed7d4e3799d17944e014cb57315fe80c9f6fc48752a4d92b9ac878
Opcode Fuzzy Hash: 33dbb54e8c9f6688e1c9f74f0df9b508a922cb6dad9ef2897c36692bda13dc64
Instruction Fuzzy Hash: CF814672E1125ADFCF54CFA9D8949ADBBB2FF88314F148129E811AB354DB30E980CB50

Function 0856A0A9 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebadac4f9941afe1f3719b87bc4dcc0bfdc34a6026a1a2ef7aa345772e07d754
Instruction ID: 911c0b4bc509ce46ab60bbd33b9439a8831a13b4445514a7fd6c01507467b304
Opcode Fuzzy Hash: ebadac4f9941afe1f3719b87bc4dcc0bfdc34a6026a1a2ef7aa345772e07d754
Instruction Fuzzy Hash: FC815734A102159FCB41DFA8C8849AEBBF6FF8D314B15819AE905EB361EB31EC51CB50

Function 0856D736 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d9d2b2dd3f7791318e0e0279beff05af862db36939010d516a649c19e8e7ed8
Instruction ID: 507669be6e9f1299aeb392f589adfdf51f2b3af09587dfb49547e701281938cc
Opcode Fuzzy Hash: 2d9d2b2dd3f7791318e0e0279beff05af862db36939010d516a649c19e8e7ed8
Instruction Fuzzy Hash: 0C818B34A05259CFCB24CF68C984BDEFBB1BF4A311F2485A9D449AB261CB31AD85CF51

Function 0B008380 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f08a3c05f001876a44ad837fd89bd9ec53d4f35d454c923922406144cbcedcf
Instruction ID: 11655e37c461b77e89c8f209d515ab5ea0359d82eaf8a81e6ba82c1023eba653
Opcode Fuzzy Hash: 1f08a3c05f001876a44ad837fd89bd9ec53d4f35d454c923922406144cbcedcf
Instruction Fuzzy Hash: E9715335E10209DFDB05DFA4D494ADDBBB2FF98300F148129E406AB394DF749946CB91

Function 07C93C72 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78972a01094892f7a97d14d42eff36c7ef96cbbd97fa4e118be0955d6e696844
Instruction ID: 55511f749abfb0daf68c774e2c468a99f1794d3088b7783398a3e7c0528e5f15
Opcode Fuzzy Hash: 78972a01094892f7a97d14d42eff36c7ef96cbbd97fa4e118be0955d6e696844
Instruction Fuzzy Hash: 8F718D72E11299DFCF14CF99D8949EDFBB2FF85304F188129E815AB255DB34A980CB50

Function 08564B38 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 264fe97dc5139626d0c68954332d4a6e83cd63adaaa4617e333a35b22e11fc64
Instruction ID: 01c83dfd290b22670199c00d29c82200874f45d813f79cf3016ef9afcaf534d8
Opcode Fuzzy Hash: 264fe97dc5139626d0c68954332d4a6e83cd63adaaa4617e333a35b22e11fc64
Instruction Fuzzy Hash: F571AC34B002089FCB08DFB4E9906AE7BBAFBC8211F258569D50AD7394DF349D56CB85

Function 08564B28 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d52ce2eed23a362e56db6d29866b36d3c9d41bca7d3f7ce1a52280dcf31664e1
Instruction ID: 97e220b263b0b6e79362f79cca81ef1924f05684ac5ca8c8356d8598981d5fa4
Opcode Fuzzy Hash: d52ce2eed23a362e56db6d29866b36d3c9d41bca7d3f7ce1a52280dcf31664e1
Instruction Fuzzy Hash: 4971DF34B00208DFCB08DFB4E9906AE7BB6FBC8211B2585A9D50AD73A1DF349D56CB45

Function 07C91A9C Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d1d5b12a963adca11fba86580692201701a90b47fe76a3515e4ad4a59ee308c
Instruction ID: 1266613f43d1679d6fc363dae8777837f6c4e6b9f787e8683a39375a06f36490
Opcode Fuzzy Hash: 8d1d5b12a963adca11fba86580692201701a90b47fe76a3515e4ad4a59ee308c
Instruction Fuzzy Hash: 9A516670A04208DFDF129FA5E9589ADFFB2FF88300F258069D4417B296CB3099A1CF41

Function 085654F9 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 371dabcb03e037f165a24bb47835f441d535ac6fd8de2bff57fa8687036883a2
Instruction ID: 82af9d2f09468060904b5fbcf9dbba5fd27a8853503ee7670b1055bc6f3f33b7
Opcode Fuzzy Hash: 371dabcb03e037f165a24bb47835f441d535ac6fd8de2bff57fa8687036883a2
Instruction Fuzzy Hash: A3615034B052446FD715DBB0E890E2B3B73EBC5704F2184E9D2498B3A5CE35AC56DB91

Function 07C98A68 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db7592bc8fd56f47de5d2e4b1af9cb326ec5eed91297414d18026e886278887
Instruction ID: 69ad22c0741feeeb7fa00f28b901673a0c77321b6413216cb41c249a4db74744
Opcode Fuzzy Hash: 2db7592bc8fd56f47de5d2e4b1af9cb326ec5eed91297414d18026e886278887
Instruction Fuzzy Hash: 73810974A00744CFCB48DFA8C588998BBF1FF49304F1585A9D809AF36ADB75E949CB40

Function 08561828 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd23a60b12b985472edf10c801d28b15dd152fbf1e34e84ae81c8fa6a1ea44c3
Instruction ID: 91fae11d7863f394c1873b514aa0f5f09aab68272d7a9e496b814f7d1b320b94
Opcode Fuzzy Hash: bd23a60b12b985472edf10c801d28b15dd152fbf1e34e84ae81c8fa6a1ea44c3
Instruction Fuzzy Hash: 00615D35A40709CFDB14DBA9C854AEEBBF6FF88311F044569D405AB361EB34E845CB90

Function 08560A08 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d19c895babea3da84d304b36e9cdbcdda32e41697d49fbf024da704efc2b5e8
Instruction ID: 2984b20e115833f46410b6e707e1c9bf31e58e39aec56f1a85e55eb8cda86631
Opcode Fuzzy Hash: 8d19c895babea3da84d304b36e9cdbcdda32e41697d49fbf024da704efc2b5e8
Instruction Fuzzy Hash: 14616D34600A058FEB64DB28D491AAEB7E1FF44319F048A2DE806EB790DA75F951CB51

Function 08569DC8 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d276a46d4967cbc1e4eb638195dd8329e28860716e8ebdd8b5f1603180747444
Instruction ID: 0dda4ecd4d974522d0f92e4111885437bc02b48bbc24c3f27229abd8b752a466
Opcode Fuzzy Hash: d276a46d4967cbc1e4eb638195dd8329e28860716e8ebdd8b5f1603180747444
Instruction Fuzzy Hash: 4271B375A002089FCB54CFA9C9849ADBBF5FF49715B24806AE919EB361D732EC42CF40

Function 085609F8 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef9ed30eb594c93cec3c36743000792a866280ab7167834d47687c310c1ef055
Instruction ID: 572d623d8440614195ef4ef0f9fd0914828d7bc17bc4d8a65754d0221c344bd2
Opcode Fuzzy Hash: ef9ed30eb594c93cec3c36743000792a866280ab7167834d47687c310c1ef055
Instruction Fuzzy Hash: BB619E34600A018FDB64DF28D491A9EB7F1FF45318F088A2DE846EB3A0DB35E952CB41

Function 08560850 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21903952ed70d6d093c764e22016c80396351af93b8334b74da73c7c4028a5e0
Instruction ID: e91af2e80766584c41c7a5747d96966c7b72ea6d58ef3a6f8bb6209851130585
Opcode Fuzzy Hash: 21903952ed70d6d093c764e22016c80396351af93b8334b74da73c7c4028a5e0
Instruction Fuzzy Hash: D841C4A1B00651DFEBA4A56D8C147BF22DFEBC4721F14843EA005D36C6CE7D8D9293A2

Function 0B002EE8 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 427c8d7f95e7442a25b12b5d4ace5afb4502f63fe649f29902d1fe6ed812edca
Instruction ID: 9b4413b6a2c5b37d87f9a1218bf54da8d4c8bc9a43de2f0e61c3062bb38f466a
Opcode Fuzzy Hash: 427c8d7f95e7442a25b12b5d4ace5afb4502f63fe649f29902d1fe6ed812edca
Instruction Fuzzy Hash: CF5179B9D042189FCF11CFA9D984ADEBBF1BB0A310F14A06AE918BB310D735A951CF54

Function 07C91DB0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 005d290016ea5c96bb32fc71f2d2425a05e211d1f99ce9576d9adf05d79bf243
Instruction ID: b6b5f3c12fdf8a34b255d78a6400923ed150fd9bee45b531f8b6668f5e5462ae
Opcode Fuzzy Hash: 005d290016ea5c96bb32fc71f2d2425a05e211d1f99ce9576d9adf05d79bf243
Instruction Fuzzy Hash: 5F515E71E0021ADFCF94DFA4D898ADDBBB2FF89310F148169E515AB351DB30A845CBA1

Function 07C94430 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f256cb3c1617f0014c284d19c2e2600d510d55f76ed1af463942374e67f89eb9
Instruction ID: 92ab5edd77100cbe690ed557721c7241521173be1a4f5cd50b0cd4bc9f12db2d
Opcode Fuzzy Hash: f256cb3c1617f0014c284d19c2e2600d510d55f76ed1af463942374e67f89eb9
Instruction Fuzzy Hash: 2C518DB4B006468FDB58DB28C951AAEB7F1FF88304B088569E81AD7354DB34ED428B51

Function 0856A36F Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11fffe3770382872b6ec13fabd5ebb9119be5506ac410ea32866beaf282e49d6
Instruction ID: 252d45ad61cf9d8b1eef96ef145f3f6005ed9bac16705e64efdb8af7717e673b
Opcode Fuzzy Hash: 11fffe3770382872b6ec13fabd5ebb9119be5506ac410ea32866beaf282e49d6
Instruction Fuzzy Hash: 6B51D435900609DFCF12DF64C844AADBBB2FF88322F14C56EE406AB261DB35D951CB80

Function 08565C78 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6721ff301e105cb6abb4fd14353ace00e18b0a0cd69c1ef923e9777ded6d2b4e
Instruction ID: 4f437e233813058de6fc4f628f64f4e56fc8e9436de067a17c9b63a7c3dc12c8
Opcode Fuzzy Hash: 6721ff301e105cb6abb4fd14353ace00e18b0a0cd69c1ef923e9777ded6d2b4e
Instruction Fuzzy Hash: 84510334E81200DFDB64CB58D995AAEB7B2FF84321F2444A9E0059B391DB30EE52CB40

Function 07C91DC0 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b258492deecce1c964aa8a8338d382f0548902e0aa2c2bb497917520d50df82d
Instruction ID: 8548a03722fad0ad51594840ff3b512297df72a0d8ac12876a13c789407afc3b
Opcode Fuzzy Hash: b258492deecce1c964aa8a8338d382f0548902e0aa2c2bb497917520d50df82d
Instruction Fuzzy Hash: A3515071E10209DFCF94DFA5D898A9DB7B2FF88310F148169E515AB350DB30A945CFA1

Function 0B002EF8 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81b1e8e478c7b945641c1a27a6f3a2257fecd387a0806f6ce1bfff758e96bf15
Instruction ID: 8eac6585ff8d1b8db718ba74a9c9454c85ec797e6892681fb1a6dd3d5f23c58d
Opcode Fuzzy Hash: 81b1e8e478c7b945641c1a27a6f3a2257fecd387a0806f6ce1bfff758e96bf15
Instruction Fuzzy Hash: 0751DD75D05248EFDB01CF98D884AEEBFB1FF4A310F24905AE848AB261C3319865CF64

Function 07C9081C Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb1c7d990d2633646e6fb92c1e8b6c46a6351159205675cec5d90c123cc80b18
Instruction ID: 3b044acb474c60e2decbb88bf01664f8d59783dd22b7d6324b0e59750e643080
Opcode Fuzzy Hash: eb1c7d990d2633646e6fb92c1e8b6c46a6351159205675cec5d90c123cc80b18
Instruction Fuzzy Hash: C051EEB0D00259CEDF10CFA9C894BDEBBB1BB49300F20916AE418BB250DB75A985CF95

Function 07C97BF0 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fac5e9b2287bd9a53577f73c1147b3f9533cf28ab9aa39ac359b157d9548c084
Instruction ID: eb3f802a9e2e9e1d2e53dced0a5e09f8bf8f755c6f1de65be35d990b9d2f65db
Opcode Fuzzy Hash: fac5e9b2287bd9a53577f73c1147b3f9533cf28ab9aa39ac359b157d9548c084
Instruction Fuzzy Hash: 84512875A1160A8FCF44EFA8C8948ADF7B5FF88310B109669D806F7315EB34E985CB90

Function 07C90368 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86f42c56221127dfaf81660795a380adc2a7eee9e88d0c2e900a442ba0ec5aae
Instruction ID: ce65d296b6bd0a85ac3c23d76701a5418554ea4c15a123a7929f6d00816b69b8
Opcode Fuzzy Hash: 86f42c56221127dfaf81660795a380adc2a7eee9e88d0c2e900a442ba0ec5aae
Instruction Fuzzy Hash: 3951DFB0D00259CFDF50CFA9C884BDEBBB1BB49304F20816AE419BB250DB75A985CF95

Function 07C94422 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a01f6a8949cb18a35730253bc86338e9a7dc5bb2db0c28250c4a49d29a2df4b5
Instruction ID: 2fa1ec0d0acd27f0db202e6b2423a38c92a967eb766190af4f2ad0d8a1513835
Opcode Fuzzy Hash: a01f6a8949cb18a35730253bc86338e9a7dc5bb2db0c28250c4a49d29a2df4b5
Instruction Fuzzy Hash: EA51ADB4A006468FDB54DB28C891AAAB7F1FF48354F088579E809DB351E734EA42CB61

Function 0B00115C Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f88272b7ecb55b575b490b5c5ed64efe6ced8697bcb7cf4ec2d1f27a24844ea
Instruction ID: 6a7305f8652a8020bd131ba9812d9738e921807db5383b14bf05d5bffb45dd43
Opcode Fuzzy Hash: 4f88272b7ecb55b575b490b5c5ed64efe6ced8697bcb7cf4ec2d1f27a24844ea
Instruction Fuzzy Hash: 8A41BB75D01248EFCF01CF99D988AEEBFB1FB4A310F209059E918A7261C735A961CF64

Function 0B00D31D Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b31ac7c5f0c567a2dae5931b8364a249688ba9bcc4dec355383e2b34d3417e1a
Instruction ID: 191e06f610e8cfd9686024523e683a2aa521fa603c6de49384de036b626f0d20
Opcode Fuzzy Hash: b31ac7c5f0c567a2dae5931b8364a249688ba9bcc4dec355383e2b34d3417e1a
Instruction Fuzzy Hash: 3651CBB4D052589BDB14DFAAD980ADEFBF1AF49304F24902AE818BB250CB749945CF64

Function 07C9C4E0 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d95d0016318aa99b79008f90e2148f375c4499f0a4002783816a4f0dc4da1556
Instruction ID: 8b31e57c37365cbbceaa7e6719221c342deac6955b5d089d5507e426b0d2f45d
Opcode Fuzzy Hash: d95d0016318aa99b79008f90e2148f375c4499f0a4002783816a4f0dc4da1556
Instruction Fuzzy Hash: 505156B5900219DFCF14DFA5C988AEDBBB1FF49310F158269E805AB354D770AA45CBA0

Function 0B00D328 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc7f45ae4b708ae22bd138a48641bd7f49fc053529a4dc03acb3a96a87ce1a3f
Instruction ID: 6be0705693ff8312e890987a9a2216a87ae0d8a0a83489fdcbbea7ac058839ce
Opcode Fuzzy Hash: cc7f45ae4b708ae22bd138a48641bd7f49fc053529a4dc03acb3a96a87ce1a3f
Instruction Fuzzy Hash: CA41AEB4D042589FDB14DFAAD980ADEFBF1AF49304F24902AE818BB250DB74A945CF54

Function 07C983B8 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b78936cdfb31257b221c5e1add115372a460c191819fe21be33619a4a733a287
Instruction ID: 4918802898e62aece74ab2985490f12c9575b663c286fb1532707f228d7891e5
Opcode Fuzzy Hash: b78936cdfb31257b221c5e1add115372a460c191819fe21be33619a4a733a287
Instruction Fuzzy Hash: C2418AB0A00206DFCF58DF69E5A8A6EB7F2FF8A300F104479E40697290DB31E941CB91

Function 0856B9A9 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c893ce14b1d7500b01cd95178566709d8075e09600edfda4ff9a6fdcb834afa8
Instruction ID: edc6a1b8b30f65483e9334f5ded5bd648b8778f9be21ad19b3cee109d790e421
Opcode Fuzzy Hash: c893ce14b1d7500b01cd95178566709d8075e09600edfda4ff9a6fdcb834afa8
Instruction Fuzzy Hash: 5A513670E0514A9FCF04CFA8D9819EEBBB6BF89310F249566D405EB254D638AA41CFA1

Function 07C97DF8 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16f4107cf106609824361f9f4d00ea811157b0ad3e8e6e733141f57ae79c8a0d
Instruction ID: a2bc26388a5ccade050f35479f0877bcf4b175f015b97b728310c833d95fc359
Opcode Fuzzy Hash: 16f4107cf106609824361f9f4d00ea811157b0ad3e8e6e733141f57ae79c8a0d
Instruction Fuzzy Hash: E1517335A10609DFCB00EFA8D8848EDF7B5FF89304F10816AE555AB324EB30A959CB91

Function 08565EC0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ab9acab85c99c90103da09e7aa6209f825cfcb2ef351c6dbde1cabad33651a3
Instruction ID: d956a90f80b127df4401c133140074eddd640cdb0136d9b858613e45eccb475d
Opcode Fuzzy Hash: 5ab9acab85c99c90103da09e7aa6209f825cfcb2ef351c6dbde1cabad33651a3
Instruction Fuzzy Hash: F8419771A00615CFDB24CE59C5487AEFBF1FF88322F104669E005E73A0E7789A95CB90

Function 0856519C Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c8f84ac7e67f063ac3606cfb1f1b65cd18826f014b7297821e2d818b84dc253
Instruction ID: 358e920583042e1307229ad4d32e15c2aafd4287a92bb8d428c5139fa174026e
Opcode Fuzzy Hash: 0c8f84ac7e67f063ac3606cfb1f1b65cd18826f014b7297821e2d818b84dc253
Instruction Fuzzy Hash: 10412730E4110A9FCF04CFA8D5819EEBBB6FF89311F249566D405FB258D734AA418F91

Function 07C97BE0 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daef54e3abc30ad4e433c0e5f120c63199e70fd3d7698b4709a495dfe4958599
Instruction ID: f4665a76ac011ca1e84c7caee06e143811c478dcf3dce38e9f739966e9466b5c
Opcode Fuzzy Hash: daef54e3abc30ad4e433c0e5f120c63199e70fd3d7698b4709a495dfe4958599
Instruction Fuzzy Hash: B0415D75A1160ACFCF50DFA8C8944ADFBB5FF89310B148669D806EB315EB34E985CB90

Function 07C95DA0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2ed1e0601420a37859882279d488c5ce6e64e1200fb344e62900a581fb009ba
Instruction ID: 9ad2c6f69a496b1de2d1c97f1c6c49cbd9e3c429008ddf9a25d02bc6d44b5682
Opcode Fuzzy Hash: a2ed1e0601420a37859882279d488c5ce6e64e1200fb344e62900a581fb009ba
Instruction Fuzzy Hash: 5D41A3F0E541169FDF82EFE5C99D6AA7BF0EB45340F500435D442F72D4EA34CA208A91

Function 085642F0 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a60bfcbc7f4debcf5fe292a096a2ef9638ef1cb42eca742e517fe20d8e0be2b
Instruction ID: 43e0817aab9d71059eb9f38cbd714c7fb4318d4a1ee169326e311bd4aa2be7a5
Opcode Fuzzy Hash: 0a60bfcbc7f4debcf5fe292a096a2ef9638ef1cb42eca742e517fe20d8e0be2b
Instruction Fuzzy Hash: 2241D139B00105DFC708DB78D99169EB7B5FB8C312F1048BAC40AEB360DA359C41CB95

Function 0B0052C0 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9e9995801d7888c828e5a04a591c1b2f23faf8ac09e97241d6c1dbfbda35321
Instruction ID: 513dbbeb84e962e79082b6a82d928af3e1dc7d7034b9e41466300c37e93ef3ff
Opcode Fuzzy Hash: c9e9995801d7888c828e5a04a591c1b2f23faf8ac09e97241d6c1dbfbda35321
Instruction Fuzzy Hash: AC416075E20109EFDB48CF98D885A9EBBF6EB98304F158066F511AB3A1DB71AD01CF50

Function 07C9A5C8 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c143eef31ec6dff129cf9ccd2efe80204c021e157770fc712e2e091e9485a17d
Instruction ID: 90500bee007f13dc126937270f4c99e7ae7d0906622c0fb68713172a783b1538
Opcode Fuzzy Hash: c143eef31ec6dff129cf9ccd2efe80204c021e157770fc712e2e091e9485a17d
Instruction Fuzzy Hash: 69414B70A006099FDF54DFB9D894AADBBB2EF89310F148569E401EB3A0DB70ED41CB50

Function 07C9CBA1 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 934fdafb3e68ce654fa3e3cddb050e0a0ecc2ace4aafe19d183128b75ee26997
Instruction ID: e3de5d88f023a7497db00b76c960ebb6ecb87871e23d5252b2068451aa14ff32
Opcode Fuzzy Hash: 934fdafb3e68ce654fa3e3cddb050e0a0ecc2ace4aafe19d183128b75ee26997
Instruction Fuzzy Hash: A8416D74A00609DFDB54DFB9D494AADBBB2AF89310F148169E401EB3A0DB70ED41CB50

Function 07C91990 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adbed0d6b33f6947b0fee5121a691a771c6ecbe58d1bdbb1be46b1448fd58a68
Instruction ID: f981beeb4a3cd5428cc1aeee107fe50f2ed90cf2be7e6862bcc812242fdca64a
Opcode Fuzzy Hash: adbed0d6b33f6947b0fee5121a691a771c6ecbe58d1bdbb1be46b1448fd58a68
Instruction Fuzzy Hash: 39415174A00249CFDF88EBA9C894BEEBBB5FF88310F058178D515B7394DA309A41CB61

Function 07C94838 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce63c927b8909713318e571569edf37ae499b8578c0ad6fce9779f705f5c2b23
Instruction ID: f80c9e6113ba9cf11976cd06def107aff2003d51b8605e81ea08d0a7f0b17437
Opcode Fuzzy Hash: ce63c927b8909713318e571569edf37ae499b8578c0ad6fce9779f705f5c2b23
Instruction Fuzzy Hash: 7E4184B4A002498FDF88EFA9C894AEEBBB5EF48315F048179D505F7350DA309A42CB60

Function 0856084A Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62c71946fbfa1efa0ee286e3c76708afaac947f1ba7c1e1b61bf6c24aa23411b
Instruction ID: d7a7620441be347c4b8b9130a818ced92215706430a3a56231a37970a3144f4c
Opcode Fuzzy Hash: 62c71946fbfa1efa0ee286e3c76708afaac947f1ba7c1e1b61bf6c24aa23411b
Instruction Fuzzy Hash: C8310D71B00655DFEFB0A55988147BF32DBEBC4721F14043ED045E36C2CA6D8A9293E2

Function 08561978 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ada315ac9354fe6755dc8cafca6359bd45b43a546026d9e69c10e88dfc2448d2
Instruction ID: d6508d084020bacd47386b1fcc6d1b2d5c2842fd1d6c5baed5c64c13a0068574
Opcode Fuzzy Hash: ada315ac9354fe6755dc8cafca6359bd45b43a546026d9e69c10e88dfc2448d2
Instruction Fuzzy Hash: A5512834A40709CFCB14DBA9C554AAEBBF2FF84325F148429D40AAF365EB74A845CF91

Function 07C963E0 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ec1d3b726eab67aeba6d4c34c053ecbca14abd835b8e743645e70a576655f8a
Instruction ID: 3e32e5968a2ac55c4927c0506b6254dea09344958a1b119682da439f3767be82
Opcode Fuzzy Hash: 6ec1d3b726eab67aeba6d4c34c053ecbca14abd835b8e743645e70a576655f8a
Instruction Fuzzy Hash: 5F41C7F0E542169FCF82EFE5C98D6AA7BF1AB45240F500436D446B72D8F6348A118FD1

Function 08564300 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13793d1cb82bcab12e3bd44d801ad97da5958e7ced76a520a4cb40348dfc106c
Instruction ID: 0bdba8d21ca7abe338809f41405e9d7114c3b229eb3f5823774a47e93dbfbe4b
Opcode Fuzzy Hash: 13793d1cb82bcab12e3bd44d801ad97da5958e7ced76a520a4cb40348dfc106c
Instruction Fuzzy Hash: 8A41A335B00109DFCB08DB68D99179E77B5FB8C312F1048B5C519EB3A0DA359C51CB95

Function 0B002D34 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f2331c1336c87900d70a5cf2764294f941f024c660ba433fc67abf5ea5701de
Instruction ID: 14351cc1aef4524f7c77518dd24ad82e46dde507c419efdfb008626fe32808cb
Opcode Fuzzy Hash: 8f2331c1336c87900d70a5cf2764294f941f024c660ba433fc67abf5ea5701de
Instruction Fuzzy Hash: 8D413A75E20108EFDB48CF99E885A9EFBF6EB98314F118066E615A7360DB71AD01CF50

Function 085625AC Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e77d314f20fdc1ab953b88d5fc7e2d9abcfe3376faf9165631564d3d6b472a8a
Instruction ID: fd0cb4b96524d17423ff751759320c9e9041fa0ed2844323b609691d3eff9557
Opcode Fuzzy Hash: e77d314f20fdc1ab953b88d5fc7e2d9abcfe3376faf9165631564d3d6b472a8a
Instruction Fuzzy Hash: 01313F75E0020A9FDF14DF69D8406AAF7B5FF88222F00866AE519E7241E770E995CB90

Function 08561A33 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b89f7a9037724559387210a848a6aaeb734ba8aaca51b9af4aa41dc4afea734
Instruction ID: 31a7afced662493b956e93637a9c4f279ec27feee7ce1a730a8a0955531ae00b
Opcode Fuzzy Hash: 5b89f7a9037724559387210a848a6aaeb734ba8aaca51b9af4aa41dc4afea734
Instruction Fuzzy Hash: CD412734A40709CFCB14DBA8C554AAEBBF2FF84325F148469D40AAF361EB74A845CB91

Function 07C92CC0 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab556c95b93aa33eed17db990046b2f5e9158c059eb654f3ba524355baa6da75
Instruction ID: 45090cb1737701cbb18c5375e062537922155a7bc0cfce77b38364a0a372802f
Opcode Fuzzy Hash: ab556c95b93aa33eed17db990046b2f5e9158c059eb654f3ba524355baa6da75
Instruction Fuzzy Hash: 993138B2B04156BBCF867B66D40C29A7FA5FBC2340B604076D482DF385DA24CE12C7D5

Function 07C9FCE8 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a81d2b782a7ad43ed9bbee622b09a829c3481d3185c872fe726fde8fb37a522
Instruction ID: ac4db0a5795ad8abc335800e24fc4e7b372347889b4d2535f5a263b2b712afb8
Opcode Fuzzy Hash: 7a81d2b782a7ad43ed9bbee622b09a829c3481d3185c872fe726fde8fb37a522
Instruction Fuzzy Hash: 194148B5900356DFCB54CF59C888BAABBF4FF48314F148869E619A7361D734A940CFA0

Function 07C90B44 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa623bac161f9714cd5ba8dd6d73feda10f20c3a76c2124dd9499e541327e55
Instruction ID: aa4b335afd8f662be63d302475c6105128e4dfad85e8f8dce537356f84e18202
Opcode Fuzzy Hash: 5fa623bac161f9714cd5ba8dd6d73feda10f20c3a76c2124dd9499e541327e55
Instruction Fuzzy Hash: B841DDB0D01249DFDB50DFA9C988BDEBBB5AF48300F20842AE415AB290CB759986CF55

Function 07C95B20 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f086571f211e0a10041f27bab50376ad14859581762830aaa5b449185b3d0f2d
Instruction ID: 7333dc2920e65d23e2900b38fca8177ec32b0f7c2f052db3501a9f3f0e8a495c
Opcode Fuzzy Hash: f086571f211e0a10041f27bab50376ad14859581762830aaa5b449185b3d0f2d
Instruction Fuzzy Hash: F8413471A04219DBDF219FA5E9988ADFFB2FF88300F264168D4417B296CB3199A1CF41

Function 07C98904 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caef41a547b1bd08f878e782f2e8a470587c0e04103d693bb4cc15adb32a46c4
Instruction ID: 9bb2c6cdf9b1373c43bdc4ce6eec2cf82199d78af9c026f4efa8835a7b5ac91b
Opcode Fuzzy Hash: caef41a547b1bd08f878e782f2e8a470587c0e04103d693bb4cc15adb32a46c4
Instruction Fuzzy Hash: EE31AFF0B00116DFCF866B65CA8C67EBFB5EB81244B5688B8D44667294DA30CD24CBD6

Function 0B002B94 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca48f6717f9dd2bd877f2d6704792e61b83df8a01a9aa7b10c3bed9a65695da8
Instruction ID: 503aa766861561a873164cfb2a98e34e101671e23113bb3f8e1129fd8e480852
Opcode Fuzzy Hash: ca48f6717f9dd2bd877f2d6704792e61b83df8a01a9aa7b10c3bed9a65695da8
Instruction Fuzzy Hash: 454176B9D052589FCB00CFA9D584A9EBBF1EB49310F14902AE819BB310D735A945CF98

Function 085644D0 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfbb649e7a6e1b8a5cd31171bcfddddfe7bff312cd5b68139eb780e15d9275e6
Instruction ID: f61dc847bea73ed9183bdfa39cd9b8abcc4914a3eb0a7533a5fdb4e54b11f837
Opcode Fuzzy Hash: bfbb649e7a6e1b8a5cd31171bcfddddfe7bff312cd5b68139eb780e15d9275e6
Instruction Fuzzy Hash: 6331A339B00105EFCB08DF39F85426A7BA7FBC4222F158569DA0A87395DF349D26CB85

Function 0B0086CA Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b613b6422b0de77f1dceb5d0f87d9dfea73e67bb59b1a4d288e49021961f1600
Instruction ID: 069b89d2e1f90fdfbfc044bdd0d394231637e619cc02a5e7518a90774887c481
Opcode Fuzzy Hash: b613b6422b0de77f1dceb5d0f87d9dfea73e67bb59b1a4d288e49021961f1600
Instruction Fuzzy Hash: E6414872D0070A8BDB04CFA9C440599FBB1FF99310F25866AE859AB351EB71A985CF80

Function 07C98150 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88fd492d846ced7bf9ad764284b1236f820e626ed5dc3a509b82bb5ae37fdfde
Instruction ID: e510c2cf0a0ac91eee90d8eb96f75bd3f2f476b5fcd4b25dc15fa5fa415e944f
Opcode Fuzzy Hash: 88fd492d846ced7bf9ad764284b1236f820e626ed5dc3a509b82bb5ae37fdfde
Instruction Fuzzy Hash: 7E3170B1A00619DFCF14DFA9D8485ADBBF6FF89710F10812AD401A7364DB31A845CF91

Function 07C90B50 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889f097453cf3325c3de45903815b38f760a41d3a156fdb48a5f94a1be7a507d
Instruction ID: 064c890c9d8467354a132621d2c3d6fe2292bd7867c3a66b57f8de9c601ea51f
Opcode Fuzzy Hash: 889f097453cf3325c3de45903815b38f760a41d3a156fdb48a5f94a1be7a507d
Instruction Fuzzy Hash: BA41CDB0D01249DFDF14DFAAC988BDEBBB5AF48300F20842AE415AB250CB759985CF55

Function 0B008809 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6a93e4d1ce3e0b1b9534ea44db3f1fa44a314bbec843042eef03d6132637bb2
Instruction ID: 32a65a67a3fc9841d1736a26dffb2dd129359b6c5aef53c6164f33e54e236786
Opcode Fuzzy Hash: b6a93e4d1ce3e0b1b9534ea44db3f1fa44a314bbec843042eef03d6132637bb2
Instruction Fuzzy Hash: D2317A71E00709DFDB19DF99D84469DFBB1FF89310F24856AE409AB392DB71A885CB80

Function 085644E0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48cba183b834e031e62dc7e75fac280bae95b0f1b8268a9404cb5e5f75188beb
Instruction ID: 21eeb59aece3cc66f48080f1816629d3ac325f71f927c17917a7373792c2b689
Opcode Fuzzy Hash: 48cba183b834e031e62dc7e75fac280bae95b0f1b8268a9404cb5e5f75188beb
Instruction Fuzzy Hash: 53318C39B00105EFCB48DF39F81426A77A7FBC4222F158569DA0A87394DF349D2ACB85

Function 08561A47 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0b9c1078d180c13c010a0e2b7ea1d85be8f775f96fa39437ea6d320354954ef
Instruction ID: 97103400560ced3fbe3ccadbe7f11779576e0d8fbdd006ae30bcfb81bec3734b
Opcode Fuzzy Hash: c0b9c1078d180c13c010a0e2b7ea1d85be8f775f96fa39437ea6d320354954ef
Instruction Fuzzy Hash: E3415B34A40B098FCB14DB68C554A6EBBF6FF85321F108519D40AAF3A1EB74E845CB81

Function 085631A1 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53f2214e78da13d5c79a73099066f41100f21ef66b942f87dd1654ebb5bdf5c0
Instruction ID: 9fda43bf80fe73675aafba926a99bc7a6bb0c85e904c27c0608f1a66e586bc06
Opcode Fuzzy Hash: 53f2214e78da13d5c79a73099066f41100f21ef66b942f87dd1654ebb5bdf5c0
Instruction Fuzzy Hash: C8316D307002008FCF55DB69C8946AABBB6FF86222F6445ADD406CB361DB31DC16CB61

Function 0B008278 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33a7cfa1bb6cb1c4582d6c23ecdc354baf5c8a1e3f78bda31b5baf713e24c474
Instruction ID: 6e4ded6b228de9c21906c6f0ce2837ce12cb2b11ee6e1b204e20556c90b6a5f4
Opcode Fuzzy Hash: 33a7cfa1bb6cb1c4582d6c23ecdc354baf5c8a1e3f78bda31b5baf713e24c474
Instruction Fuzzy Hash: 973176B8D012589FCB10CFA9D984A9EFBF4BB49310F10902AE818BB310D775A945CF64

Function 0B0067F4 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5674cd3766b8bcb25e0d85f5de3992b3ac3fa2c6415fe0bff606148af882bd12
Instruction ID: 08dccc372ff0430a5fb9b27ac2282189dec794316954fa19eaeee3acc0806096
Opcode Fuzzy Hash: 5674cd3766b8bcb25e0d85f5de3992b3ac3fa2c6415fe0bff606148af882bd12
Instruction Fuzzy Hash: C03175B9D012589FCB10CFAAD984A9EFBF5FB49310F10902AE818BB310D775A945CF64

Function 085631B0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1db6857b3b7d9bdab7f83c358210174542068b7fc5f3ff46449485947797fc4
Instruction ID: 6569ad715fff69e15fb34d97fb50b1e8c7f30f3be75788401e782a4f28b3e6c0
Opcode Fuzzy Hash: a1db6857b3b7d9bdab7f83c358210174542068b7fc5f3ff46449485947797fc4
Instruction Fuzzy Hash: B6317C307002048FCF54DB69C954AAEB7E6FF86222F6485ADD406CB365DB71DC16CB61

Function 07C90552 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43732e07839cec96c523f6d7d9c9c21d121b2a8c03b183f16db43041164c64e8
Instruction ID: 134696329811904feb6ad8f112c6a571206f1c99d41410605c07a9ff70309d4d
Opcode Fuzzy Hash: 43732e07839cec96c523f6d7d9c9c21d121b2a8c03b183f16db43041164c64e8
Instruction Fuzzy Hash: 3E318771A002069FDB48EBB4D4987ADB7B2FF85301F148529D506EB2A4EF349986CF51

Function 07C95860 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8455d2f1f6bfed43710937fabf3fb42050ea9ceef4121dbdbf465815bac43b9f
Instruction ID: 8d81d07b785b3418381ad8da38f1a2b85db97a61fbffd1e3095844e517cec6d1
Opcode Fuzzy Hash: 8455d2f1f6bfed43710937fabf3fb42050ea9ceef4121dbdbf465815bac43b9f
Instruction Fuzzy Hash: B8317E75A001098FDF55DFA8E988AEDB7F0EF49210F1541AAD505EB3A0DB359E11CF60

Function 07C99FF9 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c94d8b4fdece5c8cb9168e305884acac61227d7aad3dad9483071ed052f3399
Instruction ID: 66e004b15771ba4451e991ffef0ab940c03c887c02ff4caf1b755a3b33266701
Opcode Fuzzy Hash: 6c94d8b4fdece5c8cb9168e305884acac61227d7aad3dad9483071ed052f3399
Instruction Fuzzy Hash: 803192B5A01205EFDB54DF65C998BAEBBF5EF88200F10843DE4069B290DB75E940CB51

Function 085641C1 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1425ba7922f2fd24641a85e379ff23a18d630d7acfcdeac8970a98def0212b4
Instruction ID: cd4fa6bf069f560dc39d61da27df383beb13b1e96b4b92f9a34da63bb5a8f2fd
Opcode Fuzzy Hash: a1425ba7922f2fd24641a85e379ff23a18d630d7acfcdeac8970a98def0212b4
Instruction Fuzzy Hash: FB311C3064124A9FCF05DF28E9C0A9E7BB5FF44304B1186A5E8059F26ADB74ED4ECB91

Function 08563CB0 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c250bf81ec54b4186250e40dc4995c1c22fc4e83dab552464f207cb5adb3a841
Instruction ID: a4a75263a31196b04131885e6c0433dab7431790a4618f0943b7adbfab26815f
Opcode Fuzzy Hash: c250bf81ec54b4186250e40dc4995c1c22fc4e83dab552464f207cb5adb3a841
Instruction Fuzzy Hash: 33312635B01208AFEB14CB38E8547EABBF6FB85355F2484B9D109DB391DA329C16C790

Function 0B0086E8 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29604857c87d2ff42869cc809eb634aded288e0a85f9e87a210b34e1daf801d7
Instruction ID: 04ad4bb1af54eeb6266c25a91152ebf33cfee01fed217a124542c1d7909e0e18
Opcode Fuzzy Hash: 29604857c87d2ff42869cc809eb634aded288e0a85f9e87a210b34e1daf801d7
Instruction Fuzzy Hash: 58410272D0070A9BDB44CFA9C444599FBF1FF98310F25866AE819BB315EB71A985CF80

Function 07C96288 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47a8d5e638dd0f83f857e82d2378d8e67cffdaf651fa961bed6242e48c65aed9
Instruction ID: 79b37a32933453eb8a6037cc3ec8dae8a4e005a624fe74669d93b96757faac2b
Opcode Fuzzy Hash: 47a8d5e638dd0f83f857e82d2378d8e67cffdaf651fa961bed6242e48c65aed9
Instruction Fuzzy Hash: BD31A071914708CFCF45EF68D9586DEBBB1FF4A300F00856AD4567B2A0EB30A949CB91

Function 0B0063BA Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b43cae66aba7e65e1490e0f2dc392d90287c3e79a0c7fd39ae665921bea3771d
Instruction ID: 3583e91f741e4945c2f164e0bde77791dad58aebae8ef1ac33ecac871d581a5c
Opcode Fuzzy Hash: b43cae66aba7e65e1490e0f2dc392d90287c3e79a0c7fd39ae665921bea3771d
Instruction Fuzzy Hash: 4A31A2B2E10219AFCF05DFA8D8809EEBFB6BF4C210F15412AF915A3250DB319955DB90

Function 0B006750 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 646d5f634fe9060f1f086a01c6b0b6bf96b3ebd7a97b56a507325358e56b0f2e
Instruction ID: ee14132f57d526bd209b18b5ae0af4148d4b0ac2fc5b3f8181c9ffcd3ee7c1f8
Opcode Fuzzy Hash: 646d5f634fe9060f1f086a01c6b0b6bf96b3ebd7a97b56a507325358e56b0f2e
Instruction Fuzzy Hash: 3C3176B9D012589FDB10CFAAD584A9EFBF4FB49310F20902AE818B7354D735A945CF94

Function 07C93361 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d09fed14b67a3ad0ad3de9fa36999b13bc569fb78e5814b45404599b3f3ea45
Instruction ID: 83f570d5cc42f52577ba70bf75648df2461ddcffcc7286836cddfefda09e3dcb
Opcode Fuzzy Hash: 5d09fed14b67a3ad0ad3de9fa36999b13bc569fb78e5814b45404599b3f3ea45
Instruction Fuzzy Hash: 632106B77006104FEF64CA25C8D567E7BE6EBC4210F28806AD146D3795DB34EA81C761

Function 08563CC0 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acb9f1ef6e6f257513e05692a89df3b62f1e54630ef77937495c2df7007db53f
Instruction ID: 7fb6f10b08e51bab854aade5e35d5d18bb643df1f705dc62c36d9eafdb64b27a
Opcode Fuzzy Hash: acb9f1ef6e6f257513e05692a89df3b62f1e54630ef77937495c2df7007db53f
Instruction Fuzzy Hash: B421F135B00208AFEB14CF78E8547AABBB6FB85751F1044B9D509D7390DB369C16C790

Function 07C97F79 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00be4a0f440fca52c12947181771c8e196c2f54f119d0358b1bf284d7f7830ac
Instruction ID: 7e90f44657d33bf558620daaa76969dce454a591660012bae0ab3592c7669532
Opcode Fuzzy Hash: 00be4a0f440fca52c12947181771c8e196c2f54f119d0358b1bf284d7f7830ac
Instruction Fuzzy Hash: 08318431A10609CFCB01EFA8C8948DDBBB5FF89310F018299E545AB235FB30A949CB91

Function 07C91A8C Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6df2be97344b577e1ab045f16fdc3e47abf2b950f123fe50ad7d09fc8af6fae
Instruction ID: 9fa0d3554e88acb02711baa651b7a3f928df52416079f19db81c414f119dbb9a
Opcode Fuzzy Hash: a6df2be97344b577e1ab045f16fdc3e47abf2b950f123fe50ad7d09fc8af6fae
Instruction Fuzzy Hash: C321F4F0E10106DBCF927B69E4C81BABB70EF42200F544579C446A72C8EF31DA708B99

Function 08567DF4 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d67738288c7a77148f4eff9f09f4abc3e98da7614bbeeaa593b6666987b7110a
Instruction ID: 660a0e2a970e9919c21f6975c25dc5dda63a3492951edff9802965096f322f7d
Opcode Fuzzy Hash: d67738288c7a77148f4eff9f09f4abc3e98da7614bbeeaa593b6666987b7110a
Instruction Fuzzy Hash: B2312630A00209CFDB54DF98C695BAEBBF1BF88325F2044A9D005FB252CB759E51CBA4

Function 085689C0 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0549110d3394b56795b51ef4fad0bbbfcf32fc2d681558dedf10a1ff37f63cdf
Instruction ID: 66e16798bd0014f84218c6335c6dd2fe6fb2f3546636198ad0683d2fcc2782de
Opcode Fuzzy Hash: 0549110d3394b56795b51ef4fad0bbbfcf32fc2d681558dedf10a1ff37f63cdf
Instruction Fuzzy Hash: 673178B9D012189FCB10CFA9E984ADEFBB1BB49324F10902AE818B7310D375A945CF64

Function 0B0089D8 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 663c3fe10e26130d86117a8040c88b03dd41e791cc7ac3a2f515e03a8fb46e67
Instruction ID: 3fe46581688c084e768363fe4f3d3810123e7decc75f4644fab92b6f66063679
Opcode Fuzzy Hash: 663c3fe10e26130d86117a8040c88b03dd41e791cc7ac3a2f515e03a8fb46e67
Instruction Fuzzy Hash: 20312F35E11208EFEB18DB94E89499DBBB6FF85314F108569F405A7391CF31AC80CB80

Function 07C93370 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeae4f408f01219821a60596d5b92b60611638f953fbc62e5b41afbd2ca76440
Instruction ID: 24b407693390657d291e7b6808d5c10e688425870c06ee844b0ddda91f47e463
Opcode Fuzzy Hash: eeae4f408f01219821a60596d5b92b60611638f953fbc62e5b41afbd2ca76440
Instruction Fuzzy Hash: 7E21F6B77006108FEF64DA65C8D557E7BE6EBC4210B28813AD146D3794DB34EE81C761

Function 085689C8 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cf76b4e29d0fecab07a995b679bbfb098c7438a14e5573a1f61ff7e5e416065
Instruction ID: a237958ac2704eb4e8db374c37b45694513072ec0a45a2e04d66ad649e39241c
Opcode Fuzzy Hash: 9cf76b4e29d0fecab07a995b679bbfb098c7438a14e5573a1f61ff7e5e416065
Instruction Fuzzy Hash: FC3179B9D01218DFCB10CFA9D984A9EFBF5BB49320F10902AE818B7310D375A945CF64

Function 07C925A1 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0404a591d38b75f42ade418773254a640fa1966f39aca8f4bb4979f8d93b9aa
Instruction ID: e50a053f5e1b72e938c072defcf08cd3fc4b51b7fb6cb7780c9f632dd2039d1f
Opcode Fuzzy Hash: e0404a591d38b75f42ade418773254a640fa1966f39aca8f4bb4979f8d93b9aa
Instruction Fuzzy Hash: ED3125B4D0130AEFCB44CFA9D5495ADBBF1FF4A210F21D0AAD844A7211E7704A42DF90

Function 07C949D0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb1e17d17b7aecf7853ae6230e1c7c9358234a2915c7d4796309177dc83abe27
Instruction ID: 2ac660d9d00b327cb7532cec6d8e4513f08640eab94bbf3df4e4daf62d9ef285
Opcode Fuzzy Hash: bb1e17d17b7aecf7853ae6230e1c7c9358234a2915c7d4796309177dc83abe27
Instruction Fuzzy Hash: 9D21C171A0020A8BDB08DF69D9846ABF7F6EFC8310F248475D404A7354EB35EE55CBA1

Function 08563719 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd10bb36794131583aae9b68d544636e9a885886cda9a6152e95f7c0bc6b927b
Instruction ID: be989a221100cbc5b51d7d7334c3994184465e4d78d08ab807f01e88a37a7f7c
Opcode Fuzzy Hash: cd10bb36794131583aae9b68d544636e9a885886cda9a6152e95f7c0bc6b927b
Instruction Fuzzy Hash: A931BAB9D052589FCB10CFA9E484ADEFBF0BB09324F14906AE854B7311C335AA45CF64

Function 07C97568 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a2f10cd1e802927c072b65e6f305a4e1c29f3ae28351b63b8b2910364f0242a
Instruction ID: ff6d438697cdfe170d4db22147dc78e35014f7b938458e5eff36e5360efb54c1
Opcode Fuzzy Hash: 8a2f10cd1e802927c072b65e6f305a4e1c29f3ae28351b63b8b2910364f0242a
Instruction Fuzzy Hash: 3A216271E106198FCF85EBB8D4886AEB7F5FF88311F00416AD919E7251EB309A45CB91

Function 07C999E0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c5ca38a529a74516d91301ccf50523b32f1e6dfd8ef738f2e0a8b3ec14f8dbf
Instruction ID: 181f6eb05a7a71106624754d80890e7583f812901e5b4a22620a5295ce5e297d
Opcode Fuzzy Hash: 0c5ca38a529a74516d91301ccf50523b32f1e6dfd8ef738f2e0a8b3ec14f8dbf
Instruction Fuzzy Hash: 27218B75701206EFDF10DBA5EA88A6EB7B5FB89312F044029D519C7340DB34E941CB61

Function 0B0085A8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39ae1c46db400c58a52daab32ec846a1c220290d4889005a71ce05479465a924
Instruction ID: f949332624b022943b5f1f72b9fd4afa972e497508c0918cd7277b0de16f5a2b
Opcode Fuzzy Hash: 39ae1c46db400c58a52daab32ec846a1c220290d4889005a71ce05479465a924
Instruction Fuzzy Hash: CB217A31914248DFEB19DF90D859BDDBBB1FF55302F20815AD002AB2E6EB75890ACB50

Function 07C9FCD8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e4f5e58f29a5dc3c170829d9816c766af51cce49b26204093b9d820b9ed66b6
Instruction ID: 717dbd157e7b474676174d949c636a221c1f304a44926682568a8ab71c35caae
Opcode Fuzzy Hash: 0e4f5e58f29a5dc3c170829d9816c766af51cce49b26204093b9d820b9ed66b6
Instruction Fuzzy Hash: 0B3156B5900759CFCB50CFA9C588ADABBF4FF09310F1484AAD619AB321D730A940CFA0

Function 08560C88 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2424a383e4384e1b5dbf1857c9bfca075e305571deac73eecf87b61d47382473
Instruction ID: 8963091547696a95c6136f10e060622ef2442e3e65029d8c6b14a76c3d4d2884
Opcode Fuzzy Hash: 2424a383e4384e1b5dbf1857c9bfca075e305571deac73eecf87b61d47382473
Instruction Fuzzy Hash: 4031AAB9D012189FCB14CFA9D484ADEFBF0BB49320F14906AE814B7320D335A945CFA5

Function 0B00CB20 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16586b1e739a3dbe4b0c4db8265a01d4515263b43bdea857b8635fba3f649ccd
Instruction ID: ce9ec54cd9fbaed12efc0ee5b2eab6939820cd62b99bf6afcfa5d48538f3d335
Opcode Fuzzy Hash: 16586b1e739a3dbe4b0c4db8265a01d4515263b43bdea857b8635fba3f649ccd
Instruction Fuzzy Hash: 2F21A431910249DFEB15EF68D8449EEBBB5FF84310F10836AE51967290EF34EA94CB80

Function 07C949C0 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9aa18d0ae9ddb20f8be8b12813b488a50c7be6f4ddf96c75c48a07d3e7b1518
Instruction ID: ed0cd6559809878ae7167732997d633fb4b1d7e6174d34c272f091b7c71f9be0
Opcode Fuzzy Hash: b9aa18d0ae9ddb20f8be8b12813b488a50c7be6f4ddf96c75c48a07d3e7b1518
Instruction Fuzzy Hash: 03210031A0020A8BEB08DF69D9806ABBBE6AF84210B244475C404AB385EB35DE45C7E1

Function 08560C90 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fbebd75c2322ffc0258d32575461b210af9826fbc2bc572079ea89ed68dfb41
Instruction ID: c6587b25cb13f76aedecbbd10152e9f2a50c5149b78f88fc6022e6fbc02bb758
Opcode Fuzzy Hash: 9fbebd75c2322ffc0258d32575461b210af9826fbc2bc572079ea89ed68dfb41
Instruction Fuzzy Hash: 3C3198B9D012189FCB14CFAAD584ADEFBF4BB49320F14906AE818B7310D335A945CFA4

Function 08563720 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80b25743d9908601cb4ccb8ef34e15b69c1e68763b8d7112c139026055b48d68
Instruction ID: f81aa3488d80d14872208a379bc251307072847f0112e3c9d539319e76f251de
Opcode Fuzzy Hash: 80b25743d9908601cb4ccb8ef34e15b69c1e68763b8d7112c139026055b48d68
Instruction Fuzzy Hash: 1931A9B9D012589FCB10CFAAD484ADEFBF4BB09324F14906AE814B7310D335AA45CF64

Function 03AED1EC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265208735.0000000003AED000.00000040.00000800.00020000.00000000.sdmp, Offset: 03AED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3aed000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feafd2a7a944c4f7414cb5815a057955a981ab6f4904132b01e09814573f78e0
Instruction ID: 163da53c58eda61beb88bf2f96b81654eedf0b0e44d53b4773e2c4bf9e00f2e4
Opcode Fuzzy Hash: feafd2a7a944c4f7414cb5815a057955a981ab6f4904132b01e09814573f78e0
Instruction Fuzzy Hash: BE21F6B5544304EFDB08DF54D5C4B26BBA5FB88314F24C5AED8094F356C376D846CAA1

Function 03AED01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265208735.0000000003AED000.00000040.00000800.00020000.00000000.sdmp, Offset: 03AED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3aed000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3107f24a905ea10b577ef8bd48cc7acbe618ecf326ec4c784b9de0a00c455f5
Instruction ID: d4757eff8407e3c3189fc0589eb713d8951ba68fbed3eb6bf3476446baa93ba2
Opcode Fuzzy Hash: b3107f24a905ea10b577ef8bd48cc7acbe618ecf326ec4c784b9de0a00c455f5
Instruction Fuzzy Hash: DA210471604200DFCB14DF14D9C4B26BFA5FB84315F28C5AED80A4B256C33BD847CA61

Function 0B00AA08 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47fb4f0677728587ac769a0c4ab179adaaeb7777be8484103b5013812706144a
Instruction ID: fe9dbd76d1bfc88a2743df9c1ebb4cd22bb03c210ceb450b0bf58de13c806405
Opcode Fuzzy Hash: 47fb4f0677728587ac769a0c4ab179adaaeb7777be8484103b5013812706144a
Instruction Fuzzy Hash: 06219071A102089FDB05AFA8C454AEEBBF6EF8D300F14C16AE5157B3A0DF719845DB90

Function 0B00E4C8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2c41994c287a48fc06fb72638864a8e86682179c40f6422898bd68db4f74bac
Instruction ID: ee9d1e6d8a55698de962eea17324ed7af051ecbc02e5123680d304c99911bd54
Opcode Fuzzy Hash: c2c41994c287a48fc06fb72638864a8e86682179c40f6422898bd68db4f74bac
Instruction Fuzzy Hash: 3C31EB34A206188FDB55EB28C898AEDB7B1FF99300F5086D9D449672A0EF309EC4CF41

Function 07C925B0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac16dd7ba77a5e084d8f34cb66ee0880c84646a1b0a046f84ec63c9893c8ae60
Instruction ID: f01c328cd2b4de8a82025ca4e8d904086ac77544f7cd0e200d0bef1dd67907fa
Opcode Fuzzy Hash: ac16dd7ba77a5e084d8f34cb66ee0880c84646a1b0a046f84ec63c9893c8ae60
Instruction Fuzzy Hash: CB21E2B4E0220AEFCF84DFA9D5895AEBBB5FF59310F20D0A9D805A7250D7305A42DF80

Function 07C92A92 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6470e1f0169d594ab8d2f5211f694f6b618bb15a2d77b5fb51a12117e38b0e13
Instruction ID: 5fff7b7eadff70238ebccf0c37bfb339f2a7675100143377c765b01fdfb05bed
Opcode Fuzzy Hash: 6470e1f0169d594ab8d2f5211f694f6b618bb15a2d77b5fb51a12117e38b0e13
Instruction Fuzzy Hash: 6D2115B4D05209EFCB44DFA9D5499AEBBF1FF4A310F1490AAD805AB251D7305A41CB91

Function 07C923A8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58319a64da60f2ffe35055491d7cb06d896324ebd83b4aae4c985a57a018e409
Instruction ID: f8d19e69e4838c7d0415b3f60cd8ab642629065db466665e8284c256fa3eb56f
Opcode Fuzzy Hash: 58319a64da60f2ffe35055491d7cb06d896324ebd83b4aae4c985a57a018e409
Instruction Fuzzy Hash: E42116B4D05209EFCF84DFA9D5855AEBBB1FF4A310F1081AAC854EB261D7304A41CF51

Function 0B00BFC2 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d36c39fe98e9645a84d3a0f5a5c1078353580ca474cc7d23533a16800acac7a
Instruction ID: ee8e5976bc6459130671c6b6cd602bcf27af111f429c9c973ba2b2f9da4401a9
Opcode Fuzzy Hash: 5d36c39fe98e9645a84d3a0f5a5c1078353580ca474cc7d23533a16800acac7a
Instruction Fuzzy Hash: 2631D53191061ADBDB65CF58C940BE9B7B1FF58300F1086EAE50DA7251EB72AAC1DF40

Function 0B00BFDB Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3498eccaff98109eee33db5a460f9d484f08863631602a2757138a14c2b33bad
Instruction ID: 99ab6d3cbe1cca3c463f3aea494952f70450eaf40c99b580b9d89018693c165d
Opcode Fuzzy Hash: 3498eccaff98109eee33db5a460f9d484f08863631602a2757138a14c2b33bad
Instruction Fuzzy Hash: 5331B63590065ADBCB65CF58C880BA9B7B1FF48300F1486EAE90DA7211EB329AC1DF40

Function 07C92AA0 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 686e0d08f1f9f5abb19db529bb88f71bb98db7d0e671d9c288deb9b257dcbea0
Instruction ID: 461ecb7da7afa62a2c7b25078d3bd218a4192080046752a9deeeaae6a36c0466
Opcode Fuzzy Hash: 686e0d08f1f9f5abb19db529bb88f71bb98db7d0e671d9c288deb9b257dcbea0
Instruction Fuzzy Hash: 0D21C0B4E01209EFCF48DFA9D589AAEBBF1FF49710F1090AAD805A7354D7305A42CB91

Function 07C923B8 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7e3f8525df29e947986b2a4d7e0988abe371b7d0ce64577a36451ee6d261e84
Instruction ID: 17a509b6926f586a3bfe4ce0747627876e24828bd3b8e3a022b6c343920d9b57
Opcode Fuzzy Hash: b7e3f8525df29e947986b2a4d7e0988abe371b7d0ce64577a36451ee6d261e84
Instruction Fuzzy Hash: DE21E3B4E01209EFCF88DFA9D5899AEBBB5FF49710F1080AAD854A7350D7305A41DF90

Function 07C91A7C Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9714d9b3b3e0d8e1949a2c54dfa2573b3a70188b783d4ad1c78241520fd6ec7d
Instruction ID: e9897b47ffd8f70cbb593aba6cf912354dab54d65d6768a50d74a52450ae096c
Opcode Fuzzy Hash: 9714d9b3b3e0d8e1949a2c54dfa2573b3a70188b783d4ad1c78241520fd6ec7d
Instruction Fuzzy Hash: E411A7B2F0010AEBDF526B55E5485EDBFB0EB41361F7248B6D089B31C4E6318A368B95

Function 07C9A225 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b63dc444147d67be04dde44b265d074d8aaf1c22aa56433d91cdffef5246d09a
Instruction ID: 3bfc9e33cb103dd9f004653b987d37fc368123551984d32b4d90df2076f32a49
Opcode Fuzzy Hash: b63dc444147d67be04dde44b265d074d8aaf1c22aa56433d91cdffef5246d09a
Instruction Fuzzy Hash: BB11D3B1640B028FEB69D66AD5C83AEF393EFD0310F54C53AC41A466B8CB76E5C6C650

Function 07C946B8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05fb3f5fa4d92cf487c6f6dfb2ed74f499b965b4016f05cf7b329c0a0c53cb65
Instruction ID: 424798e84ec29c7c014a3754ce9a1bcdffaa97d40fb0e95bd0135bde594c1b50
Opcode Fuzzy Hash: 05fb3f5fa4d92cf487c6f6dfb2ed74f499b965b4016f05cf7b329c0a0c53cb65
Instruction Fuzzy Hash: 2F217F75B002159FC714DF69D4848ABFBF5FF89210B2481AAD949D7321EB31ED02CB91

Function 07C962D0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82d2b9c5d4bcf51620ef46248990d6f4f00d52df8d1cbaa1cb4a052de3c6b8cb
Instruction ID: 79b976ca05323ca49bc3ae60a438f40422a0d67ca9bad408c0659e31c0e8969b
Opcode Fuzzy Hash: 82d2b9c5d4bcf51620ef46248990d6f4f00d52df8d1cbaa1cb4a052de3c6b8cb
Instruction Fuzzy Hash: 53215971910608CFCF55EF68C9586EEBBB1EF89300F40852DD4567B290EB30AA48CB91

Function 03AED006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265208735.0000000003AED000.00000040.00000800.00020000.00000000.sdmp, Offset: 03AED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3aed000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e58bb4aa0816a665c48c57108d624052b8c3fdbe672aa0fc9e1e3c81b9d4836c
Instruction ID: 01e27e48f48bb3c527b62156667334c1c72a37d5cd02fb0ec7dfe2ad2d3e30cb
Opcode Fuzzy Hash: e58bb4aa0816a665c48c57108d624052b8c3fdbe672aa0fc9e1e3c81b9d4836c
Instruction Fuzzy Hash: 7D215E755093808FDB12CF24D994B15BF71EB46214F28C5DBD8498F6A7C33A980ACB62

Function 08561712 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd59280d32885c08db917ac0cf5d45ccefb47a2d483ffd06f4c1cde0104929bd
Instruction ID: 79459dbf09d6281e918e23f3903ed9301a406cac3067ba1c47a8f84164e2f71c
Opcode Fuzzy Hash: dd59280d32885c08db917ac0cf5d45ccefb47a2d483ffd06f4c1cde0104929bd
Instruction Fuzzy Hash: B111A038340B508FC729AA28D04057E77E2AFC5A36B20056ED4468BB52CB75CC6AC791

Function 07C97DE8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5e7cea9db20d9fa9690d1ee590ce845d01b7b83fb02390d3d9f094950ed399
Instruction ID: b9202c71d3a2519e8304124bdd25501597b8ca3d28c72e4377257c0ef7a59d2c
Opcode Fuzzy Hash: 0e5e7cea9db20d9fa9690d1ee590ce845d01b7b83fb02390d3d9f094950ed399
Instruction Fuzzy Hash: 6E112532A143589FCF01AA68E8844EDBBB5EFC6220F0441BBD8859B211EF319859C7D1

Function 07C91980 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 215fb817b1f799fce012cbbc0d090dc8392b7b58fed1650ce24caadcec5bfba7
Instruction ID: 1d40c8aab13930b04ce6f2479737da4bb670294d8bbe03c2f420efcea171af3e
Opcode Fuzzy Hash: 215fb817b1f799fce012cbbc0d090dc8392b7b58fed1650ce24caadcec5bfba7
Instruction Fuzzy Hash: FB115E75B102059FCB04DF69D4848ABFBF5FF89210B148569D909D7320DB31ED02CB91

Function 08565AB8 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5a1acd7e77dc17f9ff8f44e8ff7bb682784908e8e33c6cb55c395c55c21f8c9
Instruction ID: 25805d31a299a69a12088fb1dcec17919ff5aefc8e01d498bdd5bd6494345427
Opcode Fuzzy Hash: f5a1acd7e77dc17f9ff8f44e8ff7bb682784908e8e33c6cb55c395c55c21f8c9
Instruction Fuzzy Hash: 5F117071E002169FCB50DFA9D8016FEBBF5FF88321F54853AD519D7200E73599128B90

Function 08569FA9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd36b59f51120388c108e4a047fc6636141ce7d30b5b8efa4a9cb5e2fb024694
Instruction ID: 363b369f8d578e8e0f429b6d92dc2d11f51dfa1f1adf491957383b1b41c8bd7c
Opcode Fuzzy Hash: bd36b59f51120388c108e4a047fc6636141ce7d30b5b8efa4a9cb5e2fb024694
Instruction Fuzzy Hash: 7C115E75E012599F8B55DBA9C8404EFFBF9FFC9210B25422AD415E3240DB746D068BA0

Function 0B008A2C Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e997610bad7320fdaf93db2c40b4dc1898b9099cb012c771d8061b879e52a18
Instruction ID: bc9c75dc20465397ff6e98486763071b78aedaa4641e289ecfd9bd3a0d370a34
Opcode Fuzzy Hash: 4e997610bad7320fdaf93db2c40b4dc1898b9099cb012c771d8061b879e52a18
Instruction Fuzzy Hash: E0210A35A11209EFDB48EBA4E484D9DBBB2FF85314F1082A4F4056B3A1CF31AD85CB90

Function 0B002B78 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db07cff6b1e71a0704d3535152a28c934fd7ca170b0811c9104470cab699fad8
Instruction ID: 9441dfea3a761256681feacf71582023df8e60762ddddf142852cd7e97562052
Opcode Fuzzy Hash: db07cff6b1e71a0704d3535152a28c934fd7ca170b0811c9104470cab699fad8
Instruction Fuzzy Hash: 4C019271A20219AF9B09EFACDC548FFBBBAEFC8710B14452AE51593291DE709D0187E1

Function 0B0070B2 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6604d7ffccc5578071e0e2d08bda250c4e188c6651e06cab265c45333cc15a4b
Instruction ID: ebe90ac1c3b091289836a3030d4d74df55cd322b38cef123aaa0f7b1b25be467
Opcode Fuzzy Hash: 6604d7ffccc5578071e0e2d08bda250c4e188c6651e06cab265c45333cc15a4b
Instruction Fuzzy Hash: 5101F5B2B047109FE7198E6C9C40ABFABE6EFC4610B08866AD408DB2C1DA749C0183A0

Function 03AED1E7 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265208735.0000000003AED000.00000040.00000800.00020000.00000000.sdmp, Offset: 03AED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3aed000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 84209b6db04854f4aedd977c8130d6e30e2abde93bacea2599bbd7956540f1ab
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: CD119D75504280DFDB05CF54D5C4B15FFA2FB88314F28C6AED8494B656C33AD44ACBA1

Function 07C9D027 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f73d0c81da43124fb526b8483530ebe2a544821ffddfa6bbd4d0c881979f762
Instruction ID: 60b44bfc5bdb352dcb8b4a53f8f4ab6c9fce5ef9d3f474705a26e5c5bdbcf464
Opcode Fuzzy Hash: 7f73d0c81da43124fb526b8483530ebe2a544821ffddfa6bbd4d0c881979f762
Instruction Fuzzy Hash: AD11A0B0D0020ADFDB40EBA8C8566AEBBB0AF45300F14417AD945B7395DB789946CBD5

Function 0B003808 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffe4fb8ae221d4ebde128cdcfa206e71bdd3893aad31a16681e002c5c6944018
Instruction ID: c1c2a86b01a866df629b6615657e9c0e6253e4647d01cd4b668e4472099245b3
Opcode Fuzzy Hash: ffe4fb8ae221d4ebde128cdcfa206e71bdd3893aad31a16681e002c5c6944018
Instruction Fuzzy Hash: BA01C0B1B142486FCB06DEA8DC009AFBBBAAFC8210F04452AE84487281DE709D0087A1

Function 07C95988 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 337be85c33b5ce9c7c36fa26dfda5eb66a5f1b86bf9eb57143387f2761d30f35
Instruction ID: 93b1c12a18319c7a06bac0eaf8b3a9eb27b19b6c235628067e5930f54a06703a
Opcode Fuzzy Hash: 337be85c33b5ce9c7c36fa26dfda5eb66a5f1b86bf9eb57143387f2761d30f35
Instruction Fuzzy Hash: 1F01F7F2F04205AFEF932765E85D2DA3FF0EB42260F2644B7D48AE72C4E530452A4B91

Function 07C92CB0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11693a7bad2a2b8d0af45976709a9f21f275f2d6b5f346767f2e204ef7929398
Instruction ID: d066ce4bc208a21fd3d547cccdd2be680443d286b89773638136e45b5d6f5400
Opcode Fuzzy Hash: 11693a7bad2a2b8d0af45976709a9f21f275f2d6b5f346767f2e204ef7929398
Instruction Fuzzy Hash: 92018FF3A08157BB8F972F42D58C090BF60FB02290B6584B2D0C59A19AF22087A1CED5

Function 07C91A13 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6073a316d62e2e6073583a859dde4234faee61674c3a384f737bea8e5a3921dd
Instruction ID: 5ce24baf063458d4d79890af54cc6edb7e4e514a17028698db568c9751cdfa44
Opcode Fuzzy Hash: 6073a316d62e2e6073583a859dde4234faee61674c3a384f737bea8e5a3921dd
Instruction Fuzzy Hash: AFF0DBF1F14106AB9F972756E84D0E97BE0D782261B264877D44AE32C4E53086364781

Function 07C9BEE8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5409ec5f9b3c28438457233f4fce0b72d65aae99b5e419c876a1482c2d192a3e
Instruction ID: 3a67195d171e2cc9fe925a4ea389b048dd072b603dbc817c5ad0a5fd961d7318
Opcode Fuzzy Hash: 5409ec5f9b3c28438457233f4fce0b72d65aae99b5e419c876a1482c2d192a3e
Instruction Fuzzy Hash: 2401DF76204388AFCB158F75D81CD2B3FE9EF8631070584BAF845C7161EA31C814DBA1

Function 0856A029 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4095930972c5e7adcf7dc22731a37701b5cf45a7816078bdec2142d2be0ea87d
Instruction ID: 991cb756fe8ccf04b814923f3d3fb10bcf8cc4ea2c1afb0100b76fee99721819
Opcode Fuzzy Hash: 4095930972c5e7adcf7dc22731a37701b5cf45a7816078bdec2142d2be0ea87d
Instruction Fuzzy Hash: 640196319057449FCB01AB7CD805899BFF5EF8A320B05859BE1459B232EB31D994CB81

Function 0B00C261 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 126963e0bd42c00e81e59831a9927020d491f9b188c8df35e60a6a507c9f42bb
Instruction ID: 4ce7d1ea3ee1affb71ab4ddd373ea937fd3ce4da2a8eb4818b98f5765e697be4
Opcode Fuzzy Hash: 126963e0bd42c00e81e59831a9927020d491f9b188c8df35e60a6a507c9f42bb
Instruction Fuzzy Hash: C3F0C2B23242043FEB059A58DC51DBBBBAFEBC8720F04411AF50487391DE719C1183B1

Function 07C92698 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82b4caac71226519999dd44028e2e108e43d4f7b13fb562cd086408f49545788
Instruction ID: e044140cb0c8bc6f567ad022f254bd3873ed3fb657b654aa36fec1b31ccd9738
Opcode Fuzzy Hash: 82b4caac71226519999dd44028e2e108e43d4f7b13fb562cd086408f49545788
Instruction Fuzzy Hash: 520149387142826FD7899B3DDC1892B7FABBBD6220B18807AE545C7751CE60CC0087F1

Function 03ADD76D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265139815.0000000003ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ADD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3add000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c5008980d494ca6e6fcc9677d640f5eb2e1d213adea8a2547b243916cb4e94
Instruction ID: b35410d37ba6dc6ca3127ef2bd3f5b94e3e9a0b166b5ac896013e9d2868aa0e8
Opcode Fuzzy Hash: f7c5008980d494ca6e6fcc9677d640f5eb2e1d213adea8a2547b243916cb4e94
Instruction Fuzzy Hash: 6701A2710093449AE710CB2ADD84B67FFE8EF42764F18C4ABED0A4A286C2799840C671

Function 07C96570 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beba0b039e70996d89c25c1bfe0215b1f3036368b0ca2dfbb5de72311c574266
Instruction ID: b5bacf98667360d23354bf2ccd1e60131c7a78141de7b9928b133693319c1de8
Opcode Fuzzy Hash: beba0b039e70996d89c25c1bfe0215b1f3036368b0ca2dfbb5de72311c574266
Instruction Fuzzy Hash: 5E01F53290174A9FCF11EF78DC444C9BF75FF86304F05866AE0016B225D774A589CB90

Function 07C9F3E0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935fa91bd9ac7106fd5878f33bb4c0e05b269776a560ca430f81ab5f7be6242a
Instruction ID: 51348871d3e2c9c64de1a055ac918ee7329a8f181ebbdcce9c013b7bcff5421d
Opcode Fuzzy Hash: 935fa91bd9ac7106fd5878f33bb4c0e05b269776a560ca430f81ab5f7be6242a
Instruction Fuzzy Hash: 69F0FC7634051143CD95236D708C67EB386DBC2625F14043FD60EC6A91CF5498919292

Function 07C999BD Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09bcaee8cba79933f6b6c5178dda6051714ea37735d96ac494d5e36bd237ac82
Instruction ID: 3fbeaedb6855033e8012731d71b53a6f00000f037f73b8a39a7d809357f77044
Opcode Fuzzy Hash: 09bcaee8cba79933f6b6c5178dda6051714ea37735d96ac494d5e36bd237ac82
Instruction Fuzzy Hash: B8018FB57012069FCB00DBA5E698A6DB7B6EB88301B104529D51ACB391EB30ED11CBA1

Function 0B0078E0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b71ff6a850da8a5b8859814e403dd01679b5963bf635355773ef0c5ba5f7cae0
Instruction ID: 93796b63308604321c033049e97beab1b5d1a7c1a8a6e2962d9a5e082bba06d9
Opcode Fuzzy Hash: b71ff6a850da8a5b8859814e403dd01679b5963bf635355773ef0c5ba5f7cae0
Instruction Fuzzy Hash: 30F02473B682401FD70A55391841566BBDBA7D2020F19847BD149CB3D2DC65CC1242A1

Function 07C9D038 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af40fcc485415176cc7e1e4debde0581b66088ae6579f99c581ad81004db7a0
Instruction ID: f7873ae63224046be05fcf3be4004b57b811d5e16099d738b59560288e48ab4d
Opcode Fuzzy Hash: 4af40fcc485415176cc7e1e4debde0581b66088ae6579f99c581ad81004db7a0
Instruction Fuzzy Hash: 930180B0E0020A8FDB44EF68C8166AEBBB0EF44300F008139D915B7394DB7899418BD5

Function 0B00D298 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 798358ace8163f2ccf84ecb423572427662d3ff19d438950596e23d0cd631b0d
Instruction ID: 30a14d30ef35e7f53e86561e5526340dc74d27610f464dd5d70cf13eee127a4d
Opcode Fuzzy Hash: 798358ace8163f2ccf84ecb423572427662d3ff19d438950596e23d0cd631b0d
Instruction Fuzzy Hash: 73F0523072A2A19FE729153D685026EBE9BD7C21A0F4841BBD008CB3D2CC69CC1083E2

Function 07C926A8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e57d23d69b4e7e00ffc2d3b7ce17b7959e3bcd1e5c46a2ed87ece26d2d5976b3
Instruction ID: af6fa90a126a599764d49fa6859ec0e0c77a3dd5ba423ae5fa1fd02346c84d8f
Opcode Fuzzy Hash: e57d23d69b4e7e00ffc2d3b7ce17b7959e3bcd1e5c46a2ed87ece26d2d5976b3
Instruction Fuzzy Hash: 75F0F6747202029FD78C9A3ED80CA3B779BBBD6220B18C13AE506C7714DE70CC0047A1

Function 0B00BCED Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c49a5feec2734807f0183b3bbf0dccdbb849d29596fbb65a0c3e21df4ee7a1db
Instruction ID: e9c03495d78c7314545b781f814992fb619bbae1af8553e6c0a980f9223f8035
Opcode Fuzzy Hash: c49a5feec2734807f0183b3bbf0dccdbb849d29596fbb65a0c3e21df4ee7a1db
Instruction Fuzzy Hash: 8611F63581061ACFCB15DF64C980AD9F7B1FF99300F1086DAE6497B261EB70AA90CF40

Function 0B00B45A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cba4f37abdb0ae9dce4533cf353a8c5c31bd462875a5e1cc4781d559975a86c5
Instruction ID: 88995fafb350b1779057866504601b6ef6a0fd7cf2d83a93e59933167dd976d0
Opcode Fuzzy Hash: cba4f37abdb0ae9dce4533cf353a8c5c31bd462875a5e1cc4781d559975a86c5
Instruction Fuzzy Hash: 7DF09E76B292408FD308153A2C2062B7EDB9BC6620F09C47BD149C73C2DD74CD0583E1

Function 0B00FC87 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f179fcb3f9a7c9cca4e1f8277aa60e44e3744fdd09b45c8c2c463e6a67405ea4
Instruction ID: 835d417830ac86c5a3b1196edf85c44b65b743211c81f8a7bdd7d98191246467
Opcode Fuzzy Hash: f179fcb3f9a7c9cca4e1f8277aa60e44e3744fdd09b45c8c2c463e6a67405ea4
Instruction Fuzzy Hash: D3014431600B225FCB55AB15D00075ABBA2EF82330F08415ACA0AABF80CF65BC498BC1

Function 07C9BEC0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27cb51bdb73feda9aad42ba9e0c6ec1f52431f7f167a2283bd4cc3fc6d4b2992
Instruction ID: ca4eba5df5721ee9408e11a3f72c1b48e79ac959dbeae7df9eb65ab54162470e
Opcode Fuzzy Hash: 27cb51bdb73feda9aad42ba9e0c6ec1f52431f7f167a2283bd4cc3fc6d4b2992
Instruction Fuzzy Hash: 1CF0827561D3D06FD7228A3A98589A73FFC9D9752030941EFE484CB513D4588C0997B3

Function 07C94921 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78b1a08b8d013cf42aa95cf71414a42e04372010f5903e6f1a720ddf863b9ec9
Instruction ID: d4d16d5f7015bb0abf6ec089c73cbfe4fad731dd8cf3bc0a999da53c91de5ddb
Opcode Fuzzy Hash: 78b1a08b8d013cf42aa95cf71414a42e04372010f5903e6f1a720ddf863b9ec9
Instruction Fuzzy Hash: 4E016DB4640109DBDF88EBA4C855FAEBBBAEF88310F098078D515B7391CA35DD51DB21

Function 0856313A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df1830d3d096f9e5c7361a493b5c6245da6bea1f6617f43d50ae85f4b847cd6e
Instruction ID: 4c4a748413d2f18b169b09b7b1a2837670ccb0ad6e0d34d07eb22606d24656dc
Opcode Fuzzy Hash: df1830d3d096f9e5c7361a493b5c6245da6bea1f6617f43d50ae85f4b847cd6e
Instruction Fuzzy Hash: 0D01EC75A052499FC741DF68D48089ABBF4FF4931471581ABE809DB352D7319D06CB61

Function 0B005AD8 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dacd7a3b3a0a6feb34a3574c0b8d551db80a671e11ce39649c613bd7424afce9
Instruction ID: 9cfa6a37437edacc624f6b0c3a98898722fb60f8cd2b9092474d1e91e4a4f3f6
Opcode Fuzzy Hash: dacd7a3b3a0a6feb34a3574c0b8d551db80a671e11ce39649c613bd7424afce9
Instruction Fuzzy Hash: 4B012930A4070ADACB24AF68C8907A9B375FF94300F51D6ADE54D67650EF30AEC5CB41

Function 0B00BEEE Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b00c05278b43d89878dbc0c5d8313aa1467ea40d4e2c1965b5aeebd1830ffc5
Instruction ID: 149e3ce00a53df965a099f2809de724e5a8e08b17e9d2b34bf604a25bdc409f6
Opcode Fuzzy Hash: 2b00c05278b43d89878dbc0c5d8313aa1467ea40d4e2c1965b5aeebd1830ffc5
Instruction Fuzzy Hash: 4411E33191071ACACB15DF68C840A99F7B2FF99300F11C7DAE5496B221EB70AAD0CF81

Function 07C96580 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6523f9ce79d38fdfba8266f70f3ff7744fe8ed814ea1b97c40ad346703f86753
Instruction ID: a9a0695ca0d200e3d4261ae79e00f0a7335659a092a0f36378ca55748faeb9f8
Opcode Fuzzy Hash: 6523f9ce79d38fdfba8266f70f3ff7744fe8ed814ea1b97c40ad346703f86753
Instruction Fuzzy Hash: 7B01D63291060AABCF10EF65DC448DDFB76FFC5304F00862AE10527210E770A599CB90

Function 0856A038 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56fa94002c4744671c29193b2a02c2fbbbd11c365b0a86cf4353d91c73c2901b
Instruction ID: bc379caeeb9bb011516d4fd50ee1e7d84ca25a9c1556ed200d65c0c3d6865fca
Opcode Fuzzy Hash: 56fa94002c4744671c29193b2a02c2fbbbd11c365b0a86cf4353d91c73c2901b
Instruction Fuzzy Hash: 480167359106059FCB01EB6CC805899BBF5EF89310B05C656E54997231EB71D954DB81

Function 07C93448 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0c11dad33e03f5b5da7399ee81eee9a5b6a6f2c16a6cb35b0aac2435d189afd
Instruction ID: c9b22b6be2a90ae8cebcd326886f5f02637692ceee5bfa4dc21d3612e899c884
Opcode Fuzzy Hash: f0c11dad33e03f5b5da7399ee81eee9a5b6a6f2c16a6cb35b0aac2435d189afd
Instruction Fuzzy Hash: CEF0C231A106149FCB10EF69DC84C8EFBF8FFC6300700415AE51597320EB30A909CBA2

Function 08566400 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9012cee926e22cfa755bc399dc11d41e0a9b86a2b4069e265d813c061e8f3833
Instruction ID: 7b693960ffc88382eded0383a2a94e2e86d2097cccb43cf7c634fd2a2619e322
Opcode Fuzzy Hash: 9012cee926e22cfa755bc399dc11d41e0a9b86a2b4069e265d813c061e8f3833
Instruction Fuzzy Hash: 9FF0AB2A7181900FC30946793E800AF9FCBEFC653270994BFC04AC7752C964CC6A0251

Function 08565C20 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81f7b4568a5d557bc5b1b46d532412037df4b8000b9a6e30db2448828c8edb22
Instruction ID: 1b8574b3183d7de7f236c316c3756f6df1852b3f2123695553f163380db9cc6d
Opcode Fuzzy Hash: 81f7b4568a5d557bc5b1b46d532412037df4b8000b9a6e30db2448828c8edb22
Instruction Fuzzy Hash: 60F05E31340111CBDB149B6CE4848ACBBD9FF4567671901AAE60ACB762DF25DC918784

Function 0B006370 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 843f36c229573d0b0ddd26eb96472c3eb725c4c8d569dc2c09218cb3d42213d0
Instruction ID: f34e9478096fac701452f78b4ac83ad7c229565ea39ca2f4326e22915b12ffad
Opcode Fuzzy Hash: 843f36c229573d0b0ddd26eb96472c3eb725c4c8d569dc2c09218cb3d42213d0
Instruction Fuzzy Hash: F5F03A7614424C7FDF028E859C41FCB3F69EB4E760F054101FA4866190C521A8259BB0

Function 03ADD76C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265139815.0000000003ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 03ADD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3add000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9256b77469cf9ea3b238e52c3236db11eb6d31f22580dc87299f65cbe3c5fd5
Instruction ID: c1f77d715e4e90a2ec8e14d1ad5ea42f1f001c980c96410ea49935b7e4d6d08c
Opcode Fuzzy Hash: a9256b77469cf9ea3b238e52c3236db11eb6d31f22580dc87299f65cbe3c5fd5
Instruction Fuzzy Hash: 08F096714093449EE7108B1ADDC4B62FFACEF41738F18C49EED494F286C2799844CA71

Function 08563C42 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3dd64db134b153c73bfe12122ddd87075e72922654a49eef8fb0a1cc59db977
Instruction ID: 6fac1d7d5705c83254b93632d6c2306b099ea07beb09d7ae4f939e640c0d64df
Opcode Fuzzy Hash: f3dd64db134b153c73bfe12122ddd87075e72922654a49eef8fb0a1cc59db977
Instruction Fuzzy Hash: BCF05C317192805FD309563C6C6842BBF9B9FCA26170A81BFE109CF293CD204C21C212

Function 0B00D2A8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab3a1f761839d355bd49a6ff449f353c21e71280dec667e68cfd12bc4db58301
Instruction ID: 0ebba5463912bb9825bfa12666e466f91c5af095fbee0f0cf1c341605ef30a18
Opcode Fuzzy Hash: ab3a1f761839d355bd49a6ff449f353c21e71280dec667e68cfd12bc4db58301
Instruction Fuzzy Hash: 86E02231B242159BE71C257E589066FB98FA7C5260F14863AD50DC73C5DC79CC1182A0

Function 0B0078F0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 338cf1afb3693635a1e1c424d71867af3d78d2668113fc596837ee50de871cd4
Instruction ID: 4b5e80fe1a5a00a58a2b3869abd178d07d9bbeac5a865769ef1d28d2f1b85610
Opcode Fuzzy Hash: 338cf1afb3693635a1e1c424d71867af3d78d2668113fc596837ee50de871cd4
Instruction Fuzzy Hash: B2E02232B282150BD70C693E184096BB6CFA7C5120F65803BD10EC73D4ED7ADC234280

Function 0B00B468 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c860694ac0a82ef48d44f750a6848a3a5e7899f7b764b7d8b546da15e3255e1c
Instruction ID: 18dd2303166c6ca8403fcf7eca66d33513623c6856c70e58864b6e3daff48964
Opcode Fuzzy Hash: c860694ac0a82ef48d44f750a6848a3a5e7899f7b764b7d8b546da15e3255e1c
Instruction Fuzzy Hash: 49E02236B391508BE34C653E2860A2FB9CF9BC5620F14843AC20EC7381EE75CD128290

Function 07C9FE40 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f58eb25dcfe8c2439a156197e1faa2eb1c393068d0ac279aba24b6251d2dbe9
Instruction ID: 3a551015d42a3a207abc58095d59f677b1ba9ffc05bcbcbe7e2037bdebb84af3
Opcode Fuzzy Hash: 6f58eb25dcfe8c2439a156197e1faa2eb1c393068d0ac279aba24b6251d2dbe9
Instruction Fuzzy Hash: A8F02EBA2007A107CB76636965C857E3B959B83615B08046FD545CA782CF146846D3A2

Function 07C99CE7 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6722d508da3089433280e07b30f67e3da3632a21685f13c40ee3c8afa6aa53b1
Instruction ID: dc730457578383c342b9a5a3dbf12e5858ea2c5b5ed94d62c5e93c912a5b3ba6
Opcode Fuzzy Hash: 6722d508da3089433280e07b30f67e3da3632a21685f13c40ee3c8afa6aa53b1
Instruction Fuzzy Hash: ACF0A7312043456BD320DA2AD8C488BFFE9EE86220705C47AE598C7211C670E845C761

Function 08563148 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8ca669a8a78e94565a60be00f8dd615bc465828c5b67a9a9ed00ec689a01bb3
Instruction ID: 41818308295ef9c9839caee275b9580eef7a8e35144dc0d729e0f403d02f025c
Opcode Fuzzy Hash: b8ca669a8a78e94565a60be00f8dd615bc465828c5b67a9a9ed00ec689a01bb3
Instruction Fuzzy Hash: 68F0FF79A002099F8B00DF59D58089EFBF4FF49324B14816AE919DB311D731ED16CBA1

Function 0856E2BE Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bddd4cbc46c6858ea87f2f43af316bf652202a30661bfd6ac90102cc750293ce
Instruction ID: 33d86c1b62bfcddededcfc3f86d9d51c4dc819ebc032b3f4ff0880736218a8f6
Opcode Fuzzy Hash: bddd4cbc46c6858ea87f2f43af316bf652202a30661bfd6ac90102cc750293ce
Instruction Fuzzy Hash: E401D278942229CFEB54CF68CC91BDDB7B6BB88201F1482D9C409EB280DB315E819F64

Function 0B002C7C Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e4b2fb6f12918709f8870b47af165e2c10591586c8412efd659b12efd7a5895
Instruction ID: 4e30603cc85c3d312cca5506b1b06dea8c3794e0619ed2b2ef8fba07a9a686a5
Opcode Fuzzy Hash: 2e4b2fb6f12918709f8870b47af165e2c10591586c8412efd659b12efd7a5895
Instruction Fuzzy Hash: E3F01DB0E1420E9FDB44DFA9D845ABEBBF4FB48300F108469D609E7350EB759544CB95

Function 0B00FC98 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37664658acae4cdf04594ab14734bc6ebe2965f8a90ef5ac7b0d0f2f43cf5e02
Instruction ID: 888abc9255c03b3780b51bee7a0087ddc76d4f24b8756840a2b4d3964db493c0
Opcode Fuzzy Hash: 37664658acae4cdf04594ab14734bc6ebe2965f8a90ef5ac7b0d0f2f43cf5e02
Instruction Fuzzy Hash: C2F0B431A00B225BDA54AB16D410B5EB396EFC5730F044129CA0A6BF80CF71BC458BD4

Function 07C9F710 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681f8558e9378e5e56886c10b293d7bf28a0282b1544ae5490c23c9e94e52a4c
Instruction ID: 0a016074001fd706d8277350e88702fb5411219ad11caa4478ec7c63a87c757a
Opcode Fuzzy Hash: 681f8558e9378e5e56886c10b293d7bf28a0282b1544ae5490c23c9e94e52a4c
Instruction Fuzzy Hash: DFE02BB230E6C156DF27011D5DD846E2F1ED7C703075A81BBD00CC772996218885C2A3

Function 0B00465F Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2899ab09f041998a1470a1671676145cd5af09f8dada1590855dd80fdaa8b67
Instruction ID: ce58453062df447a8929d30e2b69c5db375d3e08197bd5395752ddcdd219a771
Opcode Fuzzy Hash: b2899ab09f041998a1470a1671676145cd5af09f8dada1590855dd80fdaa8b67
Instruction Fuzzy Hash: E2F03CB0D1030A9FDB54CFA9C885AAEBFF0BB09200F148559D619EB2A2E7748545CB91

Function 07C94782 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80f25b49fdd2c6bc5bb4b76120282ac0d472aa7e97da74407602e8279ca317b6
Instruction ID: 3fb48bd0f5766a968675a178e7200391232085efcf60ed89d53e3efe7e774fc1
Opcode Fuzzy Hash: 80f25b49fdd2c6bc5bb4b76120282ac0d472aa7e97da74407602e8279ca317b6
Instruction Fuzzy Hash: 81E06D707583A49FCB55EB79985986B3FAA5F4692030A01AEE945CF362CE21DC01C3B2

Function 07C9E399 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1ff2cb6c96d56182398f5a37ba4779f7c9e4ce35771af06e737fb02d94159d0
Instruction ID: 2dd54257f0cc027dc1e503a5606a0202b88cdd066d0402aa6117c212b016a0c6
Opcode Fuzzy Hash: c1ff2cb6c96d56182398f5a37ba4779f7c9e4ce35771af06e737fb02d94159d0
Instruction Fuzzy Hash: BEF04FB6D002559FDF81DFA89C087AEBFF2BB88600F54443AC044F6215D7740945DBD0

Function 08566A9C Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 528fb4ff53ca55b819f221f10e0c0ecd5895693779498ac625b9841a80f55adf
Instruction ID: efd8e180538462bc960487fca5c5917aa638697cdf5ab19483340ae44e690033
Opcode Fuzzy Hash: 528fb4ff53ca55b819f221f10e0c0ecd5895693779498ac625b9841a80f55adf
Instruction Fuzzy Hash: 90E065353502209BDB04B664E4146AE33CE9B94662F00417DE405CB381DF65DC0293D6

Function 07C947C8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0496899991f2023c7dc8b4fd627cd14899f06b17ac54b680262703fc7bc58c23
Instruction ID: e0b52ce72186e26152c55f5d48ab80afa7346b17539945873e479a40ba148489
Opcode Fuzzy Hash: 0496899991f2023c7dc8b4fd627cd14899f06b17ac54b680262703fc7bc58c23
Instruction Fuzzy Hash: 4CE068B62192EA5FEF6551796C486977BE48FC3221B0A00B7D808C7602E111C902C380

Function 08566410 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9243001d43a0c8c9ed1677fa8e880c742b2b06db6675c72fe06f057c573a406
Instruction ID: 7edc0584296d20e32db3d8f643af2fc84bcb064e3f1b8450eee5a84c2f73feb8
Opcode Fuzzy Hash: d9243001d43a0c8c9ed1677fa8e880c742b2b06db6675c72fe06f057c573a406
Instruction Fuzzy Hash: ACE0262A71405447C358557E6D8016FA6CFEBC8573B08847BD20EC3740DEA0CD2101D4

Function 07C9E3A8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e131acde41e2b0084c8e52cdec6b5550ff8d6a8c70f28e7a0b1bac0a670a6b0
Instruction ID: cbc89833090db9fca219392147f8de8f0513b4108415f5c63779d87bda9d484c
Opcode Fuzzy Hash: 0e131acde41e2b0084c8e52cdec6b5550ff8d6a8c70f28e7a0b1bac0a670a6b0
Instruction Fuzzy Hash: 5CF017B1D002699FDF84EFA9D8086AEBBF2AB89600F10443AC408E7240DB740A41DBA1

Function 08563A1F Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd7ea2d79116475a7cf862a1bd5707a17440d59bb635cbc8172987349229cbc
Instruction ID: 366cbbe27797d081e1bd13d3e11f094a477181b4d8ddf41855a597c3d499daa7
Opcode Fuzzy Hash: abd7ea2d79116475a7cf862a1bd5707a17440d59bb635cbc8172987349229cbc
Instruction Fuzzy Hash: 1AE0D83A2862842BC305522DF8519D77BADCBC7335B14406BF04CD7352DC659856C7F2

Function 0856E221 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81d5b01059b7ebce59fd60cc6d94d5fa98cf69b20c2b3aab845bce0d3997aa8
Instruction ID: d6354adde5cb48289fcd8fbec91da7ef08b66671891cd88900d6d44561eeb903
Opcode Fuzzy Hash: e81d5b01059b7ebce59fd60cc6d94d5fa98cf69b20c2b3aab845bce0d3997aa8
Instruction Fuzzy Hash: 3301AF78E002598FCB68DF64C982B9DB7B2AF8A310F544499C44DFB682DA325E81DF51

Function 0856E2EE Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ba76e077a8afa008aeec28af850773848ad8ba11bb7fb5b313e3a39b799a5b6
Instruction ID: 12705807bfc8074379160bfda470027f8d4f88fd8a30c0b516b31b1879e0cb35
Opcode Fuzzy Hash: 3ba76e077a8afa008aeec28af850773848ad8ba11bb7fb5b313e3a39b799a5b6
Instruction Fuzzy Hash: 6B01B678A01229CBEB58DF64CC91B9DB7B2BF49200F5446D9C409FB680DB315E81DF65

Function 07C97490 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3b3e61a20021577956c7f4e2ce1fd7c37f2134b1b09200e2664107a4dfc80fb
Instruction ID: 5e2a3f2cebe4eba6d8e2ce99878d407e8d4c8d5591ce2f753e3f98a1fcf070a4
Opcode Fuzzy Hash: e3b3e61a20021577956c7f4e2ce1fd7c37f2134b1b09200e2664107a4dfc80fb
Instruction Fuzzy Hash: 53E09BB17106104B5B8CEB6FA84485AF7DBAFC8510314C07FD00E87B54ED709D0186C4

Function 07C99815 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f057a385a1fc2d640d34d2b8cde3615405cab15bb6f85e06490fb5bfb234e6
Instruction ID: 1f3e3aaae98a6d3d393d9e3ac5c40e5785974462cf3cb6583189f28e4942e3bd
Opcode Fuzzy Hash: d8f057a385a1fc2d640d34d2b8cde3615405cab15bb6f85e06490fb5bfb234e6
Instruction Fuzzy Hash: A6F06D763042009FC7149F69F548A5ABBA2FBC9761F20C03EE649CB380CB31D815CBA0

Function 07250448 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2287514250.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7250000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d57259839a3c05d87c96a5f1e419661da160f4ee97f7410f7089acd62dd1315
Instruction ID: a85c09a1d1707de4b3cbe61f872fc51f6584332553f49ba9d4b26572711eb292
Opcode Fuzzy Hash: 6d57259839a3c05d87c96a5f1e419661da160f4ee97f7410f7089acd62dd1315
Instruction Fuzzy Hash: 99E0D8363002145FC7149A2EC884D6BFB9EEFC57207148035F50C8B324CA32DC4192D0

Function 08566AA0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d7a2fd6b55ff87135991d10101f4a6ad9cd0d3bfac9c23cc0e7ba0c2ed508d6
Instruction ID: 8733b4d0b5bfea66fd221f8a93d8bafa2efb270a84eb7656b27a9f70af00f947
Opcode Fuzzy Hash: 0d7a2fd6b55ff87135991d10101f4a6ad9cd0d3bfac9c23cc0e7ba0c2ed508d6
Instruction Fuzzy Hash: 37E01235350220DBEB04B768E4286AE33DEEBD9662F00417EE406C7391DF65DC1297D6

Function 0B006A0C Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aa024d90dbaf7f14282f07b23483b55c0c62a2ba629f9bf62050c927e641ae7
Instruction ID: 199c8f5bb73fe1e9a8d92cd902bd38f218e9182ee6c9c94cfbadfce2d5430c5f
Opcode Fuzzy Hash: 7aa024d90dbaf7f14282f07b23483b55c0c62a2ba629f9bf62050c927e641ae7
Instruction Fuzzy Hash: A9F0D43A010609EFCF02AF98C844C99BFB6FF89324B05C595F6195B132EB32D5A4EB41

Function 0B006380 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbbb5fffdd37acb3e2673060a0a5f7121d949602481e47f406aef9295a70e03f
Instruction ID: 6bab4d5e050a62869e1560e4119420183520005c2858c2dd45935c3cda046241
Opcode Fuzzy Hash: cbbb5fffdd37acb3e2673060a0a5f7121d949602481e47f406aef9295a70e03f
Instruction Fuzzy Hash: EBE0C23714024CBBDF119E86DC45EDB3FADEB8D7A4F014101FE0866250C232A861DBA0

Function 07C9E29A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f37e5a6854f0c85f170bdfef393521f4bde687c4eacdcadff693cc0032d93910
Instruction ID: afa51d741f39437fcf1ae9f602ef90389703b18de9b6e01080bcac140b9a6d4e
Opcode Fuzzy Hash: f37e5a6854f0c85f170bdfef393521f4bde687c4eacdcadff693cc0032d93910
Instruction Fuzzy Hash: E4E086333053245B876462FE688449B7BDEDEC667531405BEE259D7392CD2A8805C7A2

Function 07C919A0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4d890ba1c97b9e9ea41d75fd0c5588ddf9eef11b53028ffb1880790fab3b0d7
Instruction ID: 7a8e36ea7d70afbb5b722c51b47f2d50f61169e53cc2f0d713628bdae8691045
Opcode Fuzzy Hash: f4d890ba1c97b9e9ea41d75fd0c5588ddf9eef11b53028ffb1880790fab3b0d7
Instruction Fuzzy Hash: CAE080B1760319974E98E77A9458C3B779EDF85950305457DE506C7350CE21DD01C3D5

Function 07250740 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2287514250.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7250000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a5f31b80217fba15d620a337852496a05aceddee186ba2e30c58310efd0e014
Instruction ID: f20bc8c5e25768ab5e72eb3e9de43e3db688cfdfc84f5b4f7a48f959e7135d76
Opcode Fuzzy Hash: 4a5f31b80217fba15d620a337852496a05aceddee186ba2e30c58310efd0e014
Instruction Fuzzy Hash: 65E020363053425FCB234A65EC00EBA7FB69FC6359708C09EE589CB952D6215C06DB91

Function 08566FE9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3301aff6dda96480a03d80abf5049862b540018c497793b41efce4bb1f65906e
Instruction ID: 46fc96fe13f012540f09341017eba17085625f0431c52cef887e87bac3ccf83b
Opcode Fuzzy Hash: 3301aff6dda96480a03d80abf5049862b540018c497793b41efce4bb1f65906e
Instruction Fuzzy Hash: 8DF0F8396002198FCF00DFA4D444AADB7F1FF88621F004459E505AB354DB34E915CB61

Function 0B00C21D Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fbeca1bb3160ce234742a3bbb63d0988a5de2dbbab20885c70a13fa9416f378
Instruction ID: de85e2e67db22d688131dbdc206b404ca3af016f234643fe78918860cd5aee06
Opcode Fuzzy Hash: 1fbeca1bb3160ce234742a3bbb63d0988a5de2dbbab20885c70a13fa9416f378
Instruction Fuzzy Hash: 04F03076409384AFDB034F64DC219903F75BF03210F0A40C3E5818F0A3C6215964DB66

Function 0B004787 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55e6264e27c99bee1cdd461a398c46f1e301daf6d7272ffc51417cb3294f32ec
Instruction ID: ef9d70a4a1429fa47e7870fcd1c25d117601d4ee57d0accf308d18390e6785b0
Opcode Fuzzy Hash: 55e6264e27c99bee1cdd461a398c46f1e301daf6d7272ffc51417cb3294f32ec
Instruction Fuzzy Hash: 42F08570D9824C9EEB40DF78C485B9EBFF0AF0A614F14C6ACD518EB262D7B48504CB01

Function 07C90A99 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ddaf2d57536c650eed3365fca52bb732bd515281b680df6e5619c3245d2f7ad
Instruction ID: 867c81546d81c6f189e38e9cc2f137d162257c9702ff123f243c07af20d6eab9
Opcode Fuzzy Hash: 5ddaf2d57536c650eed3365fca52bb732bd515281b680df6e5619c3245d2f7ad
Instruction Fuzzy Hash: 29F015B099825AEFCB80DFB8C489A5F7FF4AF09210F1584B9C054EB262E7708504CBA1

Function 08560722 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5467c2cf594027694edce89c480f9f24ba9a6ff28838dd472d6b8f78e4c032f5
Instruction ID: d6d7d830327d17f080ab880a8b906c94b2b5deb3b94d90b503346fd60afb329a
Opcode Fuzzy Hash: 5467c2cf594027694edce89c480f9f24ba9a6ff28838dd472d6b8f78e4c032f5
Instruction Fuzzy Hash: 90E086312046646B8752961AB85085B7F6EDEC3A7074580ABF548CB262C9604D15C3F1

Function 0B00AD3D Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0436e7ec6bcf92ccb0e9a56f3e2b85a9b6748db4b84b9f873f71ea38dc509cb
Instruction ID: ae9aae6cb97bbc6b49214304daa6bbf24a3246cb27c322ea40828b8eb797e4b4
Opcode Fuzzy Hash: c0436e7ec6bcf92ccb0e9a56f3e2b85a9b6748db4b84b9f873f71ea38dc509cb
Instruction Fuzzy Hash: 24F0AE3A010604EFCB42AF94C808C94BFB2FF9E320B1AD295F2485B132D732D5A1EB00

Function 07C94758 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 832e5278c4680820c44be11be3cb0ba34d946baed1a3fcc67697f27d0f963267
Instruction ID: a9b995e53ad885f01ffa05fd9d12dc3ea074821d948abbcff7edcac644c26c7b
Opcode Fuzzy Hash: 832e5278c4680820c44be11be3cb0ba34d946baed1a3fcc67697f27d0f963267
Instruction Fuzzy Hash: A7E0C27130D7A96B8B166768E8554AA3F9D898603030A00FBE58CCB043CF05490183FB

Function 07C97DA1 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 771059d56a95162549b8e4eb92ecc6c88685a8a2c11a43f963f03910d72d3395
Instruction ID: 1bcecd622fc85a1b909a7364206fa75b7dad109fa8d880da9e22cb6ccb92fbb2
Opcode Fuzzy Hash: 771059d56a95162549b8e4eb92ecc6c88685a8a2c11a43f963f03910d72d3395
Instruction Fuzzy Hash: AFF065714657599ECB42DF7484840693FF45F17110F00C07FD449CF162E230C698CB91

Function 07C97480 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31eec3cb4933c74e11506fd35543e5a96ba6fdfa33d40cca33cc551a8a2ff95b
Instruction ID: b62724c8c815a2c7c7e95a687bc32d378fd2236d12da1d7f8a386402a4aab9fa
Opcode Fuzzy Hash: 31eec3cb4933c74e11506fd35543e5a96ba6fdfa33d40cca33cc551a8a2ff95b
Instruction Fuzzy Hash: 79E020B07087914FD74AD77D5840476BFA26ED610031485FFD0C8CB506D6755D12C7C5

Function 07C9E2A0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae810f11ae5dac376749920b7e35693ded5d1167fd0f6a4235520e48433d1fdc
Instruction ID: d49258302b81184b259f4854808419a6beb09c47b7bff7ee4fa4f00a731fd100
Opcode Fuzzy Hash: ae810f11ae5dac376749920b7e35693ded5d1167fd0f6a4235520e48433d1fdc
Instruction Fuzzy Hash: A0D0C23330132417466421FE2C8485B368EDECA671310027EA229D7381CC268C0182A1

Function 07C9C69F Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acf7c6a4d7ffbd4372b1aa428eee112c5f99a4c38f58bf568b6d2af12389c274
Instruction ID: 2ae939d4253f36815367ea125ed0bb52ce2b4dc2a39a71c85218330ee61b6787
Opcode Fuzzy Hash: acf7c6a4d7ffbd4372b1aa428eee112c5f99a4c38f58bf568b6d2af12389c274
Instruction Fuzzy Hash: 78F039B690021ACBCF10DF95D4406DCFB70FF59324F159296D5007B201D370AA96CBD0

Function 07C9B36D Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e658f34967768736c783b692ba607afae1d5660f3e732624027501979ba67cf
Instruction ID: 59ad9ee3aba3dd7b7a759ce6f0bafe71a24184c7a1359f03dd0dc20b5db33c46
Opcode Fuzzy Hash: 0e658f34967768736c783b692ba607afae1d5660f3e732624027501979ba67cf
Instruction Fuzzy Hash: C8D0121B74012157C41821AC155167F49878BC4E56F14152AE606EF395CD99AC0203E1

Function 0856E1AE Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34ca0c48b5938f53ea62518b7157bc448626b5ac6b23103cfbe7e0008df3909a
Instruction ID: 0155ea6c1ceb74bfa0d2281b9f76ce0135c943f7c13465b0fa3e600015c51567
Opcode Fuzzy Hash: 34ca0c48b5938f53ea62518b7157bc448626b5ac6b23103cfbe7e0008df3909a
Instruction Fuzzy Hash: 6AF0C979E0520D8FDF44CFA5C4814EDBBF2BF89221F68451AD402F3340D63459928F65

Function 07C9CB5F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5731b13e0a98f64c28b5727c7e1c57ae004f2186f9cce08c36d5d192734fe281
Instruction ID: e53ee0796c226fe6e9735014fd773204bf2f32ed9f4418287c7768c2e6e6d33d
Opcode Fuzzy Hash: 5731b13e0a98f64c28b5727c7e1c57ae004f2186f9cce08c36d5d192734fe281
Instruction Fuzzy Hash: 0FE0CD379445204BDF708910F8C57C83791FF85204F19CCE6D481DB189C529C9478751

Function 07C9A5B8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb5cfcafea3e2ec288e239c12e978be35aff28fb1f681d15a5e89d0085c06aba
Instruction ID: 95378a81c959294d29059782d0569cc05748534b4b724ca46860eee4c0110b3f
Opcode Fuzzy Hash: eb5cfcafea3e2ec288e239c12e978be35aff28fb1f681d15a5e89d0085c06aba
Instruction Fuzzy Hash: A4D02E3B28402092DDA0D624BCC57D87345FBC5300F28CD26E842D7148C42ADA828221

Function 07250750 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2287514250.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7250000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44d639493c0cf7c923d38c06e3e52f56bc0ce2b6c41d4d7fe003e6f189233418
Instruction ID: 9d58d24453de52238503b3e4f2424ff439e8baeb09aac8613d28dd400803ca89
Opcode Fuzzy Hash: 44d639493c0cf7c923d38c06e3e52f56bc0ce2b6c41d4d7fe003e6f189233418
Instruction Fuzzy Hash: B7D05B3730060557CA2555569D00E7B779A9BC4764B048069EA5DC7650DA61A8019751

Function 08563A30 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04aa1afe632fc5d7f1fa6ad3bf1af8a3dddabe06a79443e2e378a424c28fb86a
Instruction ID: eb1a0c4954f7d0ab8009fdea4751f88425db32accb84a99a958b311d32eb6050
Opcode Fuzzy Hash: 04aa1afe632fc5d7f1fa6ad3bf1af8a3dddabe06a79443e2e378a424c28fb86a
Instruction Fuzzy Hash: B8D05E3A3401181BC604524DE451AAA739EDBC6725F048036E40DD3314D9B5AC4246E0

Function 08560730 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3a4a4a2fa9faeb425f03ee623ee0fa4e2835406cffbba7658ba9f4e0bf9c02f
Instruction ID: 8e590f62417368357935ae22e9b1d34b8dc1bd0b25c18be71a76388bad546d10
Opcode Fuzzy Hash: b3a4a4a2fa9faeb425f03ee623ee0fa4e2835406cffbba7658ba9f4e0bf9c02f
Instruction Fuzzy Hash: B9D0C936300528774B54A54BBC00CAFBB9EDFD5A71755C13AB91D97320CD719D1682F4

Function 0B004798 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95fcf0f9dda5dfb421210c7a71009f73178202b5a02eb199016dcb828318e2d5
Instruction ID: 84917eb5c796fa5feccdb0fe1a4c34e27f7a09610710c91e700e0a4691aa7e45
Opcode Fuzzy Hash: 95fcf0f9dda5dfb421210c7a71009f73178202b5a02eb199016dcb828318e2d5
Instruction Fuzzy Hash: D5E0B6B0D50209DFE740EFB9C945A5EBBF1BF08A00F11C5A9D119E7352EB7496058F91

Function 07C90AA8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63cc39ef8c0db8e6cb336bd1421c59ab475a6b59e7bd4fa3450582328ce5c9a8
Instruction ID: 030649cc3df9e8f7ac6ff918acd512e94b8fcd86e0577526d7b0d5fac724e80e
Opcode Fuzzy Hash: 63cc39ef8c0db8e6cb336bd1421c59ab475a6b59e7bd4fa3450582328ce5c9a8
Instruction Fuzzy Hash: 0AE092B0D5020ADFDB80EFA9C909A5EBBF1AB08600F2185BAD019E7211EB7496458F91

Function 08561720 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7677a7bb546cceafc156ab7753d32ccc27c8fecbfcfec297374618441f768052
Instruction ID: a1c20b0b02a2d894821742eb2f9855261eb4f189a9a53262433dde822369ae96
Opcode Fuzzy Hash: 7677a7bb546cceafc156ab7753d32ccc27c8fecbfcfec297374618441f768052
Instruction Fuzzy Hash: 86C08C2B380934230909315E341087F728F8ACA9B2314403FE50EC7340DD888C2303EA

Function 07C97DB0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b59f29e9558776b038bccf162f533af4410616b37da1592a431b330fb9a87899
Instruction ID: 69e7826ef093846fe3fa44bebaf254372c4cd74ede30e9cc1fd19823caba6488
Opcode Fuzzy Hash: b59f29e9558776b038bccf162f533af4410616b37da1592a431b330fb9a87899
Instruction Fuzzy Hash: 56E0127282160C9DCF90EF74D5440AD7BF8AB15211F50C53EE81D9A210F630D394CF90

Function 0856BFBA Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0144e27a57a558732f69a3756b972418b68a1dd03a192181a8a03fea0c9ae9d
Instruction ID: dbfebc24fd4d73c606aa131b17289bcdfb5358d3efe913715ee8de9717c8e2c4
Opcode Fuzzy Hash: e0144e27a57a558732f69a3756b972418b68a1dd03a192181a8a03fea0c9ae9d
Instruction Fuzzy Hash: 57E01234A4216E8ADB60CB24C941BA8BBB0BB45211F5084E58088E3200EA305B80DF10

Function 0B009981 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5556bb2888f487988fa6b760a365761c9f098f9b18cbcf7299e9f5fe26d5ee8
Instruction ID: c6052dd953a2d31220ffeeb9314cddfda7a1b635cd39d77f98809d4bb4b36c22
Opcode Fuzzy Hash: c5556bb2888f487988fa6b760a365761c9f098f9b18cbcf7299e9f5fe26d5ee8
Instruction Fuzzy Hash: 69E09A35A11228DFDF159B50CD41BAEBB33FB44301F5041D9E915622A0CB315E95DF52

Function 0B0037E0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdd31cafeeadf8488431d3216840ccdb176433912ab6f706090f524952651814
Instruction ID: 4eb389adeae5dea4cc372a49318bd0f7a036262c28bc73e2c1ced6bc94f86171
Opcode Fuzzy Hash: cdd31cafeeadf8488431d3216840ccdb176433912ab6f706090f524952651814
Instruction Fuzzy Hash: 6ED09232098289BFCF06AE90AC02D993F35AB15351F098046BA95190E2C6628630EB52

Function 07C93310 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91c8e5d2e7b7f66a17e887ca06a7e009de4bfa16183f642b1eaf6949e212b429
Instruction ID: ae20f23f36de2bc51396aa7370d354b126979f7e61ffee574bce64d22a8b5b1c
Opcode Fuzzy Hash: 91c8e5d2e7b7f66a17e887ca06a7e009de4bfa16183f642b1eaf6949e212b429
Instruction Fuzzy Hash: 6CC01261895B486ED201B625CD13A4D7FB4FB23A50F444266E4C519090EB10855CA3E3

Function 07C93339 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28b04333f7e0d98327786750c3d48913fda9f6f2a08396533703f21b5381d3c1
Instruction ID: 6fa15dbfe1730bafe7e23a0ac8831245256c1a427592b7be56aedc0f8229996a
Opcode Fuzzy Hash: 28b04333f7e0d98327786750c3d48913fda9f6f2a08396533703f21b5381d3c1
Instruction Fuzzy Hash: 21D05232184308AFC7018F10D844E887BA5EB06220F4180D2F9888B262C332A818AB80

Function 0B007090 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed241e6b8576c1a4e3901f815e734b5d4df41cf6e2d22b69567e20b4107b3ae8
Instruction ID: 930ea8a8ff1f361cc727f7cf2c309b36788a5b8308c09ff250e9ed50bb024d76
Opcode Fuzzy Hash: ed241e6b8576c1a4e3901f815e734b5d4df41cf6e2d22b69567e20b4107b3ae8
Instruction Fuzzy Hash: 46C0020454E3C659D327A234595A645FE647C5315436DABCE9CD98E493C6088985C3B3

Function 0856E55A Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41e103b23b53959b4dfe09303bd8cf2bcdd4d5978e666c8fd4afa7cab470ebb2
Instruction ID: f4061350b3e2d56e55db8079f5133b665a07a097a540a3d7c08927e242ecfdb1
Opcode Fuzzy Hash: 41e103b23b53959b4dfe09303bd8cf2bcdd4d5978e666c8fd4afa7cab470ebb2
Instruction Fuzzy Hash: ADD092B8D0811A8A8B50DBB0C4814EDBBB1BE09222F24151AD002F3241D63449919F61

Function 07C94768 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 852043aa1160bfbf4a144063924e33870f4dd8596db5944b5098f2588f6c0658
Instruction ID: d594db75d21da423d9e0ccf8a92983bf57d8148e749cb12136bd7ced05737d08
Opcode Fuzzy Hash: 852043aa1160bfbf4a144063924e33870f4dd8596db5944b5098f2588f6c0658
Instruction Fuzzy Hash: 5FB0122274453C130C89329D38114AE73CE4AC58B075A007BE50D877408E851D0112DF

Function 0856C0FE Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10b2dd1df638f17ef308ead497f66f2b86ca1f8fc59475408099c33607eb263a
Instruction ID: 88df29b92e1a5a3265cab3c604f15a4a16c9c64da89a0219fa7133641cf641c0
Opcode Fuzzy Hash: 10b2dd1df638f17ef308ead497f66f2b86ca1f8fc59475408099c33607eb263a
Instruction Fuzzy Hash: CCD09274D0522A8FDB20DB65C940B9CBBB0BF06351F0054D68189F7240DA344E90DF25

Function 0B00C248 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff90f425843041228db26a39f110253bb49bcd35abbb2f0fdb8b8f487ca9e6f
Instruction ID: a886479c79e50c56c17b9731a382ffb28e085a788f10a2a399aba8d2e93eca94
Opcode Fuzzy Hash: 4ff90f425843041228db26a39f110253bb49bcd35abbb2f0fdb8b8f487ca9e6f
Instruction Fuzzy Hash: B1C04C3600010DBBCF066EC1DC11CDA3F6AEB04350F008411FA1404061C673D970BB55

Function 0B0037F0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 095cf6bf9eacae5bc16fda1faa9585d81bd0dcd311c16178ab7edb0ee3355590
Instruction ID: d2c6fb7a08b20a96437f882194e8c1d05f861be5694b2dd8f55813b499959e48
Opcode Fuzzy Hash: 095cf6bf9eacae5bc16fda1faa9585d81bd0dcd311c16178ab7edb0ee3355590
Instruction Fuzzy Hash: 4DC0483600020EBBCF06AE81EC02CDA3F2AAB08361F048415FA18080A18A739970FBA1

Function 07C93348 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90

Function 0B002D44 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e1ba3677c71ed65e0cd9b00ea1405d3875180ad343a2cc237f216d67861c108
Instruction ID: 125e6c35fa31a487c2fd7e90de3ba90032e3f94c93586d631c5a828e629a4314
Opcode Fuzzy Hash: 9e1ba3677c71ed65e0cd9b00ea1405d3875180ad343a2cc237f216d67861c108
Instruction Fuzzy Hash: DDA002142F9286A9F868F368599E77E8441FBD1B03FD0ADA3661BED0D85C8CE944003B

Function 07C98FA8 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d018d68ef1e385c0b4489baabe71f3f247fa4e81ef3045e6fdd13b06e27ad0b
Instruction ID: 1164a5182c3b0429cc60e4ec63783bc042e990095849e908bd02205ae9ae0697
Opcode Fuzzy Hash: 1d018d68ef1e385c0b4489baabe71f3f247fa4e81ef3045e6fdd13b06e27ad0b
Instruction Fuzzy Hash: 7FC002628191D16FFB92BB6471883543F9317A3345F08199DD4884138ED19D424ACB31

Non-executed Functions

Function 0856F790 Relevance: 2.6, Strings: 2, Instructions: 143COMMON

Download Yara Rule

Strings

wkVQ, xrefs: 0856F8E9
XDUQ, xrefs: 0856F854

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: XDUQ$wkVQ
API String ID: 0-1120765957
Opcode ID: 6da2d905e615ed014a5ab5034875517d850228e4a0d25e3948ad51bae9b01073
Instruction ID: 847a485cbe98b318612b5f339c89e595f0703aa58a4e982c30f117968d567bf8
Opcode Fuzzy Hash: 6da2d905e615ed014a5ab5034875517d850228e4a0d25e3948ad51bae9b01073
Instruction Fuzzy Hash: D451C474E052199FCB48CFA9E8809EEBBF2BF89311F14986AE415F7310DB3099158F65

Function 085319F9 Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

.DT&, xrefs: 08531B1F

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID: .DT&
API String ID: 0-450903968
Opcode ID: 6e7d5650b4671eac7fd79b1e451cac4107160212c992052ded881db4ffa5ca8b
Instruction ID: d93a4cf5fc4b83703a05874d9869942aefda2e4359f03ae137bfae2fdd4452c6
Opcode Fuzzy Hash: 6e7d5650b4671eac7fd79b1e451cac4107160212c992052ded881db4ffa5ca8b
Instruction Fuzzy Hash: 38717674E492499FCB04CFB9D880ADEBBF6BF89214F18C19AD405BB216D7709949CF60

Function 08EFD180 Relevance: 1.4, Strings: 1, Instructions: 187COMMON

Download Yara Rule

Strings

d, xrefs: 08EFD1E4

Memory Dump Source

Source File: 00000000.00000002.2306562425.0000000008EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8ee0000_Titan.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 09c04364383a6cbef2699f270551dfaf49b0b42724bd600794322d8a94aeb96b
Instruction ID: d99d02b5fe4412d428f1681de83c53077860cae7d29016c6911e8b9d730e62ff
Opcode Fuzzy Hash: 09c04364383a6cbef2699f270551dfaf49b0b42724bd600794322d8a94aeb96b
Instruction Fuzzy Hash: F261C1327002018BE744DF68CD81B9A7BA6EFC1304F1494BADA0E9F397D6BAD945C791

Function 08EC2240 Relevance: 1.4, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

BG, xrefs: 08EC2326

Memory Dump Source

Source File: 00000000.00000002.2306373146.0000000008EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8ec0000_Titan.jbxd

Similarity

API ID:
String ID: BG
API String ID: 0-24399239
Opcode ID: 6e1393aae637790f68a5c60ec16db609edcdec6e407f8b70f31ef05b6b5366be
Instruction ID: 156efd31c5899af8a6c7b08ba970c7b9b01f211081cb610cc625ccf769020f66
Opcode Fuzzy Hash: 6e1393aae637790f68a5c60ec16db609edcdec6e407f8b70f31ef05b6b5366be
Instruction Fuzzy Hash: DF51DFB7D0050ACBCB14DFA5CA513FEB7B2EB90301F148179D511A7682EA389A53DB80

Function 0856F5BA Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

F5}, xrefs: 0856F62F

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID: F5}
API String ID: 0-3327517796
Opcode ID: 3ac4563e21468239a3cc63142db7587657e450ad2c2808f6794c1b1cfc4b8f6d
Instruction ID: e10d5cc37be6ac7c0a923d58ab4512a71e1da43adc83067c2254719b4918ba9d
Opcode Fuzzy Hash: 3ac4563e21468239a3cc63142db7587657e450ad2c2808f6794c1b1cfc4b8f6d
Instruction Fuzzy Hash: 6351C2B5E0121ADFCB44CFA9E9809EEBBF2BF88211F54956AE415B7314DB309912CF50

Function 08EC2278 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

BG, xrefs: 08EC2326

Memory Dump Source

Source File: 00000000.00000002.2306373146.0000000008EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8ec0000_Titan.jbxd

Similarity

API ID:
String ID: BG
API String ID: 0-24399239
Opcode ID: bb24e76c32a80f085be8609b0811eed43867f0b654823d3910cf3c9d39796286
Instruction ID: 47ef9a883eb7c3d28c65fd153ba0c5d332647d43f22b8dbd351af8ae62a9f9dd
Opcode Fuzzy Hash: bb24e76c32a80f085be8609b0811eed43867f0b654823d3910cf3c9d39796286
Instruction Fuzzy Hash: B641B4B7D0050ACBCB14DFA5CE513FEB7B2EB90341F048139D511A6682DA795A57CB80

Function 08533690 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

Rr2\, xrefs: 0853372A

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID: Rr2\
API String ID: 0-2560159141
Opcode ID: 21ac2136a6d0b2cdc6027fb73e6fb898cf6152df0dd116209316ab00b5818a63
Instruction ID: 641806a642c76285c5add359e8f440f8d3812ce5db9f58a35859da9ddbd2599c
Opcode Fuzzy Hash: 21ac2136a6d0b2cdc6027fb73e6fb898cf6152df0dd116209316ab00b5818a63
Instruction Fuzzy Hash: 7D41E475E012188BCF58CFAAD9406DEBBF2BB88210F14D4AAC409B7354DB715A498F64

Function 08533680 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

Rr2\, xrefs: 0853372A

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID: Rr2\
API String ID: 0-2560159141
Opcode ID: 51643040e41f4fe794d35e1b67b27c2cf03c60d0d889980ebc6565a05bcaa3ff
Instruction ID: d659ca822b36aea51f7678283a98912766167a25e1328060cdf6f2dec5866894
Opcode Fuzzy Hash: 51643040e41f4fe794d35e1b67b27c2cf03c60d0d889980ebc6565a05bcaa3ff
Instruction Fuzzy Hash: 42411474E012288BDF58CFAAD9406DEBBF2BF88310F18D0AAC409B7354DB715A458F64

Function 0B00C470 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb4cd41dba35e97bb78f5fabd091323bfb0c54ae9d3c87e4f7af54b0803fc0c5
Instruction ID: b4139fa0892f45eaaae93085af2d0de1473a8f5e41f5dca0c4521ea733ab3072
Opcode Fuzzy Hash: cb4cd41dba35e97bb78f5fabd091323bfb0c54ae9d3c87e4f7af54b0803fc0c5
Instruction Fuzzy Hash: 40D14B34A11619CFEB58DF64C980B99BBB2FF85300F5081E9D909AB2A1DB31DE85CF51

Function 0B00C43C Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1389d028e023fa6378cbc421345e95ae307b5a84ed0023a1a802c9a5f0150727
Instruction ID: 4c9e72ca4dcc63f5cdd47f40f46ef498feb6213f4deec35e37840a7ae1f8692d
Opcode Fuzzy Hash: 1389d028e023fa6378cbc421345e95ae307b5a84ed0023a1a802c9a5f0150727
Instruction Fuzzy Hash: 74D14B34A10619CFEB54DF64C980B99B7B2EF85300F5081E9D909AB2A1DB31EE86CF51

Function 0B00D4E8 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc1538019cb05250c1da3efafaa1e272346d205e438074ff05a012348c8e7f4a
Instruction ID: 54e2f171ba01185dc21b0702945a9324989aef833c05e76ed4684521ba15ec49
Opcode Fuzzy Hash: fc1538019cb05250c1da3efafaa1e272346d205e438074ff05a012348c8e7f4a
Instruction Fuzzy Hash: F2D14C34A10619CFEB58CF64C980B99BBB2FF85300F5081E9D909AB3A1DB319E85CF51

Function 0B00687C Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29469ff2bc36e5d9acc5f823736f4428ded7cc7460c711c632da7cd773371730
Instruction ID: 305a51b212dff7ec857df12c9b1f7fbf6e53dba4cf0d49c0f97a6aee89ee9f5c
Opcode Fuzzy Hash: 29469ff2bc36e5d9acc5f823736f4428ded7cc7460c711c632da7cd773371730
Instruction Fuzzy Hash: 94B15534A24215CFF758CB58C995FAABBB6EB44700F1084BA98199B3E1CB35DE54CF11

Function 0B006860 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db690062dae02864a41659f9ee2644ab4d28801eb9f0055f952328f69e3bb533
Instruction ID: 9a0f396db3ce1e4b5f81d47b60cb8448b9568ea2c4b8419f8e4906ab9070efd4
Opcode Fuzzy Hash: db690062dae02864a41659f9ee2644ab4d28801eb9f0055f952328f69e3bb533
Instruction Fuzzy Hash: EAB15534A24255CFF758CB68C994FAABBB6AB44700F1085FA98199B2E1CB349E54CF11

Function 08E4DD98 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3affc6958f2198fdb678e5be2419d8e6279f85dfb0615ae2256b57c90457e1b
Instruction ID: 2d68e1c99e445f36a2f1e03a283ee11b0a300952d20ebaaee3f00a18071c23ce
Opcode Fuzzy Hash: b3affc6958f2198fdb678e5be2419d8e6279f85dfb0615ae2256b57c90457e1b
Instruction Fuzzy Hash: 17A11471D41208CFDB11CFA8D9406EEBBB2BF89304F20A16AD415BB260DB749986CF90

Function 0B009449 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb0da2a59923d2ea2afd2c20a272b01289cc7a9d7e3f1ff73f6a0bc658aaa6db
Instruction ID: 07daee3dc5b174e254e7517737198e80cfc3db64fd2797cd0d1f54fa0706909a
Opcode Fuzzy Hash: eb0da2a59923d2ea2afd2c20a272b01289cc7a9d7e3f1ff73f6a0bc658aaa6db
Instruction Fuzzy Hash: A5A14434A24215CFF758CB68C995FAABBB6AB44700F1084FA98199B3E1CB359E54CF11

Function 08E44288 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 233309a4b2dd4dd69981e48434b7d142423d1f1d24606135b04cde5991b5761e
Instruction ID: 65e8d6125c1893d2ccc10b9f03e49ee894dd71bbc16b43833c8c1887054b97cb
Opcode Fuzzy Hash: 233309a4b2dd4dd69981e48434b7d142423d1f1d24606135b04cde5991b5761e
Instruction Fuzzy Hash: 38911832B01201DFD305DB34D945B69BB62FF84709F01A17AD50A9F2E5DB79E812CB81

Function 08E43338 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd184d94984c528941be77fac99e3f0a0820e9e2fdd624d309cf5dcbbfc46d91
Instruction ID: 26eb50ef4a13977e46b49f9f438818660dfd0b1c8ec752e3e949bafa14a0c565
Opcode Fuzzy Hash: dd184d94984c528941be77fac99e3f0a0820e9e2fdd624d309cf5dcbbfc46d91
Instruction Fuzzy Hash: 6E911A32700201DFD305DB34D944B6AB762FF84709F05A57AD50A9F2E5D779E812CB81

Function 0B00973F Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5986ccd8f5b496c67415fff4ea29787f915bde831bc8bfe9baf91550868eef26
Instruction ID: 67335a131c78036391ced358de7bd1fb92de1e92a027580a0ae9d8ca1055cd8c
Opcode Fuzzy Hash: 5986ccd8f5b496c67415fff4ea29787f915bde831bc8bfe9baf91550868eef26
Instruction Fuzzy Hash: 6AA12334A24215CFF758CF68C995FAEBBB6EB44700F1084BA98199B2E1CB35DA54CF11

Function 0B0034B0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9068ebc8a8e7409d0f856e010872924a81e39cf1dc2a64abf7917ac8c7ad7f7
Instruction ID: 37cdf875d40d35527ce045cf7c6fd0b688dee642ac6655391245b42a6eb524f2
Opcode Fuzzy Hash: c9068ebc8a8e7409d0f856e010872924a81e39cf1dc2a64abf7917ac8c7ad7f7
Instruction Fuzzy Hash: 37817135D14B0A9BEB56CE6CC8416DEF7B1FF8D700F148626D8157B390DB74AA808B94

Function 0B00349F Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c7ea4cabc9bd76dad37790620beda93e6f277f2402748c58ce39236f6636de8
Instruction ID: 74cda1caf091e532b3e15991789adbb2dadf10010d885541bdc651289b17e759
Opcode Fuzzy Hash: 1c7ea4cabc9bd76dad37790620beda93e6f277f2402748c58ce39236f6636de8
Instruction Fuzzy Hash: 1181A435D24B09DAEB1ACE6CC8412DEF7B1FF89300F14C63AD8557B291DB74A6848B94

Function 03C71FC8 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84f49870cb8995035cff817ea2678921557ce930d3447ea6a48c58679294d846
Instruction ID: 91c0b747236504f6bb10f5d7b526fc26d82e0892d224eb265c10698ed76b8c8a
Opcode Fuzzy Hash: 84f49870cb8995035cff817ea2678921557ce930d3447ea6a48c58679294d846
Instruction Fuzzy Hash: 75810974E052698FDB64CF6AC94079AFBF2AF89310F04D4EAD548EB214D7709A81CF51

Function 03C71FB9 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac4a0904da6dc8bf34082647be6789848f841c7a298b3dffa754862564a030e0
Instruction ID: 667ed5187f2e34c9db54954e422fb9bd7f3ae478178bbd0dadf1da7793f33b19
Opcode Fuzzy Hash: ac4a0904da6dc8bf34082647be6789848f841c7a298b3dffa754862564a030e0
Instruction Fuzzy Hash: 17810874E052698FDB68CF6AC94078AFBF2AF89310F04D4EAD548EB214D7709A85CF51

Function 08ECE1C0 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306373146.0000000008EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8ec0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5104bb2f79c4e424c13f7fa525ec721d747a90f57720e0a85c9545faf945c43e
Instruction ID: 89798d08fecb28a0beb4168931afd6310df0706e457d51a37e784b7e669ce593
Opcode Fuzzy Hash: 5104bb2f79c4e424c13f7fa525ec721d747a90f57720e0a85c9545faf945c43e
Instruction Fuzzy Hash: 0B51C876F042168FC7489E38D68061AB7A2BBC4205710E87EC819DF396DA35DD46CBD1

Function 0B00C7F1 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdf069ce90e89714f57ad1cc502cd44aac98a457b96ffaa3ab5d63db52b4f9f0
Instruction ID: 612a73b1acc29378d03e9bfaee43fcecfe439ce8761759fe2022d73d061facfc
Opcode Fuzzy Hash: cdf069ce90e89714f57ad1cc502cd44aac98a457b96ffaa3ab5d63db52b4f9f0
Instruction Fuzzy Hash: BC61BE31E25019EBEB18CEA5E9846AEBF72FBC4700F618665D441B61C4CB348A76CB85

Function 0B00C800 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2311894494.000000000B000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b000000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0682119850db3e9ffdf96c76e2c4b666dcd5880a0e386f28f029dc2a374e7349
Instruction ID: 2ab1e329b44bf9c3f0cade85c1fa855abf99e410ff8cd87017348e701d709141
Opcode Fuzzy Hash: 0682119850db3e9ffdf96c76e2c4b666dcd5880a0e386f28f029dc2a374e7349
Instruction Fuzzy Hash: 1E61C031E25019DBFB18CFA5E9842ADBF72FBC4300F618566D451B62C4CB348A76CB85

Function 08568AB8 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b9fb54153e65de9c7f3d4a74ce800f7954e61c10309b3b9ec9e32e50e32f538
Instruction ID: b5496c089a6bb7733bdf574edbb5e15f9fd6cba783ab9a7763ff89c747eb3d7b
Opcode Fuzzy Hash: 4b9fb54153e65de9c7f3d4a74ce800f7954e61c10309b3b9ec9e32e50e32f538
Instruction Fuzzy Hash: 24515971E16609EFCB04DFA9E98089EFBF2FF89311F248929E445B7214D7309951CB41

Function 08568AA8 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88821b3f926a334e1853c2138b45cb1ddee857ed10a4544b95ad8470e8e077c7
Instruction ID: 33ef3bc4bd8a58f3503d5805ef43564f6af7831240a47db6fbf9b07f3a4a39f3
Opcode Fuzzy Hash: 88821b3f926a334e1853c2138b45cb1ddee857ed10a4544b95ad8470e8e077c7
Instruction Fuzzy Hash: 4B517B70E16609EFCB04DFA8E98089EFBF2FF89310F248569E445AB314D7309951CB01

Function 0856F3D2 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22d55975f2cce248052d26074e4cdb5c3845201cbc85b4d6ce01fbfd56761000
Instruction ID: 4070d107dd37e8c9bc867f4aa4213b8f5aab6938b8e098cbe211047b4a578d8d
Opcode Fuzzy Hash: 22d55975f2cce248052d26074e4cdb5c3845201cbc85b4d6ce01fbfd56761000
Instruction Fuzzy Hash: 7551F874E0521A9FCF04CFA9E8819EEBBF2BF88312F14942AE425BB314D7309951CB50

Function 03C798C5 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48a70a1855ad0b59bbfe0c10c690bc109e021b0e27dfd257014f8cd5fe3e0c21
Instruction ID: 79d44e8fa3706f2c2d0766d5002db9609c298553e7921c2e915eacb8da163de3
Opcode Fuzzy Hash: 48a70a1855ad0b59bbfe0c10c690bc109e021b0e27dfd257014f8cd5fe3e0c21
Instruction Fuzzy Hash: F5511EB0D012189FDB14CFA9C884BDEFBB1BB49314F14912AE819EB395DB749885CF85

Function 03C78F58 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54a63242ea8c226f35cbbba456ad027afc73abbcd6b2c8790584b9c2292b126b
Instruction ID: bf0ccb0a3b5b7c272e80cf18a8a8bc13d0012e65a6ae8f08fa31dbedfb27d996
Opcode Fuzzy Hash: 54a63242ea8c226f35cbbba456ad027afc73abbcd6b2c8790584b9c2292b126b
Instruction Fuzzy Hash: 0051FFB0D012188FDB14CFA9C885B9DFBB1FB49314F14912AE819EB394DB749945CF85

Function 08530F70 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300069464.0000000008530000.00000040.00000800.00020000.00000000.sdmp, Offset: 08530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8530000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4280b104c187a37fc7ddb8f6ce8ab42272aeb881145443e86d748f505032087d
Instruction ID: 47e68379d6ddd56cca0bbb934707939f3b090db843beb59db41015b0f640ab0a
Opcode Fuzzy Hash: 4280b104c187a37fc7ddb8f6ce8ab42272aeb881145443e86d748f505032087d
Instruction Fuzzy Hash: 60513A71E062599FDB04CFA9D9807DEBBB2BF89310F2491AAE048AB285D7745A45CF40

Function 08568B69 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b6894e173fced2ae1ea54e3d6ded4e512c61e05c9818d48af304c4dcb0bde9
Instruction ID: 565606c7537229f0d10684cb6085cf6b4ea229dadab6a76674761c85ade6228c
Opcode Fuzzy Hash: b2b6894e173fced2ae1ea54e3d6ded4e512c61e05c9818d48af304c4dcb0bde9
Instruction Fuzzy Hash: B5514774E12509EFCB04DFA8E98489EFBF2FF88311F248A29E445B7364D730A951CA45

Function 08568BA9 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86ab06db2cf578149bf6b1511481a00cd0a146283d8d4f4313f8cc6f761f09d9
Instruction ID: 6302bfa0fae14637529ea92692705c9ced31046c16456dcf36989d443ef7a4e0
Opcode Fuzzy Hash: 86ab06db2cf578149bf6b1511481a00cd0a146283d8d4f4313f8cc6f761f09d9
Instruction Fuzzy Hash: 11513A74E16609EFCB04DFE8E58189DFBF2BF89311F248A29E045AB364D734A951CB05

Function 08EFC5B0 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306562425.0000000008EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8ee0000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9848ef4f0f6797a2b2c8a32a9a3ce5de5c4f06e681c9c40263c3cc5e383a08d2
Instruction ID: d0f8b8033ec8f94e4b5c1c7d8e19bb49970e522523430c3894db0883a1b3bdc5
Opcode Fuzzy Hash: 9848ef4f0f6797a2b2c8a32a9a3ce5de5c4f06e681c9c40263c3cc5e383a08d2
Instruction Fuzzy Hash: B751CD71914218DBDB00CF68D8847CEFBB2FF88309F249569D805AB392D3B6A946CB54

Function 08568B45 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfb3e3d43b523596cb57a51ebf8f8009268798a80b38e4322856062952f6fd65
Instruction ID: c7804e9fbe5b0c9353e4b7b2e4efe5bb2cac5c035311d572285ad0f0388d368b
Opcode Fuzzy Hash: bfb3e3d43b523596cb57a51ebf8f8009268798a80b38e4322856062952f6fd65
Instruction Fuzzy Hash: 31413774E16509EFCB05DFE8E98189EFBF2BF89311F248A69E045B7324D730A951CA05

Function 08568BEA Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0de173167d58ee07f70ec0ac2c69b10eb6081786bf67304688284101d2c419de
Instruction ID: 7fd15fd2fe33a10bac9a5265617bde1022de67e350d80ba3fa53c50609e0480a
Opcode Fuzzy Hash: 0de173167d58ee07f70ec0ac2c69b10eb6081786bf67304688284101d2c419de
Instruction Fuzzy Hash: C7414B74E16509EFCB05DFA8E5818ADFBF2FF88311F248A69E045A7324D730A951CA05

Function 0856A858 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36f842021622e6b5526ed3b79295dbea6e82915ced32c9410c3e6a2e5368024c
Instruction ID: 7b71e28ab45810c2d5ca207f258af813069a5be6d412ec031b3e544a417e8ea5
Opcode Fuzzy Hash: 36f842021622e6b5526ed3b79295dbea6e82915ced32c9410c3e6a2e5368024c
Instruction Fuzzy Hash: 16419AB5D01258DFDB10CFA9D884AEEFBF1BB49310F24902AE818BB250D374A985CF54

Function 08568C6F Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9307c1262e373f6453fdf9a4d1a4e50f17e436e0880e316e88ff1c57fdec6124
Instruction ID: 24d9ebfd8a90f4a9a6f037ede99700ba1f0671dbfb59d8d4be680d86031dd5d6
Opcode Fuzzy Hash: 9307c1262e373f6453fdf9a4d1a4e50f17e436e0880e316e88ff1c57fdec6124
Instruction Fuzzy Hash: B1416B74E16509EFCB05DFA8E58089DFBF2FF89311F248A69E045B7364D730A951CA05

Function 08568EB5 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acc7e2f272f7deb861c11b9a0ed07828a9d38189a6641a0f7fe8d379c1a0cd9a
Instruction ID: f65aeed2a3c22cad8355c9834076aef6f7e245d38b98bc1e627fb74ef9445911
Opcode Fuzzy Hash: acc7e2f272f7deb861c11b9a0ed07828a9d38189a6641a0f7fe8d379c1a0cd9a
Instruction Fuzzy Hash: C4415A74E16509EFCB05DFA8E9808ADFBF2FF89311F248A69E445B7324D730A951CA05

Function 0856A860 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 177ec157f26646776c110fc0ad392d7f68f53ab5f84ba3653644f7c55e78966a
Instruction ID: fb154de1c96896a51db837b1c8115a7080a18983e519e280efb64284b16bd927
Opcode Fuzzy Hash: 177ec157f26646776c110fc0ad392d7f68f53ab5f84ba3653644f7c55e78966a
Instruction Fuzzy Hash: 794179B5D01258DFCB10CFA9D484AEEFBF1BB49310F24902AE418BB250D374A985CF54

Function 08568D24 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25bc04e83a856de00a2c7a25cf928dc629e30c5926fac9d5a5cea93692fd9c90
Instruction ID: c9777cf53717408ccdebf1f0815fbc224185a6be18f8b667db66139e33cffe56
Opcode Fuzzy Hash: 25bc04e83a856de00a2c7a25cf928dc629e30c5926fac9d5a5cea93692fd9c90
Instruction Fuzzy Hash: CC413874E16509EFCB05DFA8E5818AEFBF2FF89311F248A69E045A7324D730A951CA05

Function 08568E36 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e4358a91e2572298257bc205a4fcc3a7421f5d040880d7283850c478fc4825a
Instruction ID: 2521f558ebf77c7201e7b1998d24ea0a2bd4bc5be462e9c0c924aac891a5e11d
Opcode Fuzzy Hash: 1e4358a91e2572298257bc205a4fcc3a7421f5d040880d7283850c478fc4825a
Instruction Fuzzy Hash: 02413874E16509EFCB05DFA8E5818AEFBF2FF89311F248A69E045A7324D730A951CA05

Function 08E4F270 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d011984a77855856093167bf49394b295f75bd485c78aa51add64f674b564dd
Instruction ID: dd9f761ea4c33eb4d44c681933afd8562efe7d1bbde488f2fb84e4b19283bd38
Opcode Fuzzy Hash: 8d011984a77855856093167bf49394b295f75bd485c78aa51add64f674b564dd
Instruction Fuzzy Hash: 38419AB5D013589FCB10CFAAD984A9EFBF5BB49704F20902AE408BB250DB349945CF54

Function 08E4F448 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92030796f5fad0657cddd0be6629a90ca0e8d2ce7a1af44a75580ac471d4d057
Instruction ID: d714efa50dfb2dc8a880e9c7a5b9ee313b320c947a477170055e994fd90ca0af
Opcode Fuzzy Hash: 92030796f5fad0657cddd0be6629a90ca0e8d2ce7a1af44a75580ac471d4d057
Instruction Fuzzy Hash: 4441A9B5D013589FCB10DFA9D984ADEFBF5BB09704F20A02AE408BB250DB34A985CF54

Function 08E4D360 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b1c3eb5d9384d07cc9b2098096caf968e7bd3ccdd2d5300463e1ad56c2b5173
Instruction ID: b3234875319022049c51caeeee315f7ee3b8bae1c433d5208fc1113fd6c8732b
Opcode Fuzzy Hash: 0b1c3eb5d9384d07cc9b2098096caf968e7bd3ccdd2d5300463e1ad56c2b5173
Instruction Fuzzy Hash: 3941BEB5D012089FDB10DFEAD984ADEFBF5AF49304F20A42AE408BB250C774A985CF54

Function 0856DEA0 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1dab80d89993b94efa7c264eb239e876b29b2cee03fe81f85f401e3ecd03ffa
Instruction ID: f29ab7e4a411800967d64ea95420451e26e21b674177f669da0b093f467e1969
Opcode Fuzzy Hash: f1dab80d89993b94efa7c264eb239e876b29b2cee03fe81f85f401e3ecd03ffa
Instruction Fuzzy Hash: 924105B0E0420A9FCB44CFA9D8815AEFBF2FF89311F1499AAD415EB354E7349A518F50

Function 0856B24C Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2300175296.0000000008560000.00000040.00000800.00020000.00000000.sdmp, Offset: 08560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8560000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45b6e316e5e350fa0f5d7d446e34585a57e587432fa29e32f2d6f23566d8894d
Instruction ID: 81aba725b1d772bc17d5dae6532c7a985e0594e156ea8f65ccdffeeb13b071dd
Opcode Fuzzy Hash: 45b6e316e5e350fa0f5d7d446e34585a57e587432fa29e32f2d6f23566d8894d
Instruction Fuzzy Hash: FA41E2B0E0420A9FCB44CFAAD5819AEFBF2FF88311F14996AD415EB314E7349A518F54

Function 08E491C0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92f374c882c5f134e32abdf2a7a3484149a47fc5d65bb3476e5dee3eabfb84fc
Instruction ID: a6f0cc9dab2f074c8ba1898cade896dd54089e701cf0eaf3e87617ebbaf4549f
Opcode Fuzzy Hash: 92f374c882c5f134e32abdf2a7a3484149a47fc5d65bb3476e5dee3eabfb84fc
Instruction Fuzzy Hash: D031ACB5D052489FCB14DFEAE584ADEFFF5AB49304F20A02AE408BB261D7349945CF58

Function 08E4991E Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d3c3ab3baaac6fc6f41bf7feed473cf40e4316dd3c89f442b42dfbb758c856a
Instruction ID: e189149abc8ac62388eb758a7e15ba9250769935d6b04ca416c994c851a21154
Opcode Fuzzy Hash: 3d3c3ab3baaac6fc6f41bf7feed473cf40e4316dd3c89f442b42dfbb758c856a
Instruction Fuzzy Hash: E931EEB5D00209DFDB14CFAAD580AEEBBF1BF88310F20A16AD414B7260D7745942CF94

Function 08E49928 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2306181080.0000000008E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e40000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a383e1717888943f6fa5e8d7f6f383de0f6d62a9773fdf5d95a44db62f83f66f
Instruction ID: 645fd3bb933305db00c39205761772bdf49ab9dd98e1e54f56f8f662bdb1f673
Opcode Fuzzy Hash: a383e1717888943f6fa5e8d7f6f383de0f6d62a9773fdf5d95a44db62f83f66f
Instruction Fuzzy Hash: 3A31EFB4D00209DFDB14DFAAD480AEEBBF1BF88310F20A16AD414B7260E7745942CF94

Function 07C90CD0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3344940e11f3b49d92330a8f821ab47fe541ac03b2dc3cbcb5768780dd0335e9
Instruction ID: 42003266050d3cda5cb67ac3ec31dacc5b86dccb9167897e0d428104546f7008
Opcode Fuzzy Hash: 3344940e11f3b49d92330a8f821ab47fe541ac03b2dc3cbcb5768780dd0335e9
Instruction Fuzzy Hash: F4315DB5D05209EFCB54CFA9D484AAEBBF1BB49310F24A169E814B7350D734AA81CF94

Function 07C90CD5 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2292825026.0000000007C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7c90000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8aa544349527ee2206682e4ca51d48f900af02383af1a066a51e7b763e24abc
Instruction ID: c38fcb4ee22aea6df81357ec1083e4da450a7e41f9748bbb21fbbf6f00e7415f
Opcode Fuzzy Hash: e8aa544349527ee2206682e4ca51d48f900af02383af1a066a51e7b763e24abc
Instruction Fuzzy Hash: FD215DB5D05209DFCB54CFA9D484AADBBF1BB49310F24A169E814B7350D3349A81CF54

Function 03C70870 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265523399.0000000003C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c70000_Titan.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 452e2f1d98b46f17ee7b386ae887c5613f706f5f09a9c75399048bcc99b91a6e
Instruction ID: 2fa6d9c8e46fc484b764d2ea14c503c088e1eece0fa957d7291dcd03701632aa
Opcode Fuzzy Hash: 452e2f1d98b46f17ee7b386ae887c5613f706f5f09a9c75399048bcc99b91a6e
Instruction Fuzzy Hash: F821AC71E046189BEB18CF6B98515DDFBF7AFC9310F14C17AD819A7255EB7005418F40

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Titan.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Titan.exe_8cb473512a7e91fa42a4426884a73d12e15a229_bfbfc816_de6b77fe-1066-466c-878f-452d294bd539\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6B2C.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D6F.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D8F.tmp.xml

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\iphoneos

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\libirecovery-1.0.3.dll (copy)

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\plutil (copy)

C:\Users\user\AppData\Local\Temp\TitanTmp\ref\ut.plist (copy)

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\libirecovery-1.0.3.dll

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\plutil

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\ref\ut.plist

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\iproxy.exe

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\libusb-1.0.dll

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\plist.dll

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x64\usbmuxd.dll

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\iproxy.exe

C:\Users\user\AppData\Local\Temp\TitanTmp\tempExtract\x86\libusb-1.0.dll

Windows Analysis Report
Titan.exe

Function 07C91A1C Relevance: 6.9, Strings: 5, Instructions: 623
COMMON

Function 0856D788 Relevance: 4.1, Strings: 3, Instructions: 366
COMMON

Function 03C70941 Relevance: 2.9, Strings: 2, Instructions: 375
COMMON

Function 03C79348 Relevance: 2.8, Strings: 2, Instructions: 287
COMMON

Function 08563DE8 Relevance: 2.7, Strings: 2, Instructions: 219
COMMON

Function 08563DF8 Relevance: 2.7, Strings: 2, Instructions: 216
COMMON