Edit tour

Windows Analysis Report
lumma1.exe

Overview

General Information

Sample name:	lumma1.exe
Analysis ID:	1590713
MD5:	5bf1ccb4980c012906a529f976215f0c
SHA1:	28bde4f1f7d89ff6e4ce11fdb4452f7e1b962d74
SHA256:	db30f5d6ace75cc3f361542ef9296dfa9a9020c71943655838ee4d1ea12f8a64
Tags:	exeuser-threatcat_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

lumma1.exe (PID: 7544 cmdline: "C:\Users\user\Desktop\lumma1.exe" MD5: 5BF1CCB4980C012906A529F976215F0C)

lumma1.exe (PID: 7576 cmdline: "C:\Users\user\Desktop\lumma1.exe" MD5: 5BF1CCB4980C012906A529F976215F0C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["fraggielek.biz", "spookycappy.biz", "marketlumpe.biz", "truculengisau.biz", "punishzement.biz", "littlenotii.biz", "nuttyshopr.biz", "grandiouseziu.biz", "getflashygai.shop"], "Build id": "yJEcaG--singl5"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1715535738.0000000005550000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: lumma1.exe PID: 7544	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: lumma1.exe PID: 7544	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.lumma1.exe.5550000.5.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.lumma1.exe.5550000.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T14:19:01.469549+0100	2028371	3	Unknown Traffic	192.168.2.4	49730	104.102.49.254	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fraggielek .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T14:19:00.559101+0100	2059133	1	Domain Observed Used for C2 Detected	192.168.2.4	57592	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grandiouseziu .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T14:19:00.575885+0100	2059135	1	Domain Observed Used for C2 Detected	192.168.2.4	50784	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (littlenotii .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T14:19:00.593135+0100	2059137	1	Domain Observed Used for C2 Detected	192.168.2.4	53387	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (marketlumpe .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T14:19:00.609649+0100	2059141	1	Domain Observed Used for C2 Detected	192.168.2.4	53293	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nuttyshopr .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T14:19:00.650397+0100	2059143	1	Domain Observed Used for C2 Detected	192.168.2.4	52281	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (punishzement .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T14:19:00.753369+0100	2059145	1	Domain Observed Used for C2 Detected	192.168.2.4	59191	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spookycappy .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T14:19:00.764391+0100	2059151	1	Domain Observed Used for C2 Detected	192.168.2.4	49491	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (truculengisau .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T14:19:00.776705+0100	2059153	1	Domain Observed Used for C2 Detected	192.168.2.4	54581	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T14:19:02.342211+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49730	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: lumma1.exe

Avira: detected

Antivirus detection for URL or domain

Source: getflashygai.shop

Avira URL Cloud: Label: malware

Found malware configuration

Source: 1.2.lumma1.exe.570000.0.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["fraggielek.biz", "spookycappy.biz", "marketlumpe.biz", "truculengisau.biz", "punishzement.biz", "littlenotii.biz", "nuttyshopr.biz", "grandiouseziu.biz", "getflashygai.shop"], "Build id": "yJEcaG--singl5"}

Multi AV Scanner detection for submitted file

Source: lumma1.exe	Virustotal: Detection: 50%			Perma Link
Source: lumma1.exe	ReversingLabs: Detection: 75%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for sample

Source: lumma1.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: truculengisau.biz
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: spookycappy.biz
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: punishzement.biz
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: nuttyshopr.biz
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: marketlumpe.biz
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: littlenotii.biz
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: grandiouseziu.biz
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: fraggielek.biz
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: getflashygai.shop
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String decryptor: yJEcaG--singl5

Source: lumma1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: lumma1.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: lumma1.exe, 00000000.00000002.1711676931.0000000003AA9000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.0000000003A04000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1716923615.00000000056E0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: lumma1.exe, 00000000.00000002.1711676931.0000000003AA9000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.0000000003A04000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1716923615.00000000056E0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_053FD220
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp 0562EE6Ah	0_2_0562EAA8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp 0562F42Fh	0_2_0562F178
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp 0562F42Fh	0_2_0562F200
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp 0562F42Fh	0_2_0562F210
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp 0562EE6Ah	0_2_0562EA98
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp 05641222h	0_2_05641100
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp 05641222h	0_2_056411E2
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp 05641222h	0_2_056410F1
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp 05641222h	0_2_056413F5
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp 056D7120h	0_2_056D7068
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp 056D7120h	0_2_056D7061
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+edx+05CAF138h]	1_2_0057BA29
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov esi, edx	1_2_00578740
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then cmp word ptr [eax+ebx+02h], 0000h	1_2_00599871
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov ecx, eax	1_2_0059A810
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov byte ptr [ebx], cl	1_2_0059E002
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov byte ptr [ebx], cl	1_2_0059E002
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then jmp eax	1_2_005988BA
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx esi, byte ptr [edx]	1_2_00572940
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx eax, byte ptr [esp+edx+0Eh]	1_2_0057A910
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov dword ptr [esi+04h], eax	1_2_005861DF
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+esi+63115D0Dh]	1_2_005951E8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+32DBB3B0h]	1_2_00597A50
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then push dword ptr [esp+28h]	1_2_00596A00
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	1_2_005A8AF0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov word ptr [ebx], cx	1_2_0058AA90
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov word ptr [esi], cx	1_2_0058AA90
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then lea eax, dword ptr [eax+eax*4]	1_2_005782A0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then push 00000000h	1_2_0057CB44
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov ecx, eax	1_2_00590B10
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then push eax	1_2_005B0310
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+2564CAB9h]	1_2_005AEB00
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov eax, dword ptr [005B8B08h]	1_2_005973A0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+1Ch]	1_2_005973A0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then lea eax, dword ptr [esp+50h]	1_2_005973A0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx ecx, byte ptr [ebx+eax]	1_2_00587451
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx ebx, byte ptr [eax+edx]	1_2_0058DC40
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7E3E42A0h	1_2_005AC410
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then push esi	1_2_005AC410
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	1_2_00577400
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	1_2_00577400
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	1_2_0059B430
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_0059D420
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h	1_2_00585C25
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then add ebp, edi	1_2_00578CD0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov word ptr [edi], cx	1_2_00596D70
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov byte ptr [edx], cl	1_2_0059DD30
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx ecx, byte ptr [edi+eax]	1_2_0059E5C2
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov dword ptr [esi+04h], eax	1_2_005865EE
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	1_2_00585590
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov edx, ecx	1_2_005795A0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 53585096h	1_2_00583E50
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov dword ptr [esi+04h], eax	1_2_00585E42
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_00593E44
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h	1_2_0057DE72
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 01FCE602h	1_2_005AEE10
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+79h]	1_2_00595E00
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+esi+63115D0Dh]	1_2_00595E00
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_00578EB0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	1_2_0058DEB0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+48h]	1_2_0058F710
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then movzx edi, byte ptr [esp+eax-000000DEh]	1_2_0058F710
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_0059E7EB
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 0EF2A4EDh	1_2_005B27E0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 13884179h	1_2_0057DFEA
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_0059F799
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_0059DFAF

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2059137 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (littlenotii .biz) : 192.168.2.4:53387 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059145 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (punishzement .biz) : 192.168.2.4:59191 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059141 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (marketlumpe .biz) : 192.168.2.4:53293 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059133 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fraggielek .biz) : 192.168.2.4:57592 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059151 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spookycappy .biz) : 192.168.2.4:49491 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059143 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nuttyshopr .biz) : 192.168.2.4:52281 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059153 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (truculengisau .biz) : 192.168.2.4:54581 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059135 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grandiouseziu .biz) : 192.168.2.4:50784 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: fraggielek.biz
Source: Malware configuration extractor	URLs: spookycappy.biz
Source: Malware configuration extractor	URLs: marketlumpe.biz
Source: Malware configuration extractor	URLs: truculengisau.biz
Source: Malware configuration extractor	URLs: punishzement.biz
Source: Malware configuration extractor	URLs: littlenotii.biz
Source: Malware configuration extractor	URLs: nuttyshopr.biz
Source: Malware configuration extractor	URLs: grandiouseziu.biz
Source: Malware configuration extractor	URLs: getflashygai.shop

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic

Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.102.49.254:443

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' equals www.youtube.com (Youtube)
Source: lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: getflashygai.shop
Source: global traffic	DNS traffic detected: DNS query: fraggielek.biz
Source: global traffic	DNS traffic detected: DNS query: grandiouseziu.biz
Source: global traffic	DNS traffic detected: DNS query: littlenotii.biz
Source: global traffic	DNS traffic detected: DNS query: marketlumpe.biz
Source: global traffic	DNS traffic detected: DNS query: nuttyshopr.biz
Source: global traffic	DNS traffic detected: DNS query: punishzement.biz
Source: global traffic	DNS traffic detected: DNS query: spookycappy.biz
Source: global traffic	DNS traffic detected: DNS query: truculengisau.biz
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: lumma1.exe, 00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: lumma1.exe, 00000001.00000002.1710333356.0000000000947000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=SCXpgixTDzt4&a
Source: lumma1.exe, 00000001.00000002.1710333356.0000000000947000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=BFN_
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: lumma1.exe, 00000001.00000002.1710420626.000000000095D000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: lumma1.exe, 00000001.00000002.1710420626.0000000000969000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710420626.000000000095D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: C:\Users\user\Desktop\lumma1.exe

Code function: 1_2_005A63E0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

1_2_005A63E0

Source: C:\Users\user\Desktop\lumma1.exe

Code function: 1_2_005A63E0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

1_2_005A63E0

Source: C:\Users\user\Desktop\lumma1.exe

Code function: 1_2_005A6590 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

1_2_005A6590

Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_056DC510 NtResumeThread,	0_2_056DC510
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_056D8CB0 NtProtectVirtualMemory,	0_2_056D8CB0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_056DC509 NtResumeThread,	0_2_056DC509
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_056D8CAB NtProtectVirtualMemory,	0_2_056D8CAB

Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_010A8780	0_2_010A8780
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_010AC6B3	0_2_010AC6B3
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_010AAD40	0_2_010AAD40
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_010A4640	0_2_010A4640
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_010A4650	0_2_010A4650
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_010A4FE0	0_2_010A4FE0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_010A4EAD	0_2_010A4EAD
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_04F32EA8	0_2_04F32EA8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_04F32E8C	0_2_04F32E8C
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05332478	0_2_05332478
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05332467	0_2_05332467
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053389E0	0_2_053389E0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053389D0	0_2_053389D0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_0533001A	0_2_0533001A
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05330040	0_2_05330040
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05339098	0_2_05339098
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053DECB8	0_2_053DECB8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053DC745	0_2_053DC745
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053D32EF	0_2_053D32EF
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053D2E78	0_2_053D2E78
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053D2E88	0_2_053D2E88
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053D09B8	0_2_053D09B8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053D8188	0_2_053D8188
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053D09C8	0_2_053D09C8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053D18F8	0_2_053D18F8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053D18EE	0_2_053D18EE
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053FF220	0_2_053FF220
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053F001A	0_2_053F001A
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053F0040	0_2_053F0040
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_0562B8B8	0_2_0562B8B8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_056377C8	0_2_056377C8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05631605	0_2_05631605
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05639990	0_2_05639990
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_0563DA50	0_2_0563DA50
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_056377B8	0_2_056377B8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_0563A6C8	0_2_0563A6C8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_0563A6B9	0_2_0563A6B9
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_0563F04A	0_2_0563F04A
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_0563DD77	0_2_0563DD77
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05639980	0_2_05639980
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05643C68	0_2_05643C68
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05643C62	0_2_05643C62
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05645CC0	0_2_05645CC0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05645CB0	0_2_05645CB0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_056D5558	0_2_056D5558
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_056D5548	0_2_056D5548
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_057FFCB8	0_2_057FFCB8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_057E0040	0_2_057E0040
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_057E0031	0_2_057E0031
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B0A0D	1_2_005B0A0D
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0057AE60	1_2_0057AE60
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00578740	1_2_00578740
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005A0050	1_2_005A0050
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00581078	1_2_00581078
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0059A810	1_2_0059A810
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005A3810	1_2_005A3810
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005970D0	1_2_005970D0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005758E0	1_2_005758E0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0059D893	1_2_0059D893
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005988BA	1_2_005988BA
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005848B0	1_2_005848B0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005A6140	1_2_005A6140
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00585975	1_2_00585975
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0057A910	1_2_0057A910
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B1910	1_2_005B1910
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005A912C	1_2_005A912C
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00573920	1_2_00573920
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005861DF	1_2_005861DF
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005791C0	1_2_005791C0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005A11E6	1_2_005A11E6
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00576190	1_2_00576190
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0059F195	1_2_0059F195
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005A2188	1_2_005A2188
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B21B0	1_2_005B21B0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0058E250	1_2_0058E250
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00597A50	1_2_00597A50
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0058B200	1_2_0058B200
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005742D0	1_2_005742D0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0058BAD0	1_2_0058BAD0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005A3AD0	1_2_005A3AD0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0058AA90	1_2_0058AA90
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B2A90	1_2_005B2A90
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B1A94	1_2_005B1A94
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005A1A88	1_2_005A1A88
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B12B1	1_2_005B12B1
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005782A0	1_2_005782A0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0058CAA0	1_2_0058CAA0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005ACAA7	1_2_005ACAA7
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B1B40	1_2_005B1B40
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0058C370	1_2_0058C370
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00590B10	1_2_00590B10
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00572B20	1_2_00572B20
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00581B20	1_2_00581B20
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B1BD0	1_2_005B1BD0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0059ABC0	1_2_0059ABC0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005973A0	1_2_005973A0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00587451	1_2_00587451
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00590440	1_2_00590440
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005AAC40	1_2_005AAC40
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00580446	1_2_00580446
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00589470	1_2_00589470
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B2460	1_2_005B2460
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B1C60	1_2_005B1C60
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005AC410	1_2_005AC410
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00577400	1_2_00577400
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00574C00	1_2_00574C00
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005A9CD8	1_2_005A9CD8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B0CD8	1_2_005B0CD8
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0059ECD0	1_2_0059ECD0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00584C9C	1_2_00584C9C
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0057E4B0	1_2_0057E4B0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0059CCA0	1_2_0059CCA0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00596D70	1_2_00596D70
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00598D76	1_2_00598D76
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00592D17	1_2_00592D17
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005945C0	1_2_005945C0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005865EE	1_2_005865EE
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B2DE0	1_2_005B2DE0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00585590	1_2_00585590
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005795A0	1_2_005795A0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00583E50	1_2_00583E50
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00585E42	1_2_00585E42
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00593E44	1_2_00593E44
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0058BE00	1_2_0058BE00
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00576620	1_2_00576620
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00572EF0	1_2_00572EF0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0059DEE5	1_2_0059DEE5
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0057D690	1_2_0057D690
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005AEE80	1_2_005AEE80
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005AAEA0	1_2_005AAEA0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005A974A	1_2_005A974A
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00589710	1_2_00589710
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0058F710	1_2_0058F710
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_0058C7D0	1_2_0058C7D0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B27E0	1_2_005B27E0
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_00597F8D	1_2_00597F8D
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005AB7B0	1_2_005AB7B0

Source: C:\Users\user\Desktop\lumma1.exe	Code function: String function: 00583E40 appears 128 times
Source: C:\Users\user\Desktop\lumma1.exe	Code function: String function: 00577F90 appears 52 times

Source: lumma1.exe, 00000000.00000002.1711676931.0000000003AA9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs lumma1.exe
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs lumma1.exe
Source: lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs lumma1.exe
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003A04000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs lumma1.exe
Source: lumma1.exe, 00000000.00000002.1690508787.00000000009BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs lumma1.exe
Source: lumma1.exe, 00000000.00000000.1678674565.0000000000582000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenametqmbpl.exe. vs lumma1.exe
Source: lumma1.exe, 00000000.00000002.1713607894.0000000005080000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameVhdvpi.dll" vs lumma1.exe
Source: lumma1.exe, 00000000.00000002.1716923615.00000000056E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs lumma1.exe
Source: lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs lumma1.exe
Source: lumma1.exe, 00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs lumma1.exe
Source: lumma1.exe	Binary or memory string: OriginalFilenametqmbpl.exe. vs lumma1.exe

Source: lumma1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: lumma1.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/0@10/1

Source: C:\Users\user\Desktop\lumma1.exe

Code function: 1_2_005A0050 CoCreateInstance,

1_2_005A0050

Source: C:\Users\user\Desktop\lumma1.exe

Mutant created: NULL

Source: lumma1.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: lumma1.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\lumma1.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: lumma1.exe	Virustotal: Detection: 50%
Source: lumma1.exe	ReversingLabs: Detection: 75%

Source: C:\Users\user\Desktop\lumma1.exe

File read: C:\Users\user\Desktop\lumma1.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\lumma1.exe "C:\Users\user\Desktop\lumma1.exe"
Source: C:\Users\user\Desktop\lumma1.exe	Process created: C:\Users\user\Desktop\lumma1.exe "C:\Users\user\Desktop\lumma1.exe"
Source: C:\Users\user\Desktop\lumma1.exe	Process created: C:\Users\user\Desktop\lumma1.exe "C:\Users\user\Desktop\lumma1.exe"	Jump to behavior

Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\lumma1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\lumma1.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: lumma1.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: lumma1.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: lumma1.exe

Static file information: File size 1243648 > 1048576

Source: lumma1.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x12f000

Source: lumma1.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: lumma1.exe, 00000000.00000002.1711676931.0000000003AA9000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.0000000003A04000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1716923615.00000000056E0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: lumma1.exe, 00000000.00000002.1711676931.0000000003AA9000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.0000000003A04000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1716923615.00000000056E0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.lumma1.exe.5550000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.lumma1.exe.5550000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1715535738.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: lumma1.exe PID: 7544, type: MEMORYSTR

Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05332B1A push edx; ret	0_2_05332B1B
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053DBD03 pushad ; ret	0_2_053DBD06
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053DD1AE push ebx; retf	0_2_053DD1C5
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_053F32C1 push ss; iretd	0_2_053F32C7
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_056304EC push eax; ret	0_2_056304ED
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05637398 push eax; iretd	0_2_05637399
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_0563FC5A push esp; retf	0_2_0563FC61
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_0563FC82 push esp; retf	0_2_0563FC61
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_05643C58 push eax; ret	0_2_05643C61
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 0_2_056D0F08 pushfd ; iretd	0_2_056D0F15
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005B1860 push eax; mov dword ptr [esp], 424D4C7Fh	1_2_005B1864
Source: C:\Users\user\Desktop\lumma1.exe	Code function: 1_2_005AA6F5 push esi; retf	1_2_005AA6FE

Source: lumma1.exe

Static PE information: section name: .text entropy: 7.983866658831281

Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: lumma1.exe PID: 7544, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: lumma1.exe, 00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\lumma1.exe	Memory allocated: 10A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Memory allocated: 28B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Memory allocated: 48B0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\lumma1.exe TID: 7600	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe TID: 7596	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWpO
Source: lumma1.exe, 00000001.00000002.1710333356.0000000000941000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: lumma1.exe, 00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^q:uShngxjmdhgFShngxjmdhgcAShngxjmdhgB4ShngxjmdhgDShngxjmdhgD
Source: lumma1.exe, 00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: lumma1.exe, 00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual

Source: C:\Users\user\Desktop\lumma1.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\lumma1.exe

Code function: 1_2_005B02D0 LdrInitializeThunk,

1_2_005B02D0

Source: C:\Users\user\Desktop\lumma1.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\lumma1.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\lumma1.exe

Memory written: C:\Users\user\Desktop\lumma1.exe base: 570000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: lumma1.exe, 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: truculengisau.biz
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: spookycappy.biz
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: punishzement.biz
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: nuttyshopr.biz
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: marketlumpe.biz
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: littlenotii.biz
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: grandiouseziu.biz
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: fraggielek.biz
Source: lumma1.exe, 00000000.00000002.1711676931.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: getflashygai.shop

Source: C:\Users\user\Desktop\lumma1.exe

Process created: C:\Users\user\Desktop\lumma1.exe "C:\Users\user\Desktop\lumma1.exe"

Jump to behavior

Source: C:\Users\user\Desktop\lumma1.exe	Queries volume information: C:\Users\user\Desktop\lumma1.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\lumma1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\lumma1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 PowerShell	1 DLL Side-Loading	111 Process Injection	2 Virtualization/Sandbox Evasion	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Screen Capture	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	111 Process Injection	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	2 Clipboard Data	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Deobfuscate/Decode Files or Information	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	4 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
lumma1.exe	51%	Virustotal		Browse
lumma1.exe	75%	ReversingLabs	Win32.Virus.Virut
lumma1.exe	100%	Avira	TR/Dropper.MSIL.Gen
lumma1.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
getflashygai.shop	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	false	high
littlenotii.biz	unknown	unknown	true	unknown
fraggielek.biz	unknown	unknown	true	unknown
nuttyshopr.biz	unknown	unknown	true	unknown
getflashygai.shop	unknown	unknown	true	unknown
grandiouseziu.biz	unknown	unknown	true	unknown
marketlumpe.biz	unknown	unknown	true	unknown
spookycappy.biz	unknown	unknown	true	unknown
truculengisau.biz	unknown	unknown	true	unknown
punishzement.biz	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/profiles/76561199724331900	false		high
nuttyshopr.biz	false		high
marketlumpe.biz	false		high
grandiouseziu.biz	false		high
littlenotii.biz	false		high
getflashygai.shop	true	Avira URL Cloud: malware	unknown
spookycappy.biz	false		high
truculengisau.biz	false		high
fraggielek.biz	false		high
punishzement.biz	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://player.vimeo.com	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://stackoverflow.com/q/14436606/23354	lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp	false	high
https://github.com/mgravell/protobuf-netJ	lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=BFN_	lumma1.exe, 00000001.00000002.1710333356.0000000000947000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/mgravell/protobuf-net	lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp	false	high
https://recaptcha.net	lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.gstatic.cn/recaptcha/	lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://sketchfab.com	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://lv.queniujq.cn	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://recaptcha.net/recaptcha/;	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.youtube.com/	lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
http://127.0.0.1:27060	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.youtube.com	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/mgravell/protobuf-neti	lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp	false	high
https://medal.tv	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://broadcast.st.dl.eccdnx.com	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://stackoverflow.com/q/11564914/23354;	lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp	false	high
https://stackoverflow.com/q/2152978/23354	lumma1.exe, 00000000.00000002.1711676931.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp, lumma1.exe, 00000000.00000002.1715818075.00000000055D0000.00000004.08000000.00040000.00000000.sdmp, lumma1.exe, 00000000.00000002.1711676931.00000000038D5000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.google.com/recaptcha/	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://checkout.steampowered.com/	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://help.steampowered.com/	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.steampowered.com/	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://s.ytimg.com;	lumma1.exe, 00000001.00000002.1710632071.0000000000983000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/	lumma1.exe, 00000001.00000002.1710420626.000000000095D000.00000004.00000020.00020000.00000000.sdmp, lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://login.steampowered.com/	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	lumma1.exe, 00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steam.tv/	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/;	lumma1.exe, 00000001.00000002.1710713354.0000000000990000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590713
Start date and time:	2025-01-14 14:18:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	lumma1.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@3/0@10/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 392 Number of non-executed functions: 47
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:18:59	API Interceptor	2x Sleep call for process: lumma1.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	r4xiHKy8aM.exe	Get hash	malicious	Socks5Systemz	Browse	/ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	random.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	yTRd6nkLWV.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	XhlpAnBmIk.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	k7h8uufe6Y.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	G7T8lHJWWM.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	92.255.57_2.112.ps1	Get hash	malicious	LummaC	Browse	104.102.49.254
	uo9m.exe	Get hash	malicious	LummaC	Browse	23.197.127.21
	uo9m.exe	Get hash	malicious	LummaC	Browse	23.50.98.133
	L7GNkeVm5e.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	NDWffRLk7z.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	random.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Ticketmaster #U00c2#U0156300 Cash2356899.pdf	Get hash	malicious	Unknown	Browse	184.28.88.176
	yTRd6nkLWV.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	XhlpAnBmIk.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	k7h8uufe6Y.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	G7T8lHJWWM.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	possible SPAM## Msig Insurance Europe Complete via-Sign Monday January 2025.msg	Get hash	malicious	Unknown	Browse	23.47.168.24
	92.255.57_2.112.ps1	Get hash	malicious	LummaC	Browse	104.102.49.254
	https://fsgospefx6g2.sg.larksuite.com/wiki/Y7ybwFESRiirQPkoARZlhCyVgFb?	Get hash	malicious	HTMLPhisher	Browse	2.19.126.80
	https://staemcomnunlty.com/glft/91832	Get hash	malicious	Unknown	Browse	2.19.126.91

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	VRO.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	VRO.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	e0691gXIKs.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	Y4TyDwQzbE.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	DYv2ldz5xT.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	rBFTGm5ioO.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	DYv2ldz5xT.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	rBFTGm5ioO.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	escsvc64.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	escsvc64.exe	Get hash	malicious	Unknown	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.981336421881173
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	lumma1.exe
File size:	1'243'648 bytes
MD5:	5bf1ccb4980c012906a529f976215f0c
SHA1:	28bde4f1f7d89ff6e4ce11fdb4452f7e1b962d74
SHA256:	db30f5d6ace75cc3f361542ef9296dfa9a9020c71943655838ee4d1ea12f8a64
SHA512:	a8bcdc8dfd063b17b08d8d7a358fdc70702335e41aa62b60fc590f383705867270474dd1b531e4eed7c809a06e1ec4cfd6e836930b3869d18bba6d5fbd05310a
SSDEEP:	24576:5DK84bDIbJdcig3NNSnI8AYqiWC/GEzg8jpoN0nM/FE+ptxh5vBu3dL:5IIVg3NNn8UC1lhn5+H6L
TLSH:	DC45234CF94E1720E6DF567498F520924B76A446BAAFE31E20C887702F323D1A647E5F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g............................J.... ... ....@.. .......................`............`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x530f4a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6782F1F9 [Sat Jan 11 22:34:33 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x130f00	0x4a	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x132000	0x58e	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x134000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x12ef50	0x12f000	1d81b14a6db8195605db61c6708b7197	False	0.9807088619018152	data	7.983866658831281	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x132000	0x58e	0x600	738f7cf66915340e6cd7b21ae6055d94	False	0.4212239583333333	data	4.057295203707474	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x134000	0xc	0x200	22a1e4498885eb8b9fccd03fac66ceaf	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x13205c	0x30c	data			0.42948717948717946
RT_MANIFEST	0x1323a4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-14T14:19:00.559101+0100	2059133	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fraggielek .biz)	1	192.168.2.4	57592	1.1.1.1	53	UDP
2025-01-14T14:19:00.575885+0100	2059135	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grandiouseziu .biz)	1	192.168.2.4	50784	1.1.1.1	53	UDP
2025-01-14T14:19:00.593135+0100	2059137	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (littlenotii .biz)	1	192.168.2.4	53387	1.1.1.1	53	UDP
2025-01-14T14:19:00.609649+0100	2059141	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (marketlumpe .biz)	1	192.168.2.4	53293	1.1.1.1	53	UDP
2025-01-14T14:19:00.650397+0100	2059143	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nuttyshopr .biz)	1	192.168.2.4	52281	1.1.1.1	53	UDP
2025-01-14T14:19:00.753369+0100	2059145	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (punishzement .biz)	1	192.168.2.4	59191	1.1.1.1	53	UDP
2025-01-14T14:19:00.764391+0100	2059151	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spookycappy .biz)	1	192.168.2.4	49491	1.1.1.1	53	UDP
2025-01-14T14:19:00.776705+0100	2059153	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (truculengisau .biz)	1	192.168.2.4	54581	1.1.1.1	53	UDP
2025-01-14T14:19:01.469549+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49730	104.102.49.254	443	TCP
2025-01-14T14:19:02.342211+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49730	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 14:19:00.802280903 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:00.802335024 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:00.802409887 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:00.806098938 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:00.806118011 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:01.469372034 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:01.469548941 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:01.477792978 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:01.477823019 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:01.478231907 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:01.531323910 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:01.900402069 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:01.947324038 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.342204094 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.342233896 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.342247009 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.342292070 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:02.342298985 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.342310905 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.342335939 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.342355013 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:02.342355013 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:02.342376947 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:02.430634022 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.430711985 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.430731058 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:02.430756092 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.430768967 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:02.430774927 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.430815935 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:02.449652910 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:02.449675083 CET	443	49730	104.102.49.254	192.168.2.4
Jan 14, 2025 14:19:02.449687004 CET	49730	443	192.168.2.4	104.102.49.254
Jan 14, 2025 14:19:02.449692011 CET	443	49730	104.102.49.254	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 14:19:00.548461914 CET	60049	53	192.168.2.4	1.1.1.1
Jan 14, 2025 14:19:00.556916952 CET	53	60049	1.1.1.1	192.168.2.4
Jan 14, 2025 14:19:00.559101105 CET	57592	53	192.168.2.4	1.1.1.1
Jan 14, 2025 14:19:00.569730997 CET	53	57592	1.1.1.1	192.168.2.4
Jan 14, 2025 14:19:00.575885057 CET	50784	53	192.168.2.4	1.1.1.1
Jan 14, 2025 14:19:00.585908890 CET	53	50784	1.1.1.1	192.168.2.4
Jan 14, 2025 14:19:00.593135118 CET	53387	53	192.168.2.4	1.1.1.1
Jan 14, 2025 14:19:00.602629900 CET	53	53387	1.1.1.1	192.168.2.4
Jan 14, 2025 14:19:00.609648943 CET	53293	53	192.168.2.4	1.1.1.1
Jan 14, 2025 14:19:00.619354963 CET	53	53293	1.1.1.1	192.168.2.4
Jan 14, 2025 14:19:00.650397062 CET	52281	53	192.168.2.4	1.1.1.1
Jan 14, 2025 14:19:00.660912991 CET	53	52281	1.1.1.1	192.168.2.4
Jan 14, 2025 14:19:00.753369093 CET	59191	53	192.168.2.4	1.1.1.1
Jan 14, 2025 14:19:00.762325048 CET	53	59191	1.1.1.1	192.168.2.4
Jan 14, 2025 14:19:00.764390945 CET	49491	53	192.168.2.4	1.1.1.1
Jan 14, 2025 14:19:00.774950027 CET	53	49491	1.1.1.1	192.168.2.4
Jan 14, 2025 14:19:00.776705027 CET	54581	53	192.168.2.4	1.1.1.1
Jan 14, 2025 14:19:00.786463022 CET	53	54581	1.1.1.1	192.168.2.4
Jan 14, 2025 14:19:00.787996054 CET	61801	53	192.168.2.4	1.1.1.1
Jan 14, 2025 14:19:00.795708895 CET	53	61801	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 14, 2025 14:19:00.548461914 CET	192.168.2.4	1.1.1.1	0x4445	Standard query (0)	getflashygai.shop	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.559101105 CET	192.168.2.4	1.1.1.1	0xa62e	Standard query (0)	fraggielek.biz	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.575885057 CET	192.168.2.4	1.1.1.1	0xf66f	Standard query (0)	grandiouseziu.biz	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.593135118 CET	192.168.2.4	1.1.1.1	0xae2b	Standard query (0)	littlenotii.biz	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.609648943 CET	192.168.2.4	1.1.1.1	0xe13d	Standard query (0)	marketlumpe.biz	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.650397062 CET	192.168.2.4	1.1.1.1	0xa994	Standard query (0)	nuttyshopr.biz	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.753369093 CET	192.168.2.4	1.1.1.1	0x4ee7	Standard query (0)	punishzement.biz	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.764390945 CET	192.168.2.4	1.1.1.1	0xdbd9	Standard query (0)	spookycappy.biz	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.776705027 CET	192.168.2.4	1.1.1.1	0x70f2	Standard query (0)	truculengisau.biz	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.787996054 CET	192.168.2.4	1.1.1.1	0xfd0f	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 14, 2025 14:19:00.556916952 CET	1.1.1.1	192.168.2.4	0x4445	Name error (3)	getflashygai.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.569730997 CET	1.1.1.1	192.168.2.4	0xa62e	Name error (3)	fraggielek.biz	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.585908890 CET	1.1.1.1	192.168.2.4	0xf66f	Name error (3)	grandiouseziu.biz	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.602629900 CET	1.1.1.1	192.168.2.4	0xae2b	Name error (3)	littlenotii.biz	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.619354963 CET	1.1.1.1	192.168.2.4	0xe13d	Name error (3)	marketlumpe.biz	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.660912991 CET	1.1.1.1	192.168.2.4	0xa994	Name error (3)	nuttyshopr.biz	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.762325048 CET	1.1.1.1	192.168.2.4	0x4ee7	Name error (3)	punishzement.biz	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.774950027 CET	1.1.1.1	192.168.2.4	0xdbd9	Name error (3)	spookycappy.biz	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.786463022 CET	1.1.1.1	192.168.2.4	0x70f2	Name error (3)	truculengisau.biz	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 14:19:00.795708895 CET	1.1.1.1	192.168.2.4	0xfd0f	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.102.49.254	443	7576	C:\Users\user\Desktop\lumma1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 13:19:01 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2025-01-14 13:19:02 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Tue, 14 Jan 2025 13:19:02 GMT Content-Length: 25665 Connection: close Set-Cookie: sessionid=f06e1a57d394c87f5b9d8a67; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2025-01-14 13:19:02 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2025-01-14 13:19:02 UTC	11186	IN	Data Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>

Target ID:	0
Start time:	08:18:58
Start date:	14/01/2025
Path:	C:\Users\user\Desktop\lumma1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\lumma1.exe"
Imagebase:	0x450000
File size:	1'243'648 bytes
MD5 hash:	5BF1CCB4980C012906A529F976215F0C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1715535738.0000000005550000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1693487258.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	08:18:59
Start date:	14/01/2025
Path:	C:\Users\user\Desktop\lumma1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\lumma1.exe"
Imagebase:	0x370000
File size:	1'243'648 bytes
MD5 hash:	5BF1CCB4980C012906A529F976215F0C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	13.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	4.9%
Total number of Nodes:	488
Total number of Limit Nodes:	34

Executed Functions

Function 0563DA50 Relevance: 16.2, Strings: 12, Instructions: 1173COMMON

Download Yara Rule

Strings

$^q, xrefs: 0563DCE3
$^q, xrefs: 0563E321
$^q, xrefs: 0563DF47
$^q, xrefs: 0563DE97
$^q, xrefs: 0563E37A
$^q, xrefs: 0563DCD3
$^q, xrefs: 0563DEA7
4, xrefs: 0563E425
$^q, xrefs: 0563DF57
$^q, xrefs: 0563E331
$^q, xrefs: 0563E38A
,bq, xrefs: 0563E50A

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-312445597
Opcode ID: c7ca64bf14c740db84ed84a26d90670003cf87652ff016928a3716656e57cb08
Instruction ID: f0d892aaa8fff5c96cf5aa24f1a51fa92477662ecd4b7eb93797be5985bfabba
Opcode Fuzzy Hash: c7ca64bf14c740db84ed84a26d90670003cf87652ff016928a3716656e57cb08
Instruction Fuzzy Hash: A2B20934A002288FDB14CFA4C885BADB7B6FF88700F158599E505AB7A5DB71ED45CF60

Function 0563DD77 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$^q, xrefs: 0563E321
$^q, xrefs: 0563DF47
$^q, xrefs: 0563DE97
$^q, xrefs: 0563E37A
4, xrefs: 0563E425
,bq, xrefs: 0563E50A

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q
API String ID: 0-2546334966
Opcode ID: 3ada71e4394250411991d828a5623760fde2b25b3d354d1fb7dec9424b1258f1
Instruction ID: eba8a1f2e9a243a9abe2d4949304fe6f195418c47676b1ac1e3fdb6a26581e84
Opcode Fuzzy Hash: 3ada71e4394250411991d828a5623760fde2b25b3d354d1fb7dec9424b1258f1
Instruction Fuzzy Hash: 6322FB34A00225CFDB24DFA5C985BADB7B6FF88300F1481A9E509AB795DB319D85CF60

Function 010A8780 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

xbaq, xrefs: 010A88AD
TJcq, xrefs: 010A8922
Te^q, xrefs: 010A8EA3
pbq, xrefs: 010A933A

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID: TJcq$Te^q$pbq$xbaq
API String ID: 0-1954897716
Opcode ID: c1c3ff8e91e60ecc6d1af244072c158cefce34151281b0cbb6d0b723b5c4a2f9
Instruction ID: 76d8a2207ee41c016d2ad53399643bf60574596f89c9dbc7a1e50b4ac494bbae
Opcode Fuzzy Hash: c1c3ff8e91e60ecc6d1af244072c158cefce34151281b0cbb6d0b723b5c4a2f9
Instruction Fuzzy Hash: 8EA2B475A00628CFDB64CF69C984AD9BBB2FF89304F1581E9D549AB325DB319E81CF40

Function 05631605 Relevance: 5.7, Strings: 3, Instructions: 1950
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

TJcq, xrefs: 05631713
$^q, xrefs: 056317C1
$^q, xrefs: 05631818

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: TJcq$$^q$$^q
API String ID: 0-4132459607
Opcode ID: 791e5d2c0737b980ccdac2b05efee5c06cbee5b3835730d583501cd9fd44ba80
Instruction ID: ae65b819d9470cfbf10cb2b577ec88605f0d58249b322513d573fcd47e829a32
Opcode Fuzzy Hash: 791e5d2c0737b980ccdac2b05efee5c06cbee5b3835730d583501cd9fd44ba80
Instruction Fuzzy Hash: B313EF7A600605EFCB069F94DC98E95BFB2FB49314B1680D4F2099B276CB32D961EF44

Function 053DC745 Relevance: 5.1, Strings: 4, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*, xrefs: 053DC982
,v', xrefs: 053DC813
d%dq, xrefs: 053DC7BC
"{W, xrefs: 053DC898

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: "{W$*$,v'$d%dq
API String ID: 0-1606205069
Opcode ID: e6d42c6eba55843cd62ec634606c72f24d6882f5250b163cefe174d6f99e1425
Instruction ID: f71e57b6eab9f71d2375000e902b21e90bea12844c9ab23e8670f0dbca6f2d04
Opcode Fuzzy Hash: e6d42c6eba55843cd62ec634606c72f24d6882f5250b163cefe174d6f99e1425
Instruction Fuzzy Hash: D4518078B002198FDB54DB68DC85B9AB7F2BF89200F1481E5910DDB748DB789D82CF51

Function 053DECB8 Relevance: 4.4, Strings: 3, Instructions: 616
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Pl^q, xrefs: 053DEE10
$^q, xrefs: 053DEEF6
(_^q, xrefs: 053DF3E3

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: (_^q$Pl^q$$^q
API String ID: 0-912065397
Opcode ID: 5aaf732a487316a6c922a2b8bfe6b30fb6a0808d47cc79fb37982b66fbe1cafb
Instruction ID: bedece12d8f5c188890805b2009791447e003211e24e51a188b126fb912f9b1b
Opcode Fuzzy Hash: 5aaf732a487316a6c922a2b8bfe6b30fb6a0808d47cc79fb37982b66fbe1cafb
Instruction Fuzzy Hash: 36325D75B002048FDB14DF69D488A6ABBF6BF89701F2588A9D906CF3A1DB71DC41CB61

Function 010AAD40 Relevance: 3.8, Strings: 2, Instructions: 1339
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2, xrefs: 010ABD2E
$^q, xrefs: 010AB3B2

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID: 2$$^q
API String ID: 0-1071376767
Opcode ID: 2f05a02715b30309c79c3031d0cef654e71a61162691013750f51750d2729a60
Instruction ID: 947a5bbbf1dd2c8f15cd66535293da8a8f3c510f4721ae07d9685a81e60c598c
Opcode Fuzzy Hash: 2f05a02715b30309c79c3031d0cef654e71a61162691013750f51750d2729a60
Instruction Fuzzy Hash: 83E2B2B4A006298FCB64DF69D898B9ABBF1FB89301F1081E9E50DA7355DB705E85CF40

Function 056D5558 Relevance: 3.1, Strings: 2, Instructions: 607
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fcq, xrefs: 056D565F
8, xrefs: 056D564C

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID:
String ID: fcq$8
API String ID: 0-89531850
Opcode ID: 2c457d7d49dc97580877e2f72ceed4967ff9925d7bbee2d5ee3a93dc315e3881
Instruction ID: 7c715bdbc2f8ab6256983986e4aac99af91eb70b1d0a8f310b089e1308464e5c
Opcode Fuzzy Hash: 2c457d7d49dc97580877e2f72ceed4967ff9925d7bbee2d5ee3a93dc315e3881
Instruction Fuzzy Hash: 2852E775E006298FDB64DF69C894AD9BBB1FF89300F5086E9D409A7354DB70AE81CF90

Function 053D32EF Relevance: 2.9, Strings: 2, Instructions: 357
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

!GO, xrefs: 053D3690
I!~4, xrefs: 053D3590

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: I!~4$!GO
API String ID: 0-2655039462
Opcode ID: d6d54330ecaa3a3143f1dc2560a87baa9b5fda5f4731b5bb4b266afcfd28f362
Instruction ID: 04ae6b196dc310c1bc3750472c38db9de740f52eae3c0d98e2523aad7f6e821f
Opcode Fuzzy Hash: d6d54330ecaa3a3143f1dc2560a87baa9b5fda5f4731b5bb4b266afcfd28f362
Instruction Fuzzy Hash: 96E187B5E05209CFDB44DFA8E588AAEBBF6FB49300F108469E40AAB344EB705D45CF51

Function 053D8188 Relevance: 2.8, Strings: 2, Instructions: 288COMMON

Download Yara Rule

Strings

, xrefs: 053D8546
!, xrefs: 053D8535

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: $!
API String ID: 0-2056089098
Opcode ID: 1ed6ba73b2a78207681d8e15743a1674838a0f55880bc711d43ae134bebac5c7
Instruction ID: 9a6dd191e5a650200b74ec3259d824fdb13f1a80447d82a728c65bb058ef30de
Opcode Fuzzy Hash: 1ed6ba73b2a78207681d8e15743a1674838a0f55880bc711d43ae134bebac5c7
Instruction Fuzzy Hash: CBC122B5D05608CFDB00CFA9E488BEDFBB6BB49304F109459D429BB245D7B5A888CF24

Function 056D5548 Relevance: 2.7, Strings: 2, Instructions: 162COMMON

Download Yara Rule

Strings

fcq, xrefs: 056D565F
h, xrefs: 056D5640

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID:
String ID: fcq$h
API String ID: 0-1849521214
Opcode ID: 9d10c6c806f2ab903a33dceca4a07ea9d32a033860aa5d4fb2ad80139ea91600
Instruction ID: 7ff39fcb1084cde103966ec5e3d73a54372d5bb41b231146e84e28333c656119
Opcode Fuzzy Hash: 9d10c6c806f2ab903a33dceca4a07ea9d32a033860aa5d4fb2ad80139ea91600
Instruction Fuzzy Hash: BC710675E046298BDB64DF69C850BD9FBB2FF89300F5086EAD40DA7254DB309A85CF90

Function 05639990 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05639CF5

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: ee72a014239427d6904222eb7f483c726720b4159337edfb195208e984d4310a
Instruction ID: 3d6babfb66092e46bff3b69916eb3872ecdce5b5611b4945a79394f6ef0a40d8
Opcode Fuzzy Hash: ee72a014239427d6904222eb7f483c726720b4159337edfb195208e984d4310a
Instruction Fuzzy Hash: D202F474E05619CFEB64DFA9D885BA9BBF2BB89300F1091A9D40DA7358DBB05D85CF00

Function 05639980 Relevance: 1.7, Strings: 1, Instructions: 401COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05639CF5

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 6dbfd9970a12e5f20cb8454ae3147e59a41bbd348c0db56b5e3278c56d5ff3d1
Instruction ID: 0946a3381bf71aff081525178bdc5b33a147344d77fb35d176f1ed142d4bdc4f
Opcode Fuzzy Hash: 6dbfd9970a12e5f20cb8454ae3147e59a41bbd348c0db56b5e3278c56d5ff3d1
Instruction Fuzzy Hash: FA02E574E05619CFEB64DFA9D885BA9BBF2BB89300F1081A9D40DA7754DBB05D85CF00

Function 056D8CAB Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 056D8D65

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 66a16d9aaa900ea3f99eec115e2c4a2b78983edf8398234850e171396fd3b1b5
Instruction ID: 11a52181d016df5ecd6ad638322321b2bf73508547f4226c703fb8478febe699
Opcode Fuzzy Hash: 66a16d9aaa900ea3f99eec115e2c4a2b78983edf8398234850e171396fd3b1b5
Instruction Fuzzy Hash: 8D4176B4D002589FCF10CFAAD984ADEFBB1BB59310F10942AE819B7340D735A946CF68

Function 056D8CB0 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 056D8D65

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 2bee0475f7342b2ed6e80c219c2b538c24108d85494b3dfda8ac877a396f5645
Instruction ID: 451c670fad57a0be7902331f5dafdc48de205aad60c818c01f8aa76d6e3111a0
Opcode Fuzzy Hash: 2bee0475f7342b2ed6e80c219c2b538c24108d85494b3dfda8ac877a396f5645
Instruction Fuzzy Hash: 354166B4D042589FCF10CFAAD984ADEFBB1BB59310F10942AE819B7250D735A946CF68

Function 056DC509 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 056DC59E

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 56ca1b909deab92ad52e1880dfe23ad32d725f18bebbc5122551d37ff8bcf5bf
Instruction ID: 29d33e50d215a52e63dc7986be93bb6a7fb08f0544bd44d396e222dadce1107e
Opcode Fuzzy Hash: 56ca1b909deab92ad52e1880dfe23ad32d725f18bebbc5122551d37ff8bcf5bf
Instruction Fuzzy Hash: 6531ABB4D012189FCB10CFA9D984A9EFBF1BB49310F14942AE819B7340D734A946CFA4

Function 056DC510 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 056DC59E

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 1547f966cefb897aaab85e7344eb1e1788c8f615cd44249b3bb95a1428c2f9a8
Instruction ID: 095dba8c84f74e7f3528de93d4451817270efd81bee9fab08528564bcd8b88ad
Opcode Fuzzy Hash: 1547f966cefb897aaab85e7344eb1e1788c8f615cd44249b3bb95a1428c2f9a8
Instruction Fuzzy Hash: 46319AB4D012189FCB10DFAAD984A9EFBF5FB49310F10942AE819B7340D775A945CFA4

Function 05643C68 Relevance: 1.6, Strings: 1, Instructions: 309COMMON

Download Yara Rule

Strings

PH^q, xrefs: 05644000

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 7de62b3749e6ee980386ea12c6405191f2446400b3cc5edf58a1046be7b26fd3
Instruction ID: 12cd8ff5aa23a6c117ae7f6c87b7f3ccdd71ece8504cd6486611e83524fc5c36
Opcode Fuzzy Hash: 7de62b3749e6ee980386ea12c6405191f2446400b3cc5edf58a1046be7b26fd3
Instruction Fuzzy Hash: B4D11474E05218CFEB24CFA9D885BADBBF2BF49305F2090A9E40AA7354DB705985CF41

Function 05643C62 Relevance: 1.5, Strings: 1, Instructions: 296COMMON

Download Yara Rule

Strings

PH^q, xrefs: 05644000

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 60d9b91e85416ef93c100933998187a89a1eb32ec57d2e5c2fe2c6735fe7a13f
Instruction ID: f6b1bac6d366aaa0831498d1562f13017548fa3103120cb59dcfd7b03e67a9c8
Opcode Fuzzy Hash: 60d9b91e85416ef93c100933998187a89a1eb32ec57d2e5c2fe2c6735fe7a13f
Instruction Fuzzy Hash: 03D10474E05218CFEB24CFA9D885BADBBF2FB49305F1090A9E409A7354DB745985CF41

Function 053FF220 Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

Deq, xrefs: 053FF325

Memory Dump Source

Source File: 00000000.00000002.1714929485.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53f0000_lumma1.jbxd

Similarity

API ID:
String ID: Deq
API String ID: 0-948982800
Opcode ID: 0a1581ad3da4df753aa2f940053a4d39144b16fdd2e7924deb2cbdfcdd751157
Instruction ID: 50e37163e75f02811863b9722c77d0d431abf1569e6efd54f074c7333c831d0c
Opcode Fuzzy Hash: 0a1581ad3da4df753aa2f940053a4d39144b16fdd2e7924deb2cbdfcdd751157
Instruction Fuzzy Hash: BAD1BF74E00219CFDB54DFA9D994A9DBBB2FF88300F2080A9D509AB365DB70A981CF51

Function 056377C8 Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05637917

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 78caa87071e9982cc99d3ea85587accd25c684a0eb4c7af3e033f8f6fb831ab2
Instruction ID: 23886a3f8fc10b5f491a3643896c48902dda06b66ec21fe8bfcba77cb2e99ba2
Opcode Fuzzy Hash: 78caa87071e9982cc99d3ea85587accd25c684a0eb4c7af3e033f8f6fb831ab2
Instruction Fuzzy Hash: 73B1F5B4E05618CFDB14DFA9D885BADBBF2FB89300F2091A9D409A7355EB705A85CF40

Function 056377B8 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05637917

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 4d565101deab91b81cfa37ff683c032906213f8c1530a6a95bb279caffb096b8
Instruction ID: ffd7f2d40303c786f24c1de71e3b3cfd6c76ccfee26ec2809d3b7f6f3f62ed31
Opcode Fuzzy Hash: 4d565101deab91b81cfa37ff683c032906213f8c1530a6a95bb279caffb096b8
Instruction Fuzzy Hash: 4AB1F7B4E05608CFDB14DFA9D885BADBBF2FB89300F2091A9D409A7355EB705A85CF40

Function 0562EA98 Relevance: 1.5, Strings: 1, Instructions: 211COMMON

Download Yara Rule

Strings

dbq, xrefs: 0562ECB3

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: 6001836b74200aceb9178a5cdae85a04a97eba5adac87152c9f2bb0927690c96
Instruction ID: 5f9a1e4bdc7459d6bee2c09a63f3a5a7f71a7efddbfed7cfe6d1561d31cd6188
Opcode Fuzzy Hash: 6001836b74200aceb9178a5cdae85a04a97eba5adac87152c9f2bb0927690c96
Instruction Fuzzy Hash: A2915B74E04628CFDB24DFA4D888BADBBB6FB49305F1080A9E409A7384DB755D89CF41

Function 0562EAA8 Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

dbq, xrefs: 0562ECB3

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: 1573a78b309b11e6f7a6668a60a60914700ae182b8977eea53ed62e8c4f49973
Instruction ID: a8d937fc9bbeb65b06da34a7127d96a5a95182b6cbca9ecbd471487d8d55d109
Opcode Fuzzy Hash: 1573a78b309b11e6f7a6668a60a60914700ae182b8977eea53ed62e8c4f49973
Instruction Fuzzy Hash: 26814674A05628CFDB20DFA9D988BEDBBB6FB49305F108069E009A7344DB755D89CF01

Function 053D09B8 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

(, xrefs: 053D0A43

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: dbaabbd2d02e1e15b0d3064e6886a0811383957e16e9f52f1248c40a6d5cccbf
Instruction ID: fb700c8f5d4c052d8388fe731e114fc73fbd82d6c971bd9c23d8c1150b2e0258
Opcode Fuzzy Hash: dbaabbd2d02e1e15b0d3064e6886a0811383957e16e9f52f1248c40a6d5cccbf
Instruction Fuzzy Hash: 0621CC71D055189BEB18CF6BD84579EFBF7AFC8300F14C0AAD81CA6255EB754A428F60

Function 010AC6B3 Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cae06faa6701c212aaf1ec41bd6bf064152273047940fb7c3621481111f6af81
Instruction ID: 346cfb05b2ab877fc468f02c81e0f46c104e80f824229d9ad1f77c6582346d10
Opcode Fuzzy Hash: cae06faa6701c212aaf1ec41bd6bf064152273047940fb7c3621481111f6af81
Instruction Fuzzy Hash: 6F52C4B4A006298FCB64DF28CD98B9ABBB5FB48301F1091D9E54DA7355DB30AE85CF50

Function 05641100 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a649ed81697c73df2d6e5a39cee77b6337e25db50019c95e53fd1a4da73e089
Instruction ID: d845b206412d1261eadbce7b57b0693472803837784b1148266c9e803ad16449
Opcode Fuzzy Hash: 5a649ed81697c73df2d6e5a39cee77b6337e25db50019c95e53fd1a4da73e089
Instruction Fuzzy Hash: C7814674E05218CFDB14DFA9D888BAEBBF6FB4A304F109169E409A7744DB746986CF40

Function 056410F1 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4a09b2aa2464776bea362ea30e79c8a43aadcb8d20a2760f28bf22330f9378d
Instruction ID: 8d724b144d90246170c3519788a9017123d8dda9775aa5886a0732d4970e784b
Opcode Fuzzy Hash: f4a09b2aa2464776bea362ea30e79c8a43aadcb8d20a2760f28bf22330f9378d
Instruction Fuzzy Hash: ED814774E05218CFDB14DFA9D888BAEBBF2FB4A304F109169E409A7754DB746986CF40

Function 056411E2 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35555124dca822f209e2e0b093d05da3e9b442d614744f0e326e70ff47f7d665
Instruction ID: 635a3f01ab0a788a3f8c607d699678fda63b72ab21166c35b672a3c29f7aae7b
Opcode Fuzzy Hash: 35555124dca822f209e2e0b093d05da3e9b442d614744f0e326e70ff47f7d665
Instruction Fuzzy Hash: 96812874E05218CFDB14DFA9D488BAEBBF2FB4A301F109169E509A7755DB705986CF00

Function 056413F5 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e6cf3d3549f3ef697b9a7ab53bbf8c3d0b612cdf7abfebe38372f676969a4de
Instruction ID: 9e5653a626fcb030c6250b31cfa8081c374ea9b8db6ff4dc49669f89f3185334
Opcode Fuzzy Hash: 5e6cf3d3549f3ef697b9a7ab53bbf8c3d0b612cdf7abfebe38372f676969a4de
Instruction Fuzzy Hash: 0C714974E05218CFDB14DFA8D488BAEBBF2FB4A301F1091A9E409A7755DB746986CF00

Function 057FFCB8 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 102a188edf1800b193a8982134d99bc8ce9a9a7eeb7789d79745d6d65dfe3243
Instruction ID: 8b7296fa100d8412e17656713d9e62675f7fe76b7957e2e1f1f0a09cc879a7de
Opcode Fuzzy Hash: 102a188edf1800b193a8982134d99bc8ce9a9a7eeb7789d79745d6d65dfe3243
Instruction Fuzzy Hash: DC513A74E01619CFDB04CFA9D494AEEBBF2FF88300F249025E619A7345DB74A941DB90

Function 056217F0 Relevance: 4.2, Strings: 3, Instructions: 478
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 05621D44
Hbq, xrefs: 05621CC5
Hbq, xrefs: 05621CF4

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq
API String ID: 0-2297679979
Opcode ID: 72764e7932ad54f2a146568c942ffb9448d2281c1c1182faba0aa7fdf2618548
Instruction ID: 400bc163d48b23500df98ac963e5d7491ca156dae96fb91598d0b802bb178a5d
Opcode Fuzzy Hash: 72764e7932ad54f2a146568c942ffb9448d2281c1c1182faba0aa7fdf2618548
Instruction Fuzzy Hash: A5127C35B046248FCB24DFA4C484AAEBBF2FF89301F548529E40A9B751DB35AD46CF90

Function 056234B8 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 05623831
4'^q, xrefs: 056236D2
4'^q, xrefs: 056237B1

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q
API String ID: 0-1196845430
Opcode ID: c4d140134a5f21b37492e8eeb91afdd546d668e39424664b6af5de1d2932d47f
Instruction ID: 7fef81625756e31613f71e79c44a8eb1b5db93ac02e30506d0edc8e55d96c6cd
Opcode Fuzzy Hash: c4d140134a5f21b37492e8eeb91afdd546d668e39424664b6af5de1d2932d47f
Instruction Fuzzy Hash: 73F1B734B10628DFCB18DB64D998A9DBBB2BF89301F518559E406AB365DB74EC42CF40

Function 05627AA0 Relevance: 4.1, Strings: 3, Instructions: 358
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 05627BF5
Hbq, xrefs: 05627C21
(bq, xrefs: 05627BC9

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: (bq$(bq$Hbq
API String ID: 0-2835675688
Opcode ID: df15436a04a20ee8be5a4a9a245f18fcaaabc46920494f653a848e075d3247d5
Instruction ID: 2ae1b5dbfc8925a8c2c073afe9f8edd4ace867918bfa661d612a976b3ce92577
Opcode Fuzzy Hash: df15436a04a20ee8be5a4a9a245f18fcaaabc46920494f653a848e075d3247d5
Instruction Fuzzy Hash: 44E14E34B006199FCB18EF64D4949ADBBB2FF89301F508569E806AB365DB30ED42CF94

Function 053DF4F4 Relevance: 4.0, Strings: 3, Instructions: 296
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 053DF706
(bq, xrefs: 053DF801
(bq, xrefs: 053DF6DA

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: (bq$(bq$(bq
API String ID: 0-2716923250
Opcode ID: 6f613320ef24758d7be28eecec1036f1c648870b07fe4a0b3656b0b5707ebab8
Instruction ID: 48c9fe168cd23d831f8b33e64a20b6ef58afb54a124562044a4e646e18c67be9
Opcode Fuzzy Hash: 6f613320ef24758d7be28eecec1036f1c648870b07fe4a0b3656b0b5707ebab8
Instruction Fuzzy Hash: A5A108367042614FC715DF79E890AAE7BF6FF85751B1484AAE806CB392CA35DC42C7A0

Function 053DCCF2 Relevance: 3.8, Strings: 3, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 053DCE1E
$^q, xrefs: 053DCE34
/, xrefs: 053DCD0A

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: /$$^q$$^q
API String ID: 0-3306626076
Opcode ID: 38a374495572ae5e80fc770c5eb09bf5981f52a4c74a2af33b8b96fbf03dbd4d
Instruction ID: 8f0f60d573235574c8d53ab9e6de53a97152129dacdb7344764ba5b48c926969
Opcode Fuzzy Hash: 38a374495572ae5e80fc770c5eb09bf5981f52a4c74a2af33b8b96fbf03dbd4d
Instruction Fuzzy Hash: E3313978A0012D8BDB64DB69DC84BADB7B2BB88201F5495A6D10EAB354EB305E85CF10

Function 053DD911 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 053DDC2B
$^q, xrefs: 053DDC3B

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: b23a013c7af9969d78aec928b94a5868764fc293eb85c9b1981e44c5c179be3e
Instruction ID: caf390325a607aa256dcd3d1b19e55f7e8047e8d889f9e495256ba46fa6ac280
Opcode Fuzzy Hash: b23a013c7af9969d78aec928b94a5868764fc293eb85c9b1981e44c5c179be3e
Instruction Fuzzy Hash: D0126D31E0462A8FCF15DFA5E845AEDBBB2FF48301F148855E802AB394DB749A45CF64

Function 04F34210 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 04F346A6
4'^q, xrefs: 04F346B6

Memory Dump Source

Source File: 00000000.00000002.1713091076.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f30000_lumma1.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 28f175036371f8b09886f0038fd0db2ca9d68c7c4ed956476e0733792fab1193
Instruction ID: 3b157fb64b1a35513167ccf7677181af1fb7be77874cf58d0918debfc022de1d
Opcode Fuzzy Hash: 28f175036371f8b09886f0038fd0db2ca9d68c7c4ed956476e0733792fab1193
Instruction Fuzzy Hash: A0F1D774E01218DFCB28DFA4E4996ACBBB6FF49316F604529E406AB350DB356D86CF04

Function 05620EA8 Relevance: 2.8, Strings: 2, Instructions: 345
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 05620EBC
d, xrefs: 05621109

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: (bq$d
API String ID: 0-3334038649
Opcode ID: ba65b589f114ae19521a90a289d2ae160b7cc1b7c88e447c49b403bf11a58945
Instruction ID: 4f190bb97fae5cb1e6aa841745c8d168a01a779479f39bce944e251a9651c2bc
Opcode Fuzzy Hash: ba65b589f114ae19521a90a289d2ae160b7cc1b7c88e447c49b403bf11a58945
Instruction Fuzzy Hash: C1D17C30704A168FCB24CF19C484A6AB7F2FF89310B658969E85A9B751DB31F846CF90

Function 053D8198 Relevance: 2.8, Strings: 2, Instructions: 297COMMON

Download Yara Rule

Strings

, xrefs: 053D8546
!, xrefs: 053D8535

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: $!
API String ID: 0-2056089098
Opcode ID: 5c9eebd16c3cb5f75220d63a1dd8a22af8a61d49bf8c2205f69fc5e9f11eb93e
Instruction ID: a90453b5ce9f4d9f016cb036eef0ccff0db5665de4d2a6997b389333ea54c7ef
Opcode Fuzzy Hash: 5c9eebd16c3cb5f75220d63a1dd8a22af8a61d49bf8c2205f69fc5e9f11eb93e
Instruction Fuzzy Hash: AED10075D05608CBDB00CFA9E448BEDFBB6BB49304F109569D429BB684D7B5A888CF24

Function 053D018F Relevance: 2.7, Strings: 2, Instructions: 224COMMON

Download Yara Rule

Strings

, xrefs: 053D010E
$, xrefs: 053D048D

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: $$
API String ID: 0-182950533
Opcode ID: 538685557ecc5333315a524db23805e85e022505141893fea052f934ab0f515e
Instruction ID: c4217aa050a5c513575d0eb08e31d609260e32e1e90de357b7023ed8ff3705e2
Opcode Fuzzy Hash: 538685557ecc5333315a524db23805e85e022505141893fea052f934ab0f515e
Instruction Fuzzy Hash: 26A145B5D05208CFDB18CFA4E488BAEFBF6FB49704F2090A9D409A7644E7B45985CF21

Function 0563F730 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

(bq, xrefs: 0563F846
Hbq, xrefs: 0563F8D5

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 6d801674ec19034a6819c8407a1a1cf3cb40bfec3b23326ea9dea870f4ce1b75
Instruction ID: a9bddac20013a0814cbd72bd7fd85b6ad8d6de49412785cd611761303c336b0d
Opcode Fuzzy Hash: 6d801674ec19034a6819c8407a1a1cf3cb40bfec3b23326ea9dea870f4ce1b75
Instruction Fuzzy Hash: DC51A134B002248FC728AF78C45566EBBB6FF85301B50846DE90A8B7A1DF35EC46CB95

Function 053DA7E9 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

!, xrefs: 053DA822
, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: $!
API String ID: 0-2056089098
Opcode ID: b749f4f318d028c038b4516adbc24dc77ea098b2f8d6f7d1815b15b72f5baeaa
Instruction ID: 0af101922dfef5f4a6cf1bc131c086051c550a496aac6f861fd068a8e074952c
Opcode Fuzzy Hash: b749f4f318d028c038b4516adbc24dc77ea098b2f8d6f7d1815b15b72f5baeaa
Instruction Fuzzy Hash: 7E81C076A04218CFDB50CFA8E989B9DFBF5FB09304F108195E809AB345DB759984CF24

Function 053DA8FF Relevance: 2.7, Strings: 2, Instructions: 168COMMON

Download Yara Rule

Strings

", xrefs: 053DA91C
, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: $"
API String ID: 0-3817095088
Opcode ID: 9d9b3b95a3acef5cdd640d67b06d6f0b129287fc6e942a421c26f0d9fe5c3450
Instruction ID: 75a7b34581551e9c1d6fb0b66929882494f49269116d4df8317d1f5ad0e99e63
Opcode Fuzzy Hash: 9d9b3b95a3acef5cdd640d67b06d6f0b129287fc6e942a421c26f0d9fe5c3450
Instruction Fuzzy Hash: BB81D176A04218CFDB50CF98E989BADFBF6FB09304F108195E409AB345DB75A985CF24

Function 053DA8B3 Relevance: 2.7, Strings: 2, Instructions: 164COMMON

Download Yara Rule

Strings

,, xrefs: 053DA8CE
, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: $,
API String ID: 0-71045815
Opcode ID: 6abac95c1da794300de5926e82c746055b4e5448766afaf43ac23a5c9eee137b
Instruction ID: 37885843ea793aeba0e1e159360dafced0aa7a54d0c032808a72a6aa1393e94e
Opcode Fuzzy Hash: 6abac95c1da794300de5926e82c746055b4e5448766afaf43ac23a5c9eee137b
Instruction Fuzzy Hash: EB71F276A04218CFDB50CFA8E988BADFBF5FB09304F108195E909AB345DB759985CF24

Function 053D1044 Relevance: 2.6, Strings: 2, Instructions: 57COMMON

Download Yara Rule

Strings

7, xrefs: 053D1005
&, xrefs: 053D0F23

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: &$7
API String ID: 0-2329192425
Opcode ID: ea69853b3890b75021e0ea8649d796d6a9b128ca3a836c80d35753663fa59f15
Instruction ID: ad0ea15e0dced1e0a3873ae834c0ad060837aa7ba720b38265b28115f0c65e3f
Opcode Fuzzy Hash: ea69853b3890b75021e0ea8649d796d6a9b128ca3a836c80d35753663fa59f15
Instruction Fuzzy Hash: D4212874E05248CFCB50DFA8D588B9EBBB2FB49304F2080A5D518AB345DB755E84CF61

Function 053D0D13 Relevance: 2.5, Strings: 2, Instructions: 21COMMON

Download Yara Rule

Strings

', xrefs: 053D0D7B
TJcq, xrefs: 053D0D4D

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: '$TJcq
API String ID: 0-3483038916
Opcode ID: 27946aac83e0d7544db4f9fb2c40cab953698c0c1f236848ab776c8d2ca0828e
Instruction ID: aa8c3e75e0872f967c666fff2003e8c89af92fcc7c8a13acd8ef2ebd11661448
Opcode Fuzzy Hash: 27946aac83e0d7544db4f9fb2c40cab953698c0c1f236848ab776c8d2ca0828e
Instruction Fuzzy Hash: 18F0B774A05258CFCB64DF64D858B9ABBB2BF45300F0441E9D44DA7645DB741E84CF16

Function 05624398 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,bq, xrefs: 05624713

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 143dacd63ca21138d62939c30e7710e6f82365a0014f39e8b259766ad941b849
Instruction ID: d92d438aa237f781e39e47d7fb8b20f6494e8d29bcf1827d893850799c9c9033
Opcode Fuzzy Hash: 143dacd63ca21138d62939c30e7710e6f82365a0014f39e8b259766ad941b849
Instruction Fuzzy Hash: 0252F975A002288FDB68CF69C985BEDBBF2BF88301F5541D9E509A7351DA309E81CF61

Function 056D975F Relevance: 1.8, APIs: 1, Instructions: 300processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 056D99CF

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 9541707944a28b2191d474b61cd04e0bc27709d0bd51dd36042b53e44eae481c
Instruction ID: 0a4677aab186d30d82db35bc3c1843e80ef439a1184efe3cc5bf6bc9636155aa
Opcode Fuzzy Hash: 9541707944a28b2191d474b61cd04e0bc27709d0bd51dd36042b53e44eae481c
Instruction Fuzzy Hash: 55B131B4D002198FDB10CFA9C885BEEFBB2BB49300F149969E859A7340DB349985CF95

Function 053DE4A0 Relevance: 1.8, Strings: 1, Instructions: 534COMMON

Download Yara Rule

Strings

(_^q, xrefs: 053DE730

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: (_^q
API String ID: 0-538443824
Opcode ID: 9138cc35387a83056086b261fb5487789ffa9b452f939c3fdd6e9eded6a26efb
Instruction ID: bc7a4e91912852812f26a98d2f5bd9b03f5cf7b4cbbad39f2200d81422f389f2
Opcode Fuzzy Hash: 9138cc35387a83056086b261fb5487789ffa9b452f939c3fdd6e9eded6a26efb
Instruction Fuzzy Hash: 9E226C36A002149FDB58DFA4D494AADBBB6FF88310F148469E906DF391DB71ED44CBA0

Function 056D9768 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 056D99CF

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: fcc719614bb7141234781f00cab6d97b1a9a021b3bb3387d422d4ee340d46b89
Instruction ID: 00abd17ba5dc9dc91635c26ce1fb736016c93389b6201a2443886e94cc6cd608
Opcode Fuzzy Hash: fcc719614bb7141234781f00cab6d97b1a9a021b3bb3387d422d4ee340d46b89
Instruction Fuzzy Hash: 95A122B1D002189FDB10CFA9C845BEEFBF1BF09310F149969E859A7280DB789985CF95

Function 05647024 Relevance: 1.7, APIs: 1, Instructions: 155fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 05647174

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 65da0305c0cbe75f3e913e4c865d8a2e8828ac8b26ea07761abb7bda9c66051c
Instruction ID: ea9ee43d17217173df3563144133b9ec0afaebb9ee226fece4365b3a1f526588
Opcode Fuzzy Hash: 65da0305c0cbe75f3e913e4c865d8a2e8828ac8b26ea07761abb7bda9c66051c
Instruction Fuzzy Hash: 4F51D0B4D0425C9FDF20CFA9D884AAEBBB1FB09304F24952AE819B7340D7749986CF54

Function 05647030 Relevance: 1.7, APIs: 1, Instructions: 153fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 05647174

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: a100c811e9654f8c07fa54e9909402705b40c4d496985d017a572b322289626a
Instruction ID: 9f7bcc6866c7b2f956d57e735cbe3119d6c6a4aeef7c12c4f25c35c96217ee79
Opcode Fuzzy Hash: a100c811e9654f8c07fa54e9909402705b40c4d496985d017a572b322289626a
Instruction Fuzzy Hash: 0851D1B4D0421C9FDF20CFA9D884AAEBBB1FB09304F24952AE819B7340D7749986CF54

Function 05647484 Relevance: 1.6, APIs: 1, Instructions: 150COMMON

Download Yara Rule

APIs

CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 056475C6

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: 73deda140bf5cbe02edda45595bc268fd8dbc3d25cf57ca58315abc5c1d426de
Instruction ID: c92d88611440232b5b040a9d02f3bf53176e2e64e8571271c4fe1f5e491c1a35
Opcode Fuzzy Hash: 73deda140bf5cbe02edda45595bc268fd8dbc3d25cf57ca58315abc5c1d426de
Instruction Fuzzy Hash: B051D3B4D042489FDF14CFA9D885A9EBBB1FF09310F149429E859BB340DB749986CF85

Function 05647490 Relevance: 1.6, APIs: 1, Instructions: 146COMMON

Download Yara Rule

APIs

CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 056475C6

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: 25763ecfa325badb3b048b761cd3768a6ed12fccbb30016bf585fdf3d86d4828
Instruction ID: 3e0ff227926add57b7203b48e59ee3dfd60863549c37433990a8388e7508a89f
Opcode Fuzzy Hash: 25763ecfa325badb3b048b761cd3768a6ed12fccbb30016bf585fdf3d86d4828
Instruction Fuzzy Hash: 1851DFB4D043489FDF14DFA9D885A9EBBB2FB09310F109429E819BB340DB749986CF85

Function 056DBE88 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 056DBF63

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 44ecd6e4c82531e7d0a320be7bdce8fdbebd3283169cadaeca97f3f0dceb4982
Instruction ID: 39b3b1ae186a775d90b6c2f883fe3853a52d530732769234d7268732c81934f3
Opcode Fuzzy Hash: 44ecd6e4c82531e7d0a320be7bdce8fdbebd3283169cadaeca97f3f0dceb4982
Instruction Fuzzy Hash: 754199B5D052589FCF00CFA9D984ADEFBF1BB49310F24942AE819B7250D738AA45CF64

Function 010A0CC4 Relevance: 1.6, Strings: 1, Instructions: 367COMMON

Download Yara Rule

Strings

`Q^q, xrefs: 010A11A4

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID: `Q^q
API String ID: 0-1948671464
Opcode ID: 33f3995a0ebaba8b3fc99f7cfcafff579fed901f4f2738a15135c5999dc2ccdc
Instruction ID: 9d1ce89e07fde3cf4458627833bd7dbba6a1090da0eeee4f75c1e465c22445c9
Opcode Fuzzy Hash: 33f3995a0ebaba8b3fc99f7cfcafff579fed901f4f2738a15135c5999dc2ccdc
Instruction Fuzzy Hash: 0CE1A131B0021A9FDB04DFA8C884B6EBBF2BF84304F558569E5459F2A5DB71EC46CB81

Function 056DBE90 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 056DBF63

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: ff1bedf8102121084f580360f6f0bddc735051d857112d6038b4eb71f234daa7
Instruction ID: 356448d4ce8d68dcdc97f7cf4ac8022b21ddae39b61b59eb22a4a773951fdbf2
Opcode Fuzzy Hash: ff1bedf8102121084f580360f6f0bddc735051d857112d6038b4eb71f234daa7
Instruction Fuzzy Hash: 184199B5D012589FCB00CFA9D984ADEFBF1BB49310F24942AE819B7250D738AA45CF64

Function 056DBBB8 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 056DBC6A

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5df2ae4bd29d3741fa2c810d17096bd2a2f871d73a267d70bf4c427b211fa0fd
Instruction ID: 7cac979cd06ec8d84b54f32d0ad7889e6ff088b9bc398f226e2978e0be76e983
Opcode Fuzzy Hash: 5df2ae4bd29d3741fa2c810d17096bd2a2f871d73a267d70bf4c427b211fa0fd
Instruction Fuzzy Hash: 613196B8D042589FCF10CFA9D984A9EFBB1FB49310F10A42AE815B7310D735A946CF68

Function 05647C48 Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 05647CFA

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: efc313cdf4dfc887d66ffa6f2d8a17cc03318ee529dd8e5638820124202b64ea
Instruction ID: a395784e8d29d49bf9f27bff66e6d0d2ea23a1d2edd74bd7b026b1e795643cb5
Opcode Fuzzy Hash: efc313cdf4dfc887d66ffa6f2d8a17cc03318ee529dd8e5638820124202b64ea
Instruction Fuzzy Hash: DB3178B9D042589FCF10CFA9D984A9EFBB1FB49310F10942AE815B7250D735A946CF58

Function 056DBBC0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 056DBC6A

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0e274212931797e2774da73479bf3e8acc393668457795e792d1fcbc14798185
Instruction ID: dcdccb2a27308b7b5e229190736a97aa1b7d8fb95b9ac90c91d3a1c0da92be68
Opcode Fuzzy Hash: 0e274212931797e2774da73479bf3e8acc393668457795e792d1fcbc14798185
Instruction Fuzzy Hash: ED3176B8D042589FCF10CFA9D984A9EFBB1BB49310F10A42AE815B7350D735A946CF68

Function 05647C50 Relevance: 1.6, APIs: 1, Instructions: 101fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 05647CFA

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 6fa0d0e4d7f07cc3a6e2339a521ba944b153bfa44699ffdef96385b1c5f01538
Instruction ID: 6416ed994f8a70d33629ffb3e628ecfef0ec84c459f1a3bf1e226203bed0277c
Opcode Fuzzy Hash: 6fa0d0e4d7f07cc3a6e2339a521ba944b153bfa44699ffdef96385b1c5f01538
Instruction Fuzzy Hash: DD3187B8D042589FCF10CFA9D984A9EFBB1FB49310F10A42AE815B7250D735A946CF58

Function 056469E8 Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,?,?,?), ref: 05646A94

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 8331fbb8cf815da67cffa9c2251acabeea38ac74e53194c345008c1a30894e33
Instruction ID: ebef7198398243d4418ff1201e79582cd9c377cedf9341dcf28b3ed247cca7c4
Opcode Fuzzy Hash: 8331fbb8cf815da67cffa9c2251acabeea38ac74e53194c345008c1a30894e33
Instruction Fuzzy Hash: BA31CAB4D002589FCF10CFAAD884AEEFBB1BB49310F24942AE815B7240C739A985CF54

Function 05648040 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 056480EC

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: fd2a140d39f056d88a4ad7ae9bab7a3d1c699cd6fe9cd0e632ecfdc3e89739b4
Instruction ID: cf08d07eaa8e90b938106a01ee45a06ce17440a3350bfb8c668d1de0e0e56925
Opcode Fuzzy Hash: fd2a140d39f056d88a4ad7ae9bab7a3d1c699cd6fe9cd0e632ecfdc3e89739b4
Instruction Fuzzy Hash: 6431CAB5D002589FCF10CFA9D884AEEFBB1FB49310F14942AE815B7240D739A945CF54

Function 056DBBBF Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 056DBC6A

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8bb76ee32bbb768254d714b8525b4351491f40967548974b75b05a716fc03160
Instruction ID: fe80582673abeb6d48b9fbd5e6953005f727bc161e49d3508f7bbb5327d6fea0
Opcode Fuzzy Hash: 8bb76ee32bbb768254d714b8525b4351491f40967548974b75b05a716fc03160
Instruction Fuzzy Hash: 0B3188B9D002589FCF10CFA9D984ADEFBB1BB49310F10A42AE815B7350D735A946CF68

Function 056469F0 Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,?,?,?), ref: 05646A94

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: d81ec9a93b11d3944f48fab1b3c34dea29f7a7afdefa6c34bd844777f047390e
Instruction ID: 8ad22b9c4dddbb52f0eba8d632c037f77d5006e9de6d6a7aa122d7748697688f
Opcode Fuzzy Hash: d81ec9a93b11d3944f48fab1b3c34dea29f7a7afdefa6c34bd844777f047390e
Instruction Fuzzy Hash: 7231CAB4D002589FCF10CFAAD884AEEFBB1BB49310F24942AE815B7240C739A985CF54

Function 05648048 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 056480EC

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 455140d4ea3a9dfc80a34aa92bdb9459eda285ca1e127e51bbc87dcb6b8a3740
Instruction ID: b73bc45e80ad8b200d97a20eb6eeda63a3ee1fb896bfbfc84b10952d69b0f2d4
Opcode Fuzzy Hash: 455140d4ea3a9dfc80a34aa92bdb9459eda285ca1e127e51bbc87dcb6b8a3740
Instruction Fuzzy Hash: 4731A8B4D042589FCB10CFAAD884AEEFBB1BB49310F14942AE815B7250D739A945CF58

Function 053FD3D8 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 053FD47C

Memory Dump Source

Source File: 00000000.00000002.1714929485.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53f0000_lumma1.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 77829648eca0c73d423c6d9d64de0324e17ecf24d4e4d6ed7841ff30700ce88d
Instruction ID: a99dcde0fa5b317365eb61acc2d904dfd0b4c30bd4f6830cc64e4b9d0aec530b
Opcode Fuzzy Hash: 77829648eca0c73d423c6d9d64de0324e17ecf24d4e4d6ed7841ff30700ce88d
Instruction Fuzzy Hash: 8131A8B4D002089FCB10CFA9D884A9EFBB1FB49310F24942AE819B7210D735A9458F54

Function 056DB569 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 056DB61F

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 82642dac2fbeb6c397b8e9f2fa6f7a3356aec7548738ea7e7f96a40844301d7a
Instruction ID: 7e171ccaeae3747666117230f56f86370bd612c77016d0d12415f22b93db2725
Opcode Fuzzy Hash: 82642dac2fbeb6c397b8e9f2fa6f7a3356aec7548738ea7e7f96a40844301d7a
Instruction Fuzzy Hash: 9741DDB4D012589FCB14CFA9D984AEEFBF1BF48314F14842AE419B7250C738A985CF64

Function 056DB570 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 056DB61F

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: ac8586ad29d55adc3a5e7e4b69bf50ef1229c5303fe0d161900c60940f018a69
Instruction ID: 2f8ba2d309348e5c3738030c95f3c1f6ca118685aebc4a1832b1aa5cfbef82bb
Opcode Fuzzy Hash: ac8586ad29d55adc3a5e7e4b69bf50ef1229c5303fe0d161900c60940f018a69
Instruction Fuzzy Hash: C831BCB4D012589FCB10CFA9D884AEEFBF1BB49314F14842AE419B7250C739A985CF64

Function 053D1B84 Relevance: 1.5, Strings: 1, Instructions: 225COMMON

Download Yara Rule

Strings

@, xrefs: 053D2042

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 222fd1be354737e6ebbc7a9b28ad1eda3d4f3cd5792ffad133166e658ff4245d
Instruction ID: 64c588c15ff39f4c682d1e3a70d3a1e5b64adc6ff534db18736016ec21fbe880
Opcode Fuzzy Hash: 222fd1be354737e6ebbc7a9b28ad1eda3d4f3cd5792ffad133166e658ff4245d
Instruction Fuzzy Hash: 6BB1AD74A49229CFDB64DF28D895BEABBB2BB49300F1081E9E50DA7344DB705E85CF50

Function 056234AA Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

4'^q, xrefs: 056236D2

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 90a44515c8e86146020bedc7843e463cf73b73e00711277d85d0b686d671ffc8
Instruction ID: 7ec38fd499aa20f81492158b971f271a5b8410436ef3c958462d7ac54fcf1353
Opcode Fuzzy Hash: 90a44515c8e86146020bedc7843e463cf73b73e00711277d85d0b686d671ffc8
Instruction Fuzzy Hash: 5FA1C634B10628DFCB08DFA4D898A9DBBB2FF89300F558559E406AB361DB34AC46CF50

Function 053DA680 Relevance: 1.5, Strings: 1, Instructions: 208COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 674a4f5f7d24ac5cc811bbe471bf7572e392468222f648ea9f4e25bc7df072eb
Instruction ID: 15db0eced5b1653c46367e3b1f625784a3d9a01c2a36fb8db908b30b1f877c7e
Opcode Fuzzy Hash: 674a4f5f7d24ac5cc811bbe471bf7572e392468222f648ea9f4e25bc7df072eb
Instruction Fuzzy Hash: 21911376A04218CFDB50CFA9E988BADFBF6FB49300F008195E409AB345DB749984CF64

Function 0563B410 Relevance: 1.4, Strings: 1, Instructions: 185COMMON

Download Yara Rule

Strings

pbq, xrefs: 0563B558

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: f5801754a0d2a8c9dd7b383b9017194df96e39f5fdbb4218e98a20f8ab89cea7
Instruction ID: b12a351a8967b017fa7c866706a368981c4fed96d84e509e03ddcb21030b0c52
Opcode Fuzzy Hash: f5801754a0d2a8c9dd7b383b9017194df96e39f5fdbb4218e98a20f8ab89cea7
Instruction Fuzzy Hash: C1618476600104AFCB499FA8C855D19BFF6FF89310B1984D9E2098F277DA36DC12DB51

Function 053DAA36 Relevance: 1.4, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 603f7b49980015473200db4220fb646b5ee22bba5b2212bc489d9a576cfad5c7
Instruction ID: 7262577e9f768ae67722ce033cb4495c0818f89a15202702b5da0309e43e58b0
Opcode Fuzzy Hash: 603f7b49980015473200db4220fb646b5ee22bba5b2212bc489d9a576cfad5c7
Instruction Fuzzy Hash: C581D275A04218CFDB50CFA8E988BADFBF5FB09304F108199E909AB345DB749985CF24

Function 053DAA2C Relevance: 1.4, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 579dfe69291eab0392bf1d748b6312ed6d57730018290de373df5da336aeb267
Instruction ID: 51f9591d8c3344c735174a87d6547aeda6496861576b798385728ea17f7ec10f
Opcode Fuzzy Hash: 579dfe69291eab0392bf1d748b6312ed6d57730018290de373df5da336aeb267
Instruction Fuzzy Hash: 6081E275A04218CFDB50CFA8E988B9DFBF6FB09304F108199E509AB345DB759985CF24

Function 053DA78C Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 082ab660621c4d5d8a6cda966baa6c08352a608ede716a85c4a2aa0bfdbb7f4a
Instruction ID: 0a4c00620366efa7372d73db89d749d275ace9f08fb5720d8119aa4b8b3edb6b
Opcode Fuzzy Hash: 082ab660621c4d5d8a6cda966baa6c08352a608ede716a85c4a2aa0bfdbb7f4a
Instruction Fuzzy Hash: EF81D176A04218CFDB50CFA8E988B9DFBF6FB49304F008195E509AB345DB759985CF24

Function 053DACC2 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 1276ee7067448d2e975b943be151da798ae8184e73e70e14ebeb4e05a9c42eb1
Instruction ID: 7020f5d33b5ff8dbb2bf55d5abd1431c7fa597e88a069c28d0756b57a4caade3
Opcode Fuzzy Hash: 1276ee7067448d2e975b943be151da798ae8184e73e70e14ebeb4e05a9c42eb1
Instruction Fuzzy Hash: 14810276A04218CFDB50CFA8E989BADFBF5FB09304F008195E809AB345DB749985CF25

Function 053DA8A1 Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 37507f22754643d8e6c1d857fb1ecfa345473c2ddf1f579a4e9e74132bebfd2d
Instruction ID: 7df5febf7d33928c7d6567b32fba5e8931a91dbb898528494945c57560829902
Opcode Fuzzy Hash: 37507f22754643d8e6c1d857fb1ecfa345473c2ddf1f579a4e9e74132bebfd2d
Instruction Fuzzy Hash: AB81D176A04218CFDB50CF98E989BADFBF6FB09304F108195E409AB345DB75A985CF24

Function 053DAAA8 Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 9f6810fc0c601a17da37c0865c5c3390f9e4f28b73e3b5b069c54c8e4f8bef11
Instruction ID: 95b59a5c473d8c2fd9f94cdfe66755d48a1d50fe91f0d7220a20d0c0078bb3c1
Opcode Fuzzy Hash: 9f6810fc0c601a17da37c0865c5c3390f9e4f28b73e3b5b069c54c8e4f8bef11
Instruction Fuzzy Hash: 7481DF76A04218CFDB50CF98E988BADFBF6FB09304F109195E409AB345DB75A985CF24

Function 053DA839 Relevance: 1.4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 56d467491feba4655e5b16fe927a032b4623544f2d98d107764ae53713e6602d
Instruction ID: 3b14e64613b62fac4734100266f76d91b75d6ed61e458cec52e1ced8f8425104
Opcode Fuzzy Hash: 56d467491feba4655e5b16fe927a032b4623544f2d98d107764ae53713e6602d
Instruction Fuzzy Hash: 2481D176A04218CFDB50CF98E989BADFBF6FB09304F108195E509AB345DB759A84CF24

Function 053DA9F4 Relevance: 1.4, Strings: 1, Instructions: 165COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: ce6be112b0d04e71d14d3406d4ecfa7ef8feb5589c0e90b77d64384f9c0553de
Instruction ID: 02731229adda07207516688b9e8efae4f546e16c1c36a05dd696e5fddf33de10
Opcode Fuzzy Hash: ce6be112b0d04e71d14d3406d4ecfa7ef8feb5589c0e90b77d64384f9c0553de
Instruction Fuzzy Hash: 5E81CF76A04218CFDB50CF98E989BADFBF6FB49304F108195E409AB345DB759A84CF24

Function 053DA72F Relevance: 1.4, Strings: 1, Instructions: 164COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8281c53651856db1e878ddfd9699ca37ad29ff6ecc2c1b2a0617c241f117bce6
Instruction ID: eb7635cd3c9f872e3b8f45c7c20d588ef07d696af8ccc6005897df594ab184ed
Opcode Fuzzy Hash: 8281c53651856db1e878ddfd9699ca37ad29ff6ecc2c1b2a0617c241f117bce6
Instruction Fuzzy Hash: 9371E275A04218CFDB50CF98E988BADFBF6FB09304F108195E809AB345DB749A84CF64

Function 010AD908 Relevance: 1.4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

TJcq, xrefs: 010AD9EA

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID: TJcq
API String ID: 0-1911830065
Opcode ID: cc162fc4224454fef7ee65c5ab070a60eae63b4d0dcacd2cb2700f4cea3a247a
Instruction ID: 30702f3b3f7f4db92fa96953f58e0d72d13a2366bd83cc82925ad17274cf8410
Opcode Fuzzy Hash: cc162fc4224454fef7ee65c5ab070a60eae63b4d0dcacd2cb2700f4cea3a247a
Instruction Fuzzy Hash: 3E6129B4E002099FCB44EFE8D49969EBBB6FB89300F108069E519A7359DF745E45CF90

Function 053DA90B Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8f7d6c9b5a616732ecc8e13939bd9de350187cce8ef1b84897b6198be9b1b522
Instruction ID: edbfb8a972f304ffba6758722f32b908de675113cfc9e8ca9a7930b5a6bee740
Opcode Fuzzy Hash: 8f7d6c9b5a616732ecc8e13939bd9de350187cce8ef1b84897b6198be9b1b522
Instruction Fuzzy Hash: 2F71F276A04218CFDB50CF98E988BADFBF5FB09304F108195E409AB345DB75A984CF24

Function 053DA905 Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 57bbb981dc944576e18124ef2ad4c275aa2fa32b23a5e655a69bb26ae2a3c5d9
Instruction ID: 10dca6280d0f0a1f1272c6874568c34985a74eb197a44128598314b9a475175a
Opcode Fuzzy Hash: 57bbb981dc944576e18124ef2ad4c275aa2fa32b23a5e655a69bb26ae2a3c5d9
Instruction Fuzzy Hash: 7671E276A04218CFDB50CF98E989BADFBF6FB09304F108195E509AB345DB759984CF24

Function 053DA9CE Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: c1dd72ea79e1c69748144360759fd868b6d84b5f70a6e8ccf643824ed9d42464
Instruction ID: 49e00bfec8b4180bee33e0e392c844dc5a932bfcbdf4115ee6441df980b39320
Opcode Fuzzy Hash: c1dd72ea79e1c69748144360759fd868b6d84b5f70a6e8ccf643824ed9d42464
Instruction Fuzzy Hash: A071F276A04218CFDB50CF98E988BADFBF6FB09304F108195E409AB345DB75A984CF24

Function 010AD918 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

TJcq, xrefs: 010AD9EA

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID: TJcq
API String ID: 0-1911830065
Opcode ID: e3f43c1113b6a40f788dfa0b9395540c43bbaac9e2ac7abebf755164f86758c9
Instruction ID: 614143d99f8a3b23b2e32369e3236cd80828897b156c0688096c2caad536447f
Opcode Fuzzy Hash: e3f43c1113b6a40f788dfa0b9395540c43bbaac9e2ac7abebf755164f86758c9
Instruction Fuzzy Hash: 3F611874E002099FCB44EFE8D499AAEBBB6FB89300F108069E609A7359DF745D45CF90

Function 053DA6FF Relevance: 1.4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

Strings

, xrefs: 053DA9E2

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 5b3446a9d14e3fb476f0ec57cd11b1109e7b0cef97e42ad5d11dc066eba6908a
Instruction ID: 30cd512135d9b43fbce1c9955b0ac754d379da2980652650a6c621409dd7537f
Opcode Fuzzy Hash: 5b3446a9d14e3fb476f0ec57cd11b1109e7b0cef97e42ad5d11dc066eba6908a
Instruction Fuzzy Hash: DD71E276A04218CFDB50CF98E988BADFBF5FB09304F108195E809AB345DB759985CF24

Function 0563B498 Relevance: 1.4, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

pbq, xrefs: 0563B558

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: 0e91cb85cfcd9f5175481b9ac42983780b1aec01c69d153e8fbe1bb624aaad23
Instruction ID: 0cf0a3238f489c6a859a542a5ccd7c2e2abdc1f200184b9085cce19ed9174931
Opcode Fuzzy Hash: 0e91cb85cfcd9f5175481b9ac42983780b1aec01c69d153e8fbe1bb624aaad23
Instruction Fuzzy Hash: A5513F76600100AFCB459FA8C855D19BBF7FF8D31471A80D9E2098B276DA32DC22EB51

Function 0563C468 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

(bq, xrefs: 0563C4DC

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: f34a12ab77ae7071084ee58ea6a05f755b2005bd408a696986123f2db99aaa06
Instruction ID: 73543497bcf4c134c79ef769b7e242fb6443bd7ab7443affee84186ff314fac1
Opcode Fuzzy Hash: f34a12ab77ae7071084ee58ea6a05f755b2005bd408a696986123f2db99aaa06
Instruction Fuzzy Hash: 7751C235A006168FDB14CF58C485AAAFBB1FF85320F15865AE915AB741D734FC51CBD0

Function 056281B8 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

(bq, xrefs: 056282E4

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 659891ac1ea2bef75f0cf82e8eb6f1ccfc3a05db93d3c5095493a0097db5103e
Instruction ID: 977f05e474e3bf577b1b4ca10c895927c59914156bf89fedf0a474ceef142414
Opcode Fuzzy Hash: 659891ac1ea2bef75f0cf82e8eb6f1ccfc3a05db93d3c5095493a0097db5103e
Instruction Fuzzy Hash: EE418F36704610AFCB159FA8D818E597BB6FF89310B1580A6E609DF772CA32D812DF54

Function 053D1F17 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

@, xrefs: 053D2042

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: f77e0e0f23d17a08742d1f00fbf39527efda164dc0d3a2b671b91d1126e8adcf
Instruction ID: 19ba56f9360ce38ac065d000403b2687c6aada7926a6058c9d23159c8b1aa788
Opcode Fuzzy Hash: f77e0e0f23d17a08742d1f00fbf39527efda164dc0d3a2b671b91d1126e8adcf
Instruction Fuzzy Hash: 3E710674A05269CFDB60DF28E894BAABBB2FB49310F1081E5E51DA7344DB705E80CF50

Function 053D1D4B Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

@, xrefs: 053D2042

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 5ca0b0e4157259c7b4da8278bbc1d4d827d6a745e69085032282280218efd3c0
Instruction ID: ab09edf12cd6dbe020030d9e950afcec5bfa1f22a1d11ff1cb68bc1441f8edb9
Opcode Fuzzy Hash: 5ca0b0e4157259c7b4da8278bbc1d4d827d6a745e69085032282280218efd3c0
Instruction Fuzzy Hash: 1D61A278A45229DFDB64DF28D894B9ABBB2FB49310F1091E6E409A7344DB705E81CF50

Function 05627158 Relevance: 1.4, Strings: 1, Instructions: 139COMMON

Download Yara Rule

Strings

4'^q, xrefs: 056271A2

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: dd3e995fcc28b74ff42c94e9ef0694948f0935f1f310efaefd90290d650b198a
Instruction ID: 01bbfa89d07995eb5d3363de26063f576f05104b3fe677d9391fb55ac806c793
Opcode Fuzzy Hash: dd3e995fcc28b74ff42c94e9ef0694948f0935f1f310efaefd90290d650b198a
Instruction Fuzzy Hash: 58416434B10A249FCB15AB68C898A6EB7B7EFC9700F50451DE406AB394CF74AC06CF95

Function 053D1E11 Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

@, xrefs: 053D2042

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a1863f2bbeb8ebe2f4d08e84848be99c906f9c72f3c4f670e4e6b3ebf73c55dc
Instruction ID: 8fe1562d7c678bc1a8647a0282a7c07cb65c5836e57eee20d9b2ba2eff234b98
Opcode Fuzzy Hash: a1863f2bbeb8ebe2f4d08e84848be99c906f9c72f3c4f670e4e6b3ebf73c55dc
Instruction Fuzzy Hash: 3761D474A05269DFDB60DF28D894BAABBB2FB49310F1081E9E509A7384DB745E80CF50

Function 053D1F44 Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

@, xrefs: 053D2042

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ad2465d991c2d55889d40fad27af7741b7c25f0c233cf0f0d211e123b7062449
Instruction ID: dc0649fdf88b0ac4dde63a9acd64b43294cd8f2377e68ad65f92d339f898da19
Opcode Fuzzy Hash: ad2465d991c2d55889d40fad27af7741b7c25f0c233cf0f0d211e123b7062449
Instruction Fuzzy Hash: CB51C274A45269CFDB60DF29D894BAABBB2FB49310F1081E9E41DA7344EB705E81CF50

Function 053D1E74 Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

@, xrefs: 053D2042

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a8a2cc46ea5bf29c0013a9107255530d51d5d4a0ee6bc0123213753215377d44
Instruction ID: f593256380dbafacca31c9c1fc09b5c27c7d35fd262246c978890206ffbca384
Opcode Fuzzy Hash: a8a2cc46ea5bf29c0013a9107255530d51d5d4a0ee6bc0123213753215377d44
Instruction Fuzzy Hash: 0D51C378A45229CFDB64DF28D895B9ABBB2FB49310F1081E9E50DA7384DB705E81CF50

Function 053D1EC4 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

@, xrefs: 053D2042

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: c23b7af5f51eabeb8315be5a4a0f20e6663e22871f85f894d63395599ca44540
Instruction ID: f206e75fc7bf066dde37acddb830ec9a2050712ffd002df8516057116b880431
Opcode Fuzzy Hash: c23b7af5f51eabeb8315be5a4a0f20e6663e22871f85f894d63395599ca44540
Instruction Fuzzy Hash: A051B374A45229DFDB64DF28D894BAABBB2FB49310F1081E9E509A7384DB705EC0CF50

Function 053D1DBA Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

@, xrefs: 053D2042

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 6a2fc274712c0b13bd64aba36c7fd6afceb8c2c0795a057efa9a7e8e8f13da74
Instruction ID: 3cdf106d498f4d99b5cbe1d0a738c16d1a2443c4ec85d6bc409bbb2ef67409c1
Opcode Fuzzy Hash: 6a2fc274712c0b13bd64aba36c7fd6afceb8c2c0795a057efa9a7e8e8f13da74
Instruction Fuzzy Hash: 8951B278A4522DDFDB60DF28D895B9ABBB2FB49310F1081E9E509A7384DB705E80CF50

Function 05626B61 Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05626C17

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 651b9ef597701804d2c4a86a47e359ca9ef390e29b4955152209a2232e762dbe
Instruction ID: 40fbd06bab030ee816bf9196c88ca5570efc5ff03b65a37edd2c2c2de5142897
Opcode Fuzzy Hash: 651b9ef597701804d2c4a86a47e359ca9ef390e29b4955152209a2232e762dbe
Instruction Fuzzy Hash: 27314D717006209FD718DB29C899F6A77EAEFC8711F114468E60A8B3A1DF71EC42CB90

Function 010A251A Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

, xrefs: 010A26A2

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 1ca69507a18f9683a4e8845657644f67c692f289f2656c99f3a1e6a42a03ddbb
Instruction ID: ff6013e4cff47d459f91d7f7e9e2479c261f62499bebde9db84891c92d88f9a0
Opcode Fuzzy Hash: 1ca69507a18f9683a4e8845657644f67c692f289f2656c99f3a1e6a42a03ddbb
Instruction Fuzzy Hash: 61416670E04249DFCB05CFE8D5906ADBBF1FF48300F6489A6D496EB256E734AA45CB50

Function 05626B70 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05626C17

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: de11c953aba570922436cf12c05ff912a3f1b026002e2bb8fcb1b1f840bdf856
Instruction ID: da8a2fdbbe14c2aa6fdf8dcdf38f8e0f8c0017a8849c14c724fa4f738b188fb0
Opcode Fuzzy Hash: de11c953aba570922436cf12c05ff912a3f1b026002e2bb8fcb1b1f840bdf856
Instruction Fuzzy Hash: 27312C757006209FD718EB29C599B2A77EAEF88711F114468E60A8B3A1CF71EC42CB90

Function 0563BD50 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

(bq, xrefs: 0563BDA0

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: ac7e966f24369fed1d1c6f1eabbc3ab040baee0e43b1ae0f9c2b5c79a3800218
Instruction ID: 4df50ae72e93030d1c559761e812b15d6eb541d0b087c3e17ec2530d6e53be7a
Opcode Fuzzy Hash: ac7e966f24369fed1d1c6f1eabbc3ab040baee0e43b1ae0f9c2b5c79a3800218
Instruction Fuzzy Hash: 3F2105363042655FDB189E69D880AAE7BA6EFC9320F54403AFA09CB354CE369C12C790

Function 053FE510 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 053FE5AF

Memory Dump Source

Source File: 00000000.00000002.1714929485.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53f0000_lumma1.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c4734c1825e0bea3ed6904d3e8e9b7c34e726c7d5b3cc205e3cd9d7cb7f83e66
Instruction ID: 996e6457885c0383a0036e54e734a39e98b1566fe795b176551189a418812f75
Opcode Fuzzy Hash: c4734c1825e0bea3ed6904d3e8e9b7c34e726c7d5b3cc205e3cd9d7cb7f83e66
Instruction Fuzzy Hash: 0D31B8B8D002589FCF10CFA9D884A9EFBB5FB49310F10942AE819B7350D735A945CF94

Function 05622920 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05622969

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 0468599650ec900b2e4d96d0171f5bfdb2c99426c305719d1ba9e17ff554eb5e
Instruction ID: 136a50621d63022cf6e2975e2fb1be7ca47caa8bca6f85bedc48da5e239d7a4e
Opcode Fuzzy Hash: 0468599650ec900b2e4d96d0171f5bfdb2c99426c305719d1ba9e17ff554eb5e
Instruction Fuzzy Hash: 9C318F356002249FCF189F94C898A9D7BB2FF88311B5540A9E509AB365DF71DC56CB90

Function 0533F9F0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<^q, xrefs: 0533FA2A

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 7cd8d7a7cc585605b81d8fe77e717cc81fcb1821ce6940f65894305eaa31a1f5
Instruction ID: 21512860107600927d8a62bc162939f767489a862f04bafd19140adb0f0d7931
Opcode Fuzzy Hash: 7cd8d7a7cc585605b81d8fe77e717cc81fcb1821ce6940f65894305eaa31a1f5
Instruction Fuzzy Hash: 6E218B707042599FCB05CF2AD841AAA7BFABF89201F4580A6FC45CB361CA75DC50CF60

Function 053DCD16 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

$^q, xrefs: 053DCE1E

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: a4dce82fbb3bd75e746faf67bc1edd8e0a8b5d9878bbb31323e964a7c71369ad
Instruction ID: 929605473b5b3561a83a5969586fe6911f89b70869e1abd018028cbc9229f0d5
Opcode Fuzzy Hash: a4dce82fbb3bd75e746faf67bc1edd8e0a8b5d9878bbb31323e964a7c71369ad
Instruction Fuzzy Hash: CF213978A001198FDB64DF69DC84B9DB7B2BB88201F04C5E6D10EAB758EB705E85CF50

Function 010A0BA8 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

8bq, xrefs: 010A0C0E

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: 4024ce9842b53e5cb6b8a30d9b488e09c09ea163d531a1bfe34b6bb29eff49d3
Instruction ID: 61060e15cdbd502b8b1f49b5b0493a120345d9b180368328baba3e32af8e9696
Opcode Fuzzy Hash: 4024ce9842b53e5cb6b8a30d9b488e09c09ea163d531a1bfe34b6bb29eff49d3
Instruction Fuzzy Hash: DD01867490420EEFCB01AFA8E540AAC7BF5FF48309F4084A5E4569B358DB709D41CF91

Function 05332890 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

,, xrefs: 053328A4

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: b4d879d44c619e05115235c819d570c0dc16c318f15598f0a58dde8ae3768b76
Instruction ID: f100882c7b4763379b5ac2a90926090aea28025619e51e2c704fcfd6b34528e2
Opcode Fuzzy Hash: b4d879d44c619e05115235c819d570c0dc16c318f15598f0a58dde8ae3768b76
Instruction Fuzzy Hash: BF01FB38D16228CFEF61CF64D849BADBBB2BF05304F5011E9E40967250CB744A81CF11

Function 053D8BD5 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

4, xrefs: 053D8C32

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: b442fe51b8f9cc65174b2e2ce766ce600bbc61ec028e629df5849e9a5cec75bf
Instruction ID: dbec57a097a9f45845d0163abb814f0454b5ce4a3d6a4ec2cf955df1cc6a48f5
Opcode Fuzzy Hash: b442fe51b8f9cc65174b2e2ce766ce600bbc61ec028e629df5849e9a5cec75bf
Instruction Fuzzy Hash: 8E018C74A11228DFDB90CF28E985B9DBBB5BB05304F108195A80DEB241DB30AE85CF20

Function 053D0AA6 Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

7, xrefs: 053D1005

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: 6444efd7a4a1c53f9546b73df2109123e1431a07e672abb1bed94d74dda4f0a0
Instruction ID: 1a4c2cad53251b00334a54b34eb8e5c5b8618a710de94ec607a703b722f06954
Opcode Fuzzy Hash: 6444efd7a4a1c53f9546b73df2109123e1431a07e672abb1bed94d74dda4f0a0
Instruction Fuzzy Hash: 55F0FF75A153498BDB50DF58C585BAEBBB6EF49304F208064D10CAB745DB34AE81CB61

Function 05638722 Relevance: 1.3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05638751

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: e7b24e00635eaf7c923476749588c72f992f58a819f576e4e1b36912ad7657f7
Instruction ID: 7e70d8878910649aec8053908eaa631957bb03ead8d42e0016e1e637c9f273a0
Opcode Fuzzy Hash: e7b24e00635eaf7c923476749588c72f992f58a819f576e4e1b36912ad7657f7
Instruction Fuzzy Hash: A2F0D4B4A01119CBEB54DF25D895B99BBB2AB45300F108296D90DA7344CA305E868F94

Function 053D954E Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

&, xrefs: 053D957F

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: &
API String ID: 0-1010288
Opcode ID: a93423771789b53888f7834b6d5e7dc6316eb37f7c594b59f48b3bbafff4ff7e
Instruction ID: c09ba6b0ab8c20ebd1e8338051259ffea0bcd675359754a06fcf6eaa5643562f
Opcode Fuzzy Hash: a93423771789b53888f7834b6d5e7dc6316eb37f7c594b59f48b3bbafff4ff7e
Instruction Fuzzy Hash: B3E017B6905219DFE760CF60EC98A99BBB6FF1B304F0452C8E41AAB256CB754C46CF10

Function 053D1A48 Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

$, xrefs: 053D2897

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 5d60a4e25a9ae9fad5bcb2581e8190947131a0ff5d4425c8285abb8e92205412
Instruction ID: 09162bc197776d64e4b92f0cc37ebcdb0ad002b3adf6e3c1fa189a2bc155e3f1
Opcode Fuzzy Hash: 5d60a4e25a9ae9fad5bcb2581e8190947131a0ff5d4425c8285abb8e92205412
Instruction Fuzzy Hash: B5E0EC74E442498FDB10DFA4D58879DFFF9EB4A700F104069A90D9B344DA745946CF91

Function 010A09DA Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

tocq, xrefs: 010A0AE0

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID: tocq
API String ID: 0-4013956356
Opcode ID: b73cb9ba707571198ff37881fb2337dbc57206ff065fb22121df3f50019bc33c
Instruction ID: c4d6d90627daf8fdef0c842ccc4ab8a4de401abadd21ff85cf56baedc6b132b1
Opcode Fuzzy Hash: b73cb9ba707571198ff37881fb2337dbc57206ff065fb22121df3f50019bc33c
Instruction Fuzzy Hash: 90C04C11B045195B466866BD406123E04C327C4A903E6455894C7DB388DE145D0683B6

Function 056273A8 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a58996a41202004e45fdee60dc0eb12f21b967191368ede2d95e2e5ee516647
Instruction ID: 57f4b52c3db550f66027d42e4476d68c6b28444c5000b2b858e04fcfa58d9387
Opcode Fuzzy Hash: 0a58996a41202004e45fdee60dc0eb12f21b967191368ede2d95e2e5ee516647
Instruction Fuzzy Hash: CB12B434B106298FCB14EF64C894A9DBBB2FF89300F5185A9D44AAB795DF30AD85CF50

Function 0533568A Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 127d0507eedbbb78e29ee6ba8e125ebfa055d30018ba6407f7497c1916a3e0be
Instruction ID: 845996e1f10c86701009af3b50553f05c69549619c14362f04adb2d96e4eddf6
Opcode Fuzzy Hash: 127d0507eedbbb78e29ee6ba8e125ebfa055d30018ba6407f7497c1916a3e0be
Instruction Fuzzy Hash: 9AB15774E0524DDFCB01DFA9D09AAAEBBF6FB49305F104029E40AAB384DB745A85CF50

Function 053DF928 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0370fa629a073ff781ad69a1546b0d5d6f9f356425a55396849d124ca0ebb130
Instruction ID: 74d29c63ee5e2ff7ae4868bd864aa5d4282c4bcb545a9fd09813d2ebd1a14cad
Opcode Fuzzy Hash: 0370fa629a073ff781ad69a1546b0d5d6f9f356425a55396849d124ca0ebb130
Instruction Fuzzy Hash: E8A13A76A00218CFCB14DF68D494A9DBBF5FF88310B1585A9E816DB361DB70ED42CBA0

Function 053DD91B Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7439003661f925a89f1978cbb483d7db76cad8ed5524be68085749babaa659ce
Instruction ID: d4eb361a9c225a421b440b2721b52ec072218eed2ef5b3dc13cbc52f105255bd
Opcode Fuzzy Hash: 7439003661f925a89f1978cbb483d7db76cad8ed5524be68085749babaa659ce
Instruction Fuzzy Hash: 4CA16E31E1052A8FCF15DFA5E445AEEFBB1FF48300F148955E812A7284EB789A45CFA4

Function 05628350 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 156cb3ae3bb6f2854a35bff1969fba3478b2775a7cd511eb01f610b13ed06982
Instruction ID: 79061933488428cb635d5fe0fa4c2c7d60918965c4b724fabc4495e36b70bd59
Opcode Fuzzy Hash: 156cb3ae3bb6f2854a35bff1969fba3478b2775a7cd511eb01f610b13ed06982
Instruction Fuzzy Hash: BA8119347106249FCB58DF68D898A6DB7B6FF88710F548169E506AB3A1CB34EC42CF90

Function 0563CBD8 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd80dcdbfc15df3420a629fd9f6d937f5d367877b0e491c464bdd45992a41073
Instruction ID: 87113864a432524922cee2bdd9b5fe5c989485dd8b27a5a7ed3e488eebca5472
Opcode Fuzzy Hash: dd80dcdbfc15df3420a629fd9f6d937f5d367877b0e491c464bdd45992a41073
Instruction Fuzzy Hash: 3A813835B012148FDB18DF65E55AAEDBBB2FF88311F544069F812AB390CB359D41CB50

Function 010A297C Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ca01543c4b1d6b07d2702e46309bb5dfd1e3fc93aba77b4792ec5a28d2c5ac9
Instruction ID: 2fd815f7edbe35e8edc2900c4179d374ef985723a1c7b2da7ba602e7d6dda9bb
Opcode Fuzzy Hash: 8ca01543c4b1d6b07d2702e46309bb5dfd1e3fc93aba77b4792ec5a28d2c5ac9
Instruction Fuzzy Hash: 5071CF71A142458FDB15CFACC9A05ECFBF2FB49300B5986BAD49AEB242C634ED45CB50

Function 053D7C77 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a3755af335f0a0c924fe5c699dc605a9796d4c3fca131ce107d3d5b843b9788
Instruction ID: a5c70b8b8276de1a05314d8e43c9129e136a4ab237ca6ffe0ed6684acaee416a
Opcode Fuzzy Hash: 8a3755af335f0a0c924fe5c699dc605a9796d4c3fca131ce107d3d5b843b9788
Instruction Fuzzy Hash: B26115FB8042484BCB128F64FDD37A8FBB1EB2525479E6497D468C7382E220D5528777

Function 010A2238 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01d2e9c642265c19ddbc37c48470738fba16252b1484e935e12cb21eab058b69
Instruction ID: 61bcee065d7c617d5498487c7d034e6917770b2e36e170b9d81595ce4dde6009
Opcode Fuzzy Hash: 01d2e9c642265c19ddbc37c48470738fba16252b1484e935e12cb21eab058b69
Instruction Fuzzy Hash: 63614E70204B028FD725DFA9C49066AB7F2AF94310B94CA7DD4DA87B56DB74F8468B40

Function 05628340 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17c66a289552324d2ead9bf235473e32c6aeb0dfaca0cae5f3feb5deba139187
Instruction ID: 10401d9217bf6b64d66ad8f9c0861731ede902c1ce76d91602cc2673ef208a65
Opcode Fuzzy Hash: 17c66a289552324d2ead9bf235473e32c6aeb0dfaca0cae5f3feb5deba139187
Instruction Fuzzy Hash: 99612A34B106249FCB14DF68D898AADB7B6FF88710F548569E506AB361CB34EC41CF90

Function 05636FD8 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b3a9ede0c74f110d6b2c559800657b14384f7780dd053989a18867ed28930f3
Instruction ID: 9dc83bc1e3c18231668c7154e091c786879eec012d7d5780e9eb00999025952f
Opcode Fuzzy Hash: 1b3a9ede0c74f110d6b2c559800657b14384f7780dd053989a18867ed28930f3
Instruction Fuzzy Hash: 3B71F874E00619CFDB14DFA9D899A9EBBB2FB89304F208069E509AB348DF745E45CF50

Function 05636FC8 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f213e24ba4ae09e6457591a090643ae4457f10aa1ecef889750cc15994f4f70
Instruction ID: d7ad9c88abb81746bee1da06975edce2090aed9fbdff32ef993c271ccaaceb1f
Opcode Fuzzy Hash: 8f213e24ba4ae09e6457591a090643ae4457f10aa1ecef889750cc15994f4f70
Instruction Fuzzy Hash: 0E610B74E00609CFDB54DFA9D89969DBBB2FB89304F208069E509AB348DF745E46CF50

Function 057F9D98 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00ddd062e63857776411e2891cc689a12223bc39bf14cfa2bbb09246d27a2315
Instruction ID: 72962406ba1ef14c8927ea56cc5a86e9390dc4ef775cccc44ac4ca1f69f2faa9
Opcode Fuzzy Hash: 00ddd062e63857776411e2891cc689a12223bc39bf14cfa2bbb09246d27a2315
Instruction Fuzzy Hash: 8C51C2B4E04219DFCB08EFA9D884BEEBBB6BB88314F10902AD615A7344DB741945DF91

Function 053D4358 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6526943a67f55a92de247b4e84ecab634cfd024223053bb132ce26534a69d036
Instruction ID: 373d659771a32771d17cd61bbfd6d559bd171bee6a04037e3c8bdd56191e1548
Opcode Fuzzy Hash: 6526943a67f55a92de247b4e84ecab634cfd024223053bb132ce26534a69d036
Instruction Fuzzy Hash: 5E512675E05209DBDF04CFA9E485BAEFBF6BB89300F108029E905A7340D7B459948BA0

Function 010A1A40 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d564407314ef94f5fb557bb76485493c7e4fd46f660b3009df422d9deddf75f
Instruction ID: 128d8aa23694a996ba056b13287e696d22b605e6f0e7e9a032e13eed015b9e79
Opcode Fuzzy Hash: 5d564407314ef94f5fb557bb76485493c7e4fd46f660b3009df422d9deddf75f
Instruction Fuzzy Hash: B941F23161C611DFC7148FD9D4A097EBBE5FBA0260F88C66AE5DB8B600E730E9448B91

Function 057FF9C0 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ab111987d57923d15e8fe40cbdf3e2a3ca66d315fc74658c2bd395294351772
Instruction ID: ba496977a42e2be08f14236af7c494175d81a751751177985cf6e340d91295d0
Opcode Fuzzy Hash: 7ab111987d57923d15e8fe40cbdf3e2a3ca66d315fc74658c2bd395294351772
Instruction Fuzzy Hash: 065149B4E01209DFDB04EFA8E884BEDBBB2FB89304F108169E51AA7358DB745945CF54

Function 053D4347 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 031f70f30a7da56aaa89b4153c3b7ce4d1535b0162b3aeb6f73ae5e0fafda3de
Instruction ID: 0d688115a60c180fc3c2bac9c6f06159aa7ffc7ffa387a2e74c7866246687e91
Opcode Fuzzy Hash: 031f70f30a7da56aaa89b4153c3b7ce4d1535b0162b3aeb6f73ae5e0fafda3de
Instruction Fuzzy Hash: 27512675E04209DBDF04CFA9E485BEEFBF6BB89300F108029E905A7340DBB459958FA0

Function 05623088 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 963cb043e18cb665a8e3fd1d8991d5215b6440ead74d23d0d818aa357d3b1684
Instruction ID: 83eff192d916d84a28b366b8865bf7262b92138cccbb354f617ab611b0b47ff1
Opcode Fuzzy Hash: 963cb043e18cb665a8e3fd1d8991d5215b6440ead74d23d0d818aa357d3b1684
Instruction Fuzzy Hash: 40517C34B106199FCB18AF64E858AAEBBB6FFC8701F108519F50297364DF349946CB91

Function 010A1A4A Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 212117b83332441c57cd55426c9ccaeec3d290e667e3fd7ebc669b7517f11453
Instruction ID: 699e71a4ee7dfa45ad317811b8e6bee69ca66957bd4b9bf4b8cd315b86133244
Opcode Fuzzy Hash: 212117b83332441c57cd55426c9ccaeec3d290e667e3fd7ebc669b7517f11453
Instruction Fuzzy Hash: 2D41CC70608216EFDB05CFC4D0A4AADBBF1FB14320FC8829BD4D69A511C3319985CB92

Function 0562B7BF Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6456a3dca50f16e505b99a7325e6b51f44c84484fc5092f6a70cc639de5ac73
Instruction ID: 85284f7a60cd994f35c23e5dc23c95a7d0196eb3ac489066755600e212863e3a
Opcode Fuzzy Hash: f6456a3dca50f16e505b99a7325e6b51f44c84484fc5092f6a70cc639de5ac73
Instruction Fuzzy Hash: 8D410431B00624AFCB24DF68C845B9EBBB6EF85710F108429F50AD7790DB34A905CB90

Function 0562B678 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3de685a71e0b2a3bff9f41fe908b28431ae19151db1176fd89ce4cd3cfaed42a
Instruction ID: a4cd9fa36ddcedd473efc778bcaa6882395fdfde477a8e245a2693bf0d51ea28
Opcode Fuzzy Hash: 3de685a71e0b2a3bff9f41fe908b28431ae19151db1176fd89ce4cd3cfaed42a
Instruction Fuzzy Hash: 26415875A00B549FCB25CF69C948A6ABBF2FF88300F18895DE48697A61DB30E904CF51

Function 05637D40 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96162a78cadacff5ef17d1c8b61f8442512c76288f452486c896073319b165a0
Instruction ID: f74a352733213f0080ac339d68aff434ad9f17e20e77e2d3f30e5fa91bd66e34
Opcode Fuzzy Hash: 96162a78cadacff5ef17d1c8b61f8442512c76288f452486c896073319b165a0
Instruction Fuzzy Hash: 4F4112B5E052099FCB04CFA9D845AEDBBF2FB8A300F20806AD419B7354D7715A46CB61

Function 05625C70 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9c8e28bb8bcad46ce18800ea9bd01baeb93dd26fc44108b6c63060d22068ee0
Instruction ID: 3e0bb8031c1fb12ac0cb6d8e09be441829a695e65a0c06ffb69657fa51ab164b
Opcode Fuzzy Hash: d9c8e28bb8bcad46ce18800ea9bd01baeb93dd26fc44108b6c63060d22068ee0
Instruction Fuzzy Hash: 86310436600514AFCB18DF58D888EA9BBB2FF48320B1644A8E50A9F372C731EC51CF40

Function 053D3D40 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cdcd562552074c0a02eb8eef36904fb8332922c3dad0d637bf64645c050b58f
Instruction ID: 3721e0271cd59b0f6011ba25b216443ba14c8313b3222523bdae284eddd7ff2d
Opcode Fuzzy Hash: 9cdcd562552074c0a02eb8eef36904fb8332922c3dad0d637bf64645c050b58f
Instruction Fuzzy Hash: 35411671E052099FDB08DF99D844BEEFBF6FB88300F108429E405A7254DB745944CF62

Function 05625C10 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 886c26b327d96ca720c3d04768b494a687f670d5f8a0001d2450b7babe6c2cb1
Instruction ID: ae7ec78c63e357b962aa685cccfb135fb3f45a248a8394f23fd862168612b044
Opcode Fuzzy Hash: 886c26b327d96ca720c3d04768b494a687f670d5f8a0001d2450b7babe6c2cb1
Instruction Fuzzy Hash: FA3158366016149FCB19DFA4E988EA9BBB2FF48321B0544A9E50A9B372D731EC11CB40

Function 0563D088 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1846f930e249ba10f4e99cd6b049af58a9ed71bc2d8b14107a96c615cb07facf
Instruction ID: afb771589f12296e35d75375ea6c178c19c21152992b7f4533df1269e826a0d0
Opcode Fuzzy Hash: 1846f930e249ba10f4e99cd6b049af58a9ed71bc2d8b14107a96c615cb07facf
Instruction Fuzzy Hash: D7419E71A002168FDB14DFA5C846ABFBBB2FF88780F00856AD816D7360E734D945CBA1

Function 010A44B8 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5a1311c1c45025af019e68999575388612e78f795bdf9e8d28bf889a10d13f4
Instruction ID: b1febb6c04ccc121bb4952310c34d1445e99dc6d5e0a75c787db503c5792ce14
Opcode Fuzzy Hash: a5a1311c1c45025af019e68999575388612e78f795bdf9e8d28bf889a10d13f4
Instruction Fuzzy Hash: 1D417EB8D00205CFEB00DFA9C4487ADBBF1EB86305F5480A5D299E7695DBB84988CF51

Function 05628657 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec42a01222402fb523c1ab8fd713afd731da94aae870a5245b69bce7d106e80d
Instruction ID: a331a93828bfcddfdb4ec3b3b838091ae5488453edc0e6cbef5e388c663ec0f1
Opcode Fuzzy Hash: ec42a01222402fb523c1ab8fd713afd731da94aae870a5245b69bce7d106e80d
Instruction Fuzzy Hash: E031FD35A006299BDB14DF64D899BEEB7B6FF88311F108029D806B7360DB35AD05CFA4

Function 010A8550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ae0b0bb50969367f357979a661270cebbf6096cd0e0e29fa391f359592ec8ba
Instruction ID: 6e3957c1baf25ff27b23a3de346f5b4fbedf8a02d149b00db46adff0903dda9b
Opcode Fuzzy Hash: 9ae0b0bb50969367f357979a661270cebbf6096cd0e0e29fa391f359592ec8ba
Instruction Fuzzy Hash: AA3145B4D00209CFEB44DFE8D9487EEBBF0FB48306F5494AAD549A3251EB744A84CB91

Function 05637D50 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62b283fc89b1237e847f3727f211f9f25280a4b16b4177cf4f70153f7f9a185f
Instruction ID: 1bb5c9db5f7a50ac5e42027d541d932899de0f99864acfebf6a149d21a58e2ac
Opcode Fuzzy Hash: 62b283fc89b1237e847f3727f211f9f25280a4b16b4177cf4f70153f7f9a185f
Instruction Fuzzy Hash: 573102B5E052099BDB08DFA9D845BEEBBF6FB89300F208029E419B7254D7701A45CFA1

Function 0563DA41 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6b1385b7363d00b7d2a7231a7b13783b2e83745053e3e3219bfdbbbb36cb10f
Instruction ID: 25a64d6d418912a9a59eb2126b52451041f112519312742e83356e8b76691e0c
Opcode Fuzzy Hash: b6b1385b7363d00b7d2a7231a7b13783b2e83745053e3e3219bfdbbbb36cb10f
Instruction Fuzzy Hash: 2B41D674A112288FEB24DF24C992FA9B7B1FF48750F1141D9E905AB391DA31ED81CF54

Function 056392C8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d96963acbda423b7a417fb9a73885c0d714c415e6c2738bfff71b458022fff4
Instruction ID: efc14fde80e17f054f86a4d9b0f2c7f95112efcc511d3d5d85806f71986454a5
Opcode Fuzzy Hash: 5d96963acbda423b7a417fb9a73885c0d714c415e6c2738bfff71b458022fff4
Instruction Fuzzy Hash: 2C313AB4E0450ADFEB04DF9AC8856EEBBF2FB89310F108065D509A7398EB745A46CF50

Function 05638E48 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffeb0c63023d6ac6d1fc2d56ddd3498e11af6745c9504ac3403e72a9f7432ee1
Instruction ID: fcc6200af8ed50d1813877e7acb35624aa4748d5ef02377ab4e363b86986eac0
Opcode Fuzzy Hash: ffeb0c63023d6ac6d1fc2d56ddd3498e11af6745c9504ac3403e72a9f7432ee1
Instruction Fuzzy Hash: 9831E674A06618CFEB24DF29C885BEAB7F2BB89300F5490E9E409E3755DBB05985CF14

Function 05637F20 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 033f92cef46be81c662735b299112cc9f5aac1872088dc0902e95c52fb7c8209
Instruction ID: 352236a28f03b96d8e6da4e43a46f90916e534527bdefbc1c58ddf51df8dc953
Opcode Fuzzy Hash: 033f92cef46be81c662735b299112cc9f5aac1872088dc0902e95c52fb7c8209
Instruction Fuzzy Hash: D73126B4E042099FCB04DFA9D885BEEBBF2FB89300F14806AE415A7394D7705A46CB91

Function 010A85C8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32de5bc216e924d4b46a06a6d4f9846bf0bcc4e0db5fb7b1aa46610936036d1a
Instruction ID: 350b5144d8b2057c7e1a0bb6c82dbbf3708866d56d2262175cd56863d409b639
Opcode Fuzzy Hash: 32de5bc216e924d4b46a06a6d4f9846bf0bcc4e0db5fb7b1aa46610936036d1a
Instruction Fuzzy Hash: 3A3167B4D042098FEB45CFA9C8487EEBBF1FB8D305F14C4A6D159A3241EB744A45CB91

Function 010A44C8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22c4102a071894ce530d82d0168a0662bae94bb7087625f727066dce8271b63a
Instruction ID: 372459e792456cd31fb3f5cbfed7ee01a3b5bb9b267c80d837c755b794fd64fd
Opcode Fuzzy Hash: 22c4102a071894ce530d82d0168a0662bae94bb7087625f727066dce8271b63a
Instruction Fuzzy Hash: 83313CB8D00109DFEB00DFA9C4487AEBBF1FB85305F5480A5E259A7795DBB84A88CF51

Function 05637F30 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 432de17ccf491f4c538a79999ea106686c26938227df184cd51af81908b09579
Instruction ID: 44247ea84aa734a95cead6c2481a30dba0e4c843e7727845d9c57ac2a4933e24
Opcode Fuzzy Hash: 432de17ccf491f4c538a79999ea106686c26938227df184cd51af81908b09579
Instruction Fuzzy Hash: 923124B0E0420ADBCB04DFA9D845BEEBBF2FB88310F149169E419B7390D7705A46CB90

Function 010A3BD9 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f65164f663370d9283b1980136ac5733c1cf61a861021d3e110b2ab1495ef8e
Instruction ID: 8a39a646212d447e75cd39bb9391f30eb6c7a469b25e2c9b0869cd26cf3c2660
Opcode Fuzzy Hash: 7f65164f663370d9283b1980136ac5733c1cf61a861021d3e110b2ab1495ef8e
Instruction Fuzzy Hash: 85219EB5A08518DFC704DFEACD8496DBBF1FB4471179281AAE08BDF222D3309C418B91

Function 05623E28 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1b6f43d7e1cc78a2206124dd6ec8effd811df82f969f085f192c2d7b96fe51
Instruction ID: fc6eadfbbe82f6e071abb71436fa6d74547799786fc7627d4918ecf95743a12c
Opcode Fuzzy Hash: 1b1b6f43d7e1cc78a2206124dd6ec8effd811df82f969f085f192c2d7b96fe51
Instruction Fuzzy Hash: B821F2323056209FC7209B6AE884B66BBE5EFC0721B15887BE58EC7741CB35EC45CB51

Function 056392D8 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f595f9b737543bff2915668d517eb707107e84d779ecc2ba8a3999159f8f75c
Instruction ID: ededdabc3c85f65cc1527d68e2b3c839ac31da9f7af76b696e189b54d7d49901
Opcode Fuzzy Hash: 1f595f9b737543bff2915668d517eb707107e84d779ecc2ba8a3999159f8f75c
Instruction Fuzzy Hash: E03129B4E0450ADFEB04DF9AC8856EEBBF2FB89700F108065D519A7398EB745946CF50

Function 010A1420 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40245cd2ade6a4632030d51c726154c85c1c8e56fa2c0574c5e50eaeb5f64727
Instruction ID: fa491f4f4ea78b149a18f8b4fae25e7786690baa1df2dec71018730949945a1c
Opcode Fuzzy Hash: 40245cd2ade6a4632030d51c726154c85c1c8e56fa2c0574c5e50eaeb5f64727
Instruction Fuzzy Hash: 5A219035608206CFCB15EBECE5046EE77F1FB84312F8445AAD18AD7244EF706904CBA1

Function 05636704 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9779853bcce4e3a636cf5f67e415c672e77bfdb0e3496f0b058f3144b2b910a7
Instruction ID: 1de12c66e4ea5b8d4093a912d602204898281af6fa4938877079ddf29d0a4a3d
Opcode Fuzzy Hash: 9779853bcce4e3a636cf5f67e415c672e77bfdb0e3496f0b058f3144b2b910a7
Instruction Fuzzy Hash: 6841CF74E01218DFEB64DF68D889B99BBB2BB09304F0081E9E40DA7395DB745E89CF10

Function 05636208 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a2f3eab04caf3e119d055857edbb9b50e226ca68e82415cf70b0a52ff013386
Instruction ID: ed9760af47ca64b3f6a353d1ed34918b2c1d7511ff5a6580839531fece4700b4
Opcode Fuzzy Hash: 9a2f3eab04caf3e119d055857edbb9b50e226ca68e82415cf70b0a52ff013386
Instruction Fuzzy Hash: 0731C274E05228DFEB68CF69D845B99BBF2BB89300F0081E9D40DA7395DB705985CF10

Function 0563B168 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d8f1ed788523b27137fa77be86b72366c2c5b0d58c188ad18cd74a244398be
Instruction ID: 815e9a6ef52bc2c1d8f8eb5953715a95cfe5b37975739fa017bfed5da1c1691a
Opcode Fuzzy Hash: 46d8f1ed788523b27137fa77be86b72366c2c5b0d58c188ad18cd74a244398be
Instruction Fuzzy Hash: 7021F1717103249FD714DB64D8467EE7BB6EB84306F94846AE00ACB786CF759D06C790

Function 05629420 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffb970f9d3a85fb61b533c2574f57057a2d3d27a78d2f91d1c189755e7eab96c
Instruction ID: 1435983135818e25a927c4b0b437b6f7e72d7e43583d4183c7bfbdec68b186a1
Opcode Fuzzy Hash: ffb970f9d3a85fb61b533c2574f57057a2d3d27a78d2f91d1c189755e7eab96c
Instruction Fuzzy Hash: FB216534B10A198FCB04EF68C4549AEB7B5EF89700F504629D506A7360EF74AA46CF95

Function 05636787 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad1f15c8723acc9a02b8446758fb08691c445cc9d9d8fac6f2dd0a3b2657641b
Instruction ID: 187019dfde3a486c2ba8f6d1d72168884f29d9ae7e716cd04e1b3529d4026366
Opcode Fuzzy Hash: ad1f15c8723acc9a02b8446758fb08691c445cc9d9d8fac6f2dd0a3b2657641b
Instruction Fuzzy Hash: 4D41E274E01219EFEB64DF68D889FADBBF2BB09304F0081A9E009A7795DB705985CF00

Function 010A1566 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b76eb471d47eb44149052a9d0265ec503bc61247a1fb2747190774d45e9b712
Instruction ID: 968477e78437951a8b911194b7b7ac8b3979f7169f7f14632f9f960dbd9f8924
Opcode Fuzzy Hash: 0b76eb471d47eb44149052a9d0265ec503bc61247a1fb2747190774d45e9b712
Instruction Fuzzy Hash: DB210A35A01104DFCB45DBB8D49969DBBF2EF89720B1880A9E946EB361DB359C46CB10

Function 0562F578 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fba5c1e115908110923fd2ff97de646d700b9f3ddd718ee105e5b47b4a8ba22
Instruction ID: 3c6b0f3a3a6a7768e7cb7d25c7976faf0fb1819ac450eae03e1b27942a66aa5e
Opcode Fuzzy Hash: 8fba5c1e115908110923fd2ff97de646d700b9f3ddd718ee105e5b47b4a8ba22
Instruction Fuzzy Hash: FF2126B4D05918EBDB44DFA8D886BACBBF6FB55300F6081A9E809A3391E7705A41CB40

Function 0563F510 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9af1191d0e6f6567cd1348b3720a9a7d51fe489e53d7840746b594bb9ee43e7
Instruction ID: a67c8ad29d99d1fabb83128a0c83c03205fb1a7d9236ffb3051ce2978c9cc097
Opcode Fuzzy Hash: e9af1191d0e6f6567cd1348b3720a9a7d51fe489e53d7840746b594bb9ee43e7
Instruction Fuzzy Hash: 87217C71E00209DFDB00DFB8D885BAEBBF5AF14360F508066D51ADB290E738CA52CB91

Function 00C7D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691711916.0000000000C7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c7d000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80dd9024abab94e0cfa98c80a30005478f4a4a0af58001812684e24a1e55d7f2
Instruction ID: 21ab66da1fc27a11dcfb2081444ccd6c9f6bd02b9101127994f25e401dd93612
Opcode Fuzzy Hash: 80dd9024abab94e0cfa98c80a30005478f4a4a0af58001812684e24a1e55d7f2
Instruction Fuzzy Hash: FE21CFB5604244DFCB15DF14D9C4B26BFB5FB94324F24C569E90E0B242C336D81ACBA2

Function 05335D30 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7709ae99ef6cbf2505cd093e80316928360b301253841ebec2a9c0bcea91eaa8
Instruction ID: f7753d067cf4cbc0827f899817e0d6a931519f436fed4a1810be7b32dab675b8
Opcode Fuzzy Hash: 7709ae99ef6cbf2505cd093e80316928360b301253841ebec2a9c0bcea91eaa8
Instruction Fuzzy Hash: D621C075909208EFC711DFA8C85A7ACBFF8EB05304F5480DAE848D73A2D2348E85DB51

Function 0563BC50 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d4ba649ee54bb521f0176ea61bf427bc31b8f61cafeb1dd5cfc9be6d5e24ff6
Instruction ID: 0667cdd288ca47a35bf66dbdc47950a259b787403e3d72c1b77717025a4c1d25
Opcode Fuzzy Hash: 0d4ba649ee54bb521f0176ea61bf427bc31b8f61cafeb1dd5cfc9be6d5e24ff6
Instruction Fuzzy Hash: 9B218135A002189FCB19CF59C845ADD7FB2EF8C320F144529E915A73A0CF359842CF90

Function 0563CB9F Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f300cbff0f5575868a8f37d5a8f6c54aa3674b454231d9e2e2cb772e20089a1
Instruction ID: ee4b3a13cec501288a793af2dcf7436872fa12bb022bc0173262004cc0967da4
Opcode Fuzzy Hash: 8f300cbff0f5575868a8f37d5a8f6c54aa3674b454231d9e2e2cb772e20089a1
Instruction Fuzzy Hash: 8721D435A0A3648FD71ACB29E9518D9BBB2FF4A210B5500E6F801EB362D631DD05CB61

Function 0563B1DA Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6d6c034a97010cd60c37626f994c9e9cea75b0e58b34749a4228e25030f69ee
Instruction ID: 3a619c721b32c7407f0ae184c108985add48033a9d1d9434b893f17d1abe6cea
Opcode Fuzzy Hash: a6d6c034a97010cd60c37626f994c9e9cea75b0e58b34749a4228e25030f69ee
Instruction Fuzzy Hash: 4C21A470A102255FD728EB69D8867EE7BE6EB88306F904539E009D7645DFB09905C7A0

Function 05629410 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fcc18d05f4c1951cea128c9e4fced837113e7bd3e9cc9ef816402c31c0c0534
Instruction ID: 80f9eb2781f8a34c5587404894411e7f5033214c7a4769f5cfbfb7a6cbfd3751
Opcode Fuzzy Hash: 3fcc18d05f4c1951cea128c9e4fced837113e7bd3e9cc9ef816402c31c0c0534
Instruction Fuzzy Hash: D9218474B00A19CFCB14EF68C4849AEB7B5EF89300F50466AD505A7360EB34AA46CFA5

Function 056216C0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1e959824e548d2fa826582351da8038776dd6d255f93a73eb835a142b6d33bd
Instruction ID: 9f8ee17a5259be9d83f741d74c57672d03dcdccc9c43f0476d1dde0db9fee03c
Opcode Fuzzy Hash: e1e959824e548d2fa826582351da8038776dd6d255f93a73eb835a142b6d33bd
Instruction Fuzzy Hash: 1D21F775A002198FDB14DFA8C585ADDB7F2FF89301F2045A5E405AB361CB75AD45CFA0

Function 05338FC8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a58a03d122f4be536d8224c7c71035ef890f2faa9f6239009460964af3ae07ea
Instruction ID: 362b9ce1c5f6db5b9bb1b3ceaf5b71ecde0ef2254ff2c270ef8115f5cc4a8971
Opcode Fuzzy Hash: a58a03d122f4be536d8224c7c71035ef890f2faa9f6239009460964af3ae07ea
Instruction Fuzzy Hash: AE2107B4E0420ADFCB04DFA9C4457BEBBF6BB88300F1081A9E419A7350D7B59981CF91

Function 010A86E0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c1916c1aa972eb6848e542015061bd9e7931731de51be0df98e537a1a1f6bfb
Instruction ID: 69da6967e4e7d158146c324d05deb4e74ea12b5bca70dce73682420ccacfd094
Opcode Fuzzy Hash: 3c1916c1aa972eb6848e542015061bd9e7931731de51be0df98e537a1a1f6bfb
Instruction Fuzzy Hash: A22136B4D0420ACFEB01CFA8D9483EEBBF1FB49315F049556D059A7251EB784945CBA1

Function 053D9130 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fb0cf7a44f4cc0d0b42f7d7899f57ac476fa13b11a2cd46eab3d9aa08ab7d28
Instruction ID: 8c0d22cf5810dd11fa59d192b0404ce0b3d3c280fb483772c46ec4d2777ef25d
Opcode Fuzzy Hash: 6fb0cf7a44f4cc0d0b42f7d7899f57ac476fa13b11a2cd46eab3d9aa08ab7d28
Instruction Fuzzy Hash: 0121F7B2E046189BDB58CF6AD8447EEBBF7BFC9300F04C0A9E409A7255DB7009458F65

Function 010A18E8 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d5dd739cfb659292050562c1dc64ad20e3095967b5067259ed0bba2fdd3c08
Instruction ID: 3a1fb40b689daacd2ae95514a231a8c8fc87cc241b279b447205da37bfe258ed
Opcode Fuzzy Hash: 51d5dd739cfb659292050562c1dc64ad20e3095967b5067259ed0bba2fdd3c08
Instruction Fuzzy Hash: B911C134A08215DFD7498BE4C0256FDBBF6BF09220FD842AAD1C7AB252C6714D49C796

Function 0563657C Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42969d42c9e7876fe89a2c8ccf95d6e4b4efd1e96c7355c81c08ed72f8872beb
Instruction ID: 4c660a6e5c1016a221e54478d9a72906cc020bacf079361660efddd4cc7c797e
Opcode Fuzzy Hash: 42969d42c9e7876fe89a2c8ccf95d6e4b4efd1e96c7355c81c08ed72f8872beb
Instruction Fuzzy Hash: 9A31A274E05218DFEB64DF28D889B99BBB2BB49304F0082E9E40DA7395DB705D89CF10

Function 05636287 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1345d389bb69fa6d85d0fd96671c2acea5e618a01786364d93c3c57ca4b616d
Instruction ID: fc0b4201fbe8e8af2979648c1bd43d1ecdff4c1570e458f4220ef675a60fb00e
Opcode Fuzzy Hash: b1345d389bb69fa6d85d0fd96671c2acea5e618a01786364d93c3c57ca4b616d
Instruction Fuzzy Hash: 1731B174E01218DFEB64DF68D889B99BBB2FB49304F0082E5E40DA7395DB709989CF50

Function 00C7D005 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1691711916.0000000000C7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c7d000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 454cfa187b65b1831742cc11ba3be2b0e1e65cf93adbac85f9d22371777817d2
Instruction ID: 944bdb0a1626de8e6fafb63c1903a5899dbb8a117b7061535f2316555edb6850
Opcode Fuzzy Hash: 454cfa187b65b1831742cc11ba3be2b0e1e65cf93adbac85f9d22371777817d2
Instruction Fuzzy Hash: 4F21A1755093C08FCB02CF20D994715BF71EF46314F29C1EAD8498B653C33A990ACB62

Function 010A18F8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82b8e5326f324c96a7c5855cbb874bca901eacb1359d0771d8a37d17842a803e
Instruction ID: e3bc89a67a7b0ef0413e6929f08334ec5ba49662ac9c6e993843f8c13f4d83e1
Opcode Fuzzy Hash: 82b8e5326f324c96a7c5855cbb874bca901eacb1359d0771d8a37d17842a803e
Instruction Fuzzy Hash: CA11E734608204EFD7048ED5C454ABEBAF6AF49710FD4416AD0C3AB360CB719C04CB92

Function 053D7EC7 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6069f5221b0a2f0feaf4411e03f7e79109556fd7fef47e82555c1ec562c2c016
Instruction ID: 10a16da3520bfb3b0e939b4f1bb537ef7d6a761f931e59b276ff5fd7c4cfeea5
Opcode Fuzzy Hash: 6069f5221b0a2f0feaf4411e03f7e79109556fd7fef47e82555c1ec562c2c016
Instruction Fuzzy Hash: 45216A74A0411A8BCB04DFA8D4556EEFBF6EB88305F108169E509A7354DF305D06CFA1

Function 010AE0C8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97aadc667d9ee418c0dca94bb445acb87a7c0c2d7df823ed65d71f365cc1d1a6
Instruction ID: ce8275be5835f270f02b59b676d22b7b04ff906a61559197a6f8d735e8cc60f4
Opcode Fuzzy Hash: 97aadc667d9ee418c0dca94bb445acb87a7c0c2d7df823ed65d71f365cc1d1a6
Instruction Fuzzy Hash: A0211AB4E006198BDB58CFAAC8406EEBBF2BF89300F44C07AD958A7354EB7019458F40

Function 05636543 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a819cf730bf856b4e9841dbe0c91e22fe33477ad0bbdd0a0da422aa33291de79
Instruction ID: 43b32e34cafd7d51f8c15847148fe34b988c4a8eaaf9bfcee413ce91d8cf1d28
Opcode Fuzzy Hash: a819cf730bf856b4e9841dbe0c91e22fe33477ad0bbdd0a0da422aa33291de79
Instruction Fuzzy Hash: 3B31E374D05258DFEB64DF28D889B99BBF2BB09304F0082E9E41DA7392DB705989CF51

Function 010A9D92 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aedeac2b7eb3f97d2c6f0235243d07445a5068f9e94fdbca1b9429a89ef94977
Instruction ID: ce5083f8a5308cc3c96b241a16988bc9beed38e5640b1c376f255d9a2a3a7eb8
Opcode Fuzzy Hash: aedeac2b7eb3f97d2c6f0235243d07445a5068f9e94fdbca1b9429a89ef94977
Instruction Fuzzy Hash: 6B212671E0420ACFDB14DFE9D8447EEBBF6FB88314F14802AD518A7250D7744A85CBA0

Function 010AEE40 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f1a6a351bdb0efe82db0d0b08414a7ca0af4df66c6d23e1734bae25494f406f
Instruction ID: fcaea8b80a2c3979c3de1f42fd995c2f020c226dea06885fb9a8a6a72f9f67bc
Opcode Fuzzy Hash: 5f1a6a351bdb0efe82db0d0b08414a7ca0af4df66c6d23e1734bae25494f406f
Instruction Fuzzy Hash: FA116AB0E04209DFDB04EFA9D8582AEBFF5EF89304F50C4A6D149E7215EB748A80CB40

Function 0563C601 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5701da863402afacddd32ef8ea522f65743b4a8a28fee27f1b47041ab1c6f85d
Instruction ID: 8a00ec1b4cbd43f676fa171f99889a6a663102b114f71a0fa8590b1429c214d5
Opcode Fuzzy Hash: 5701da863402afacddd32ef8ea522f65743b4a8a28fee27f1b47041ab1c6f85d
Instruction Fuzzy Hash: 0E119075B002249FDB259F688846BFA7BF2AF88711F14402AF805EB380DB30C942CB60

Function 010A9DA0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa94a50f94af82b24160221d34302797912e0495e0f6261efce1f3401abdaeaf
Instruction ID: 4a3e477807c080dc48e1eb2722504e0cfe3e9b2642a085b2ab746182e32bbe26
Opcode Fuzzy Hash: fa94a50f94af82b24160221d34302797912e0495e0f6261efce1f3401abdaeaf
Instruction Fuzzy Hash: 2811F375E04219CFDB04EFA9D8456EEBBF6FB88314F50802AD509A3250D7751985CBA0

Function 053D7ED8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba9223f4a8a25fe878e78b97a04f2ae13e4d67da1807f720d0b7c905d2eb1e44
Instruction ID: b5922b229821e81feef23d8fa0989d0b4176a2f20790995c4777db852082c994
Opcode Fuzzy Hash: ba9223f4a8a25fe878e78b97a04f2ae13e4d67da1807f720d0b7c905d2eb1e44
Instruction Fuzzy Hash: 79213874A0021A8BCF44DFA8D855AAEFBF6EF88301F108169E509A7344DF305E058BA1

Function 056363AD Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed5e6679c9c27e11095276547c69393697462426ce2de800c360f346919bf204
Instruction ID: 003107221f6bac03500363f40a321f783cb03e66603811451d74798bdc4f24f4
Opcode Fuzzy Hash: ed5e6679c9c27e11095276547c69393697462426ce2de800c360f346919bf204
Instruction Fuzzy Hash: E9317F74D05218EFEB64DF69D889B99BBF1BB09304F0182E9E40DA7391DB709985CF14

Function 05636846 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b0cbc2e1261de0808a88fe387614c2639cc3ffe19395ab2d9dff86335535be1
Instruction ID: c058e0d046fd965af25ba1e72de09103393e4ea90b02a6dd3952f5cf89138239
Opcode Fuzzy Hash: 8b0cbc2e1261de0808a88fe387614c2639cc3ffe19395ab2d9dff86335535be1
Instruction Fuzzy Hash: F8318E74D05218DFEB64DF29D889B99BBF2BB49304F0082E9E40DA77A1DB709985CF14

Function 0563C381 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acb2c9be9b58c4e8f65b113b7573fcde07d410baf5dc2e558efc48b05de49800
Instruction ID: 9079364c9f88825c0132d3c748ab85f637a21fed0b7a7c6c48aee6c10102180b
Opcode Fuzzy Hash: acb2c9be9b58c4e8f65b113b7573fcde07d410baf5dc2e558efc48b05de49800
Instruction Fuzzy Hash: B4217E79A46219EFDB04CFA8D595EADBBF2BF49300F204158F906AB361CB70AD41CB50

Function 053D9E51 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b98835c6a0222acff9004c6851f28069d01f58b527d0be7a6f9f19a1f00123f7
Instruction ID: 78275073953f33ba1ce832acb50e6d1f29b110554aa40b178812f252a41eb837
Opcode Fuzzy Hash: b98835c6a0222acff9004c6851f28069d01f58b527d0be7a6f9f19a1f00123f7
Instruction Fuzzy Hash: 8B1126B65492849FC741DBF8D8047AD7FB5AF06200B1449D7C4D9DB2E2D6318E83C766

Function 05338FB8 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73e2e3c2b7a8f556989ccbd38cc89a24d1d24607876b857131fd113193fb40a8
Instruction ID: edb656110af81926f5f98182f35043e98525bdba6bbc28de7cf136623aa1b8a2
Opcode Fuzzy Hash: 73e2e3c2b7a8f556989ccbd38cc89a24d1d24607876b857131fd113193fb40a8
Instruction Fuzzy Hash: CF113CB1D0920ADFCB44DFA9D8427ADBFF6BF85300F5481AAD44CA7261D7718980CB92

Function 057E67F6 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b88ccc6699cc08cbcc9548d638ec56c4381a85869337dc5141d71df3ffbe9dd
Instruction ID: 3a80d1a3852960071a64ff0283f69f1eb033f81223550b7a3425cf7717c78269
Opcode Fuzzy Hash: 9b88ccc6699cc08cbcc9548d638ec56c4381a85869337dc5141d71df3ffbe9dd
Instruction Fuzzy Hash: 2D21C47095422ACFDB24DF14D868BEEB7B5BB08308F1050E6E519A7681DB744F84AF40

Function 0563C260 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbddd50641c050db71a3c366ff5d8705d456de9e93630414a01596db0d727283
Instruction ID: 3a18774717b7583a046e6245e2be9ef47609e434211252cc23de3a858bad27ec
Opcode Fuzzy Hash: fbddd50641c050db71a3c366ff5d8705d456de9e93630414a01596db0d727283
Instruction Fuzzy Hash: 5C014436350215AFDB148F59DC95FAA7BAAFFC9721F108066FA15DB290CAB1D810C790

Function 05638AD4 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87bc55fbacf6b4f6e153cdc813d2aeb6408c4eb228772c05cf45db0971493dd3
Instruction ID: 621f26917acb692c14f104f158ad1b5437019b80a20bd608bfb829eaa3971925
Opcode Fuzzy Hash: 87bc55fbacf6b4f6e153cdc813d2aeb6408c4eb228772c05cf45db0971493dd3
Instruction Fuzzy Hash: B6210474A4021ACFDB60DF28D499BADBBB2FB89300F1080A9E509A7755EF745E85DF40

Function 05637698 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8295563d6fb682f01037e3e713498ce242a583c63f1c5bfb529f4c9aeec9284
Instruction ID: b4139c27bd380de1528fde4110686e9a3d6f6dfbdac143ccdfa7f97a0f630ff6
Opcode Fuzzy Hash: b8295563d6fb682f01037e3e713498ce242a583c63f1c5bfb529f4c9aeec9284
Instruction Fuzzy Hash: AC117975E0020A8BCF04DFA8D4156EEBBF5FB88305F10407AD909A3780DB755A45CBA1

Function 010A09EE Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18647db18a662fda29ef22e2043237be87d7ba67198bf47a2b345f8e314d58ed
Instruction ID: c08f8ffae23c19146a1b892d2753105d45b904877289f1b71a837aea45fe57cb
Opcode Fuzzy Hash: 18647db18a662fda29ef22e2043237be87d7ba67198bf47a2b345f8e314d58ed
Instruction Fuzzy Hash: E211427474020ACFC744DBA8C9A8A6D7BF2BB8C710F2085A9E102DB3B5DB709C41CB50

Function 010A1410 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30785270295d0fc8b822b867d6c98698f470369f57b7483f777708b02c01a614
Instruction ID: 0927ad621e3f627b4995ea35831641bdf12ed03df8f3ddb759e0f1c68dd1dde1
Opcode Fuzzy Hash: 30785270295d0fc8b822b867d6c98698f470369f57b7483f777708b02c01a614
Instruction Fuzzy Hash: 28118BB4A08612CFC706EBECD145BAE7BB1BB44301F814599D086AB295EFB45D44CBA1

Function 010A1E19 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c043ad326509cebd2babaca409248225895a4e620cfdeebcd68c6d7ff311a1b
Instruction ID: a89b10213f464a66a2904999e2ce10fd8260d7690b681748f171c49ad3993212
Opcode Fuzzy Hash: 7c043ad326509cebd2babaca409248225895a4e620cfdeebcd68c6d7ff311a1b
Instruction Fuzzy Hash: E011C231508B42CFC726CF65E8483297BF0EF01315F440AA9D18B8B5E2DB35A985CB41

Function 05637688 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a077aea0c2a1c3838116f0c0dc7fe55eba0f5f5c127ecfed3dcee1d8e03a3d5b
Instruction ID: d16215cd7cf75926cb951b2771553c939015904dc9058fea12ffa0475f0b4aa0
Opcode Fuzzy Hash: a077aea0c2a1c3838116f0c0dc7fe55eba0f5f5c127ecfed3dcee1d8e03a3d5b
Instruction Fuzzy Hash: B41179B4E0420A9FCB04DFA8C4556EEBBF5FB49305F10446AD505A7380DB755A46CFA0

Function 010A0A59 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24bfe7823cc6eaf2e25e261283b9ef7e1735b4d6601c3bc67753feabc6d9607e
Instruction ID: a8d18f4e3739783ccdf4f4df9210adbf4d0e516a3065c5bff4edc2606484f889
Opcode Fuzzy Hash: 24bfe7823cc6eaf2e25e261283b9ef7e1735b4d6601c3bc67753feabc6d9607e
Instruction Fuzzy Hash: A7111E7474010ACFD744DBA8C5A8B2D7BF2AB8C700F6085A9E146DB3B9DB709C44CB50

Function 0563C230 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed91ba7e94b709b4a4f01c5ab49d4d5f71b86f62e5a468ab1df100f082c4a72a
Instruction ID: 0d19ea8fe12c5719a5b0d9d9e10ea9941e840cf69d84ecc366f0c4647dea1275
Opcode Fuzzy Hash: ed91ba7e94b709b4a4f01c5ab49d4d5f71b86f62e5a468ab1df100f082c4a72a
Instruction Fuzzy Hash: E701F4363006119FD3049F59DC95EDA77B4FFC9320B54807AF809D7321CE65D801C650

Function 057E6A3E Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 840965094be44b2f10873f302e650d9de74d0c18a7a9ca5879591391e89fd1d9
Instruction ID: 1f21898333ea0c28b40e222f6e38d03226121dbaa1a3f690eac5cb4f1cacc859
Opcode Fuzzy Hash: 840965094be44b2f10873f302e650d9de74d0c18a7a9ca5879591391e89fd1d9
Instruction Fuzzy Hash: E321D074A002298FDBA4DF28D899B9ABBB1EF48305F1041E6A909A7344DF749EC4DF41

Function 010A1648 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe119bf67dd79b3db197d30782a291f23cce9f7fc4070a0e953b567465ec591
Instruction ID: 4c69396daf4c794028f74e0b7cb27370bff5cd3dae9bbe277d22f31cc3128d9f
Opcode Fuzzy Hash: 8fe119bf67dd79b3db197d30782a291f23cce9f7fc4070a0e953b567465ec591
Instruction Fuzzy Hash: 7B112E30E00609DBDB149FA9D49479EB7B1BF88310F20CA19E499A7391EF749985CB80

Function 05628798 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 868d86a5cdb741976ab0e87fcb1b31bedb3ba7161a658baff85736f5c2e1b01e
Instruction ID: 028996a4fe7ca76e76188dae94609b044b97c38b2995c57da5ed1943a83290af
Opcode Fuzzy Hash: 868d86a5cdb741976ab0e87fcb1b31bedb3ba7161a658baff85736f5c2e1b01e
Instruction Fuzzy Hash: 5B01D234704B608FC3259B34C854B3E3BA3AFC9220F18896DD5964BBE1CB74D802CB84

Function 0563F980 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5900824d9d0300fd62c7e9d936bc08afb41bb137a106303ae63cf73be5f09bcf
Instruction ID: cb5f940e7e76cf9cbcbfd3d50b392e0ac0ff4ed194dab0efc4485c711126db82
Opcode Fuzzy Hash: 5900824d9d0300fd62c7e9d936bc08afb41bb137a106303ae63cf73be5f09bcf
Instruction Fuzzy Hash: 73018F31A00328ABDF18DA51C9466EEB7B6EB88251F60446ED406B7394EB795C01CBA0

Function 056287A8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a3bde0f37ba2d0fa25f539dc92677d67abf6210fe4b6e577be587b72e095b09
Instruction ID: c4477b899fe43e61e2df36d7626360fed2db894754dddfb7d62f5a1df21b5ae4
Opcode Fuzzy Hash: 8a3bde0f37ba2d0fa25f539dc92677d67abf6210fe4b6e577be587b72e095b09
Instruction Fuzzy Hash: 39015A31700B249FC725AB24D848A3A77A3EBC9320F14856CD5564BBA0CB75EC42CB94

Function 0563B680 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94eb5bdce3b95363eb9aeca1d30de71c8b051b20ab107d9eb50ed9ea81f212a7
Instruction ID: 9c4d9f7737caf0c7e1f19fa6cc89f60a900b6d25725fdd4d1ca7802fec91648c
Opcode Fuzzy Hash: 94eb5bdce3b95363eb9aeca1d30de71c8b051b20ab107d9eb50ed9ea81f212a7
Instruction Fuzzy Hash: 16F04672B842211FE319CA08984276BB7A8EBC9320F140039E809DB392CA65EC83C3D0

Function 05622460 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc0617e4d6f70bed0c1fd3f8ea928f069e661a2fe043b3215221aadc3012ee5c
Instruction ID: 6e8138a9db47d98357016789c948344b0da15767e172c2c95b3a7d5a9b772f15
Opcode Fuzzy Hash: bc0617e4d6f70bed0c1fd3f8ea928f069e661a2fe043b3215221aadc3012ee5c
Instruction Fuzzy Hash: 60F0F66520E2B00FD312022C9C61795AF65EFC7624B9942FFE589CB683C6198C078362

Function 056266A0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dead014a6f1bef886816754ccbd0961c09bbf620684963568da3cc251a7a107
Instruction ID: 9a26bf73d9c2e1f3c9651fc1c52d24ea8bc436c4cd858208708ea89737d9cd8f
Opcode Fuzzy Hash: 0dead014a6f1bef886816754ccbd0961c09bbf620684963568da3cc251a7a107
Instruction Fuzzy Hash: CC01B1383046108FC3099B24E41595FBBB2EF89311B118169E50A8B791CF75DC02CBC5

Function 0563981F Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6120d30a624e80fd80c846b789b1aecba6f4680435608a8df220248b66b0862a
Instruction ID: 13885e0111d7a111937bb28cda2df8e82f8578eb4d775cba98c31ed77063497c
Opcode Fuzzy Hash: 6120d30a624e80fd80c846b789b1aecba6f4680435608a8df220248b66b0862a
Instruction Fuzzy Hash: B1F0AF74944108EFC748DFA8C8567ECBBF8EB89310F10889AD80997351DA759A42CB81

Function 053D8A0D Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d656a7a8e798ca4298083c4c67e2e11c1324d5fea0d1b03af2477bfcfdb100f6
Instruction ID: c29df67e9d00a61478c032367f65cde151fc677eb9557250dda101a938c1658c
Opcode Fuzzy Hash: d656a7a8e798ca4298083c4c67e2e11c1324d5fea0d1b03af2477bfcfdb100f6
Instruction Fuzzy Hash: 7A11C975A15228DFDB90CF68E884BAEF7B5FB45304F008595E449E7240D774AE85CF21

Function 053D908A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 805fd9100719fa7b465d2ec0b1600afdcc2c62b0faeea4a87bfc3d1a50742340
Instruction ID: 919236dd62785e9b7e8dc55031bdd0d9979cf60e08912cf470b5a214976434bb
Opcode Fuzzy Hash: 805fd9100719fa7b465d2ec0b1600afdcc2c62b0faeea4a87bfc3d1a50742340
Instruction Fuzzy Hash: A601D176905208EFCB01CFA8D840ADDBFB1FF09300F1081DAE84997221DA328F15DB91

Function 056389A9 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 615e578e9dd3e56a0c208b23622ff0a2db81d3d062f1bbd56587cf3bff57baab
Instruction ID: 1a287f6e24b6b0705c57538486490a96eb36d4f23ca08f92d972fb08b7489677
Opcode Fuzzy Hash: 615e578e9dd3e56a0c208b23622ff0a2db81d3d062f1bbd56587cf3bff57baab
Instruction Fuzzy Hash: 4A110374A05259CFCBA0DF28D499BADBBB2FB49310F1040A9E509A7345DB705E84CF41

Function 010A19A5 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3a4cb80040e35081688b01798028ab041bfe7be5f5870fdd61cc8930532459d
Instruction ID: 1ae1e72bf7674aba822fd6937d640ff2a92ccc4346ffd960a826fb6858a66169
Opcode Fuzzy Hash: e3a4cb80040e35081688b01798028ab041bfe7be5f5870fdd61cc8930532459d
Instruction Fuzzy Hash: F1F0A97090820AEFEB41CFC4C054BFDBAF1AB08310FE0419AD4C7AA260C7718D48CB56

Function 053D95FE Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bac853bae7708cac8f935a49fe3a615d00de1a05cfe88c09f890fd89b186d95d
Instruction ID: 1fa1dc2ab2ab62564e59b0500ac6bfb2a2aeed5e86406cbe38f4fce17ac20832
Opcode Fuzzy Hash: bac853bae7708cac8f935a49fe3a615d00de1a05cfe88c09f890fd89b186d95d
Instruction Fuzzy Hash: 3511F076A16208CFDB00CF98E488FECBBF6BB09314F504194E809AB745C3B5AD84CB50

Function 056266B0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efd4898d8f05840b069f59a0c37037a966ce54daaa9094d7787f0d44d7713044
Instruction ID: 4420d98e43589326eaa169b728766f29125b1f3b1f2523a39f9bb6562e1077b9
Opcode Fuzzy Hash: efd4898d8f05840b069f59a0c37037a966ce54daaa9094d7787f0d44d7713044
Instruction Fuzzy Hash: A5018C353006209FC7189B29E458A6EBBA6FFCC711B108128E90A8B790CF31EC42CBC5

Function 05623078 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d21dd9ad48bd2797b47dbcec20df8bdd009be0824eb5645b526967d380139dfd
Instruction ID: 58a8e8532e4843fdcf6bccb3b976e4de4ceb8de6ac52e7195dbe191be7f82608
Opcode Fuzzy Hash: d21dd9ad48bd2797b47dbcec20df8bdd009be0824eb5645b526967d380139dfd
Instruction Fuzzy Hash: 93F02B3270001867DB145619DC84AAEB7AAEFC8220F044066F919D7360DF749D16C7D1

Function 0563B6E8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebc66f2125ef002bf7cb7430e5f10e41bc8530ba4d64d283668f07f1b88146b0
Instruction ID: 994c0b961d125f109dd24e8d358a248ac0a12cfa8cbcc0762d61caa70d879f9b
Opcode Fuzzy Hash: ebc66f2125ef002bf7cb7430e5f10e41bc8530ba4d64d283668f07f1b88146b0
Instruction Fuzzy Hash: 90F090A6B0D2A04FE72287685862325AFA1DFD7311F1944AAD0869F3B3DA569846C390

Function 0562FDDA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34ab967f3ba9df4d62efc4fe0694687e373a742419d7b9044a89ca7a4bd0f5ad
Instruction ID: 01d01fd5ffda3884c02455e641efab46d4d039fbb45704793d255027168b293c
Opcode Fuzzy Hash: 34ab967f3ba9df4d62efc4fe0694687e373a742419d7b9044a89ca7a4bd0f5ad
Instruction Fuzzy Hash: 8FF0F034A09918EBD714CF64D8027B8F7B4EB46304F14E4A8C808AB350CA708942CF84

Function 05626428 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae72693ccf1752873578e39e5ba5e54bf0e347e73603d9ddc15a223f58bd7ad0
Instruction ID: b144f191b47eb3085d4926f210489a64e10dea3c12c527dc80d4e60050b4b434
Opcode Fuzzy Hash: ae72693ccf1752873578e39e5ba5e54bf0e347e73603d9ddc15a223f58bd7ad0
Instruction Fuzzy Hash: A1F04F353106109FC7149F29C854F6AB7AAEFC8711F15446DFA858B760CA71EC41CB54

Function 0533F798 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70a27ecb3480428fcbd61c9a746edd6e156ef124ca16fc385fbf95d8fbc3b8af
Instruction ID: ab50298fece64ba2d203a59a9640c28a5753b65c66ee0c7e343ef92bccdd5221
Opcode Fuzzy Hash: 70a27ecb3480428fcbd61c9a746edd6e156ef124ca16fc385fbf95d8fbc3b8af
Instruction Fuzzy Hash: CF0108B4E042099FCB40EFA8D4896AEBFF5FB48300F10806AD909E7344EB745A45CB91

Function 05638500 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb23db89c383317a003c753b5ea63a572921b7143be582e1809cffe022226da2
Instruction ID: 7c454e04794ca09de9a5984c9e292067d451595ebc6a642704502bb3c248ca1f
Opcode Fuzzy Hash: fb23db89c383317a003c753b5ea63a572921b7143be582e1809cffe022226da2
Instruction Fuzzy Hash: 2E01C87090A208DFDB44CF69E8667EDBBB6EB86311F109064F10967245CFB45989CF01

Function 0563B690 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bedac17b774adaf92c6a8a26469ad9c466f5ee7e780118dae4cbfd98b0a71458
Instruction ID: d41cf9c3ef8d307516066c92935df246053d3159f48f4ff413cf2654acd5c4c5
Opcode Fuzzy Hash: bedac17b774adaf92c6a8a26469ad9c466f5ee7e780118dae4cbfd98b0a71458
Instruction Fuzzy Hash: 57F0E975B082115FE715D619981576BFBE9EFC9720F144439E5099B3A1CA71EC82C3C0

Function 05638FAE Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d166faf89c0305273bcc38c2a6e10220754edc4a0b6419e55e7726f37bab874
Instruction ID: 782a6f7abc33241a788cd18843305321bc08e86ba1f3f854046fc96ea157860b
Opcode Fuzzy Hash: 9d166faf89c0305273bcc38c2a6e10220754edc4a0b6419e55e7726f37bab874
Instruction Fuzzy Hash: FD016274901249CFEB10DFA4DA556A9BBF6FB49300F1490A8E04AAB745DBB48C45CF10

Function 0562DF82 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3660dba617ca822c7391197e2c868ac25e1728ab3313df86fd5c40aa7f2dd787
Instruction ID: 09cce741f8c3f55828e34fa50d01d3a5cbc87fcb3d4964e967b022209dece28f
Opcode Fuzzy Hash: 3660dba617ca822c7391197e2c868ac25e1728ab3313df86fd5c40aa7f2dd787
Instruction Fuzzy Hash: 40F097629092089FD301EBB8CC8A7CD3FF5DB16300F0804AAC808D7341EA78C916D79A

Function 0563D940 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e37434583b747994cfe1ddacdf0960b849ebd57d167ac6955ccdddc72bb7bad1
Instruction ID: e898b47805b321a747b485f4f08f42ec2968c593dc129030f15e5a357851d80a
Opcode Fuzzy Hash: e37434583b747994cfe1ddacdf0960b849ebd57d167ac6955ccdddc72bb7bad1
Instruction Fuzzy Hash: A6F0A771944224ABEB1DCBA4D48A7DDBFBAEB44350F548099E04AD3781DF745681C7C4

Function 010A25A8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f43fba58f2387a7c5d559bebce749471fb4d7842c317292c917b9ae692ab8f6
Instruction ID: 9371f3583ef482b54b59e64fd48e623a537f5363a2d09a04f786c2e33e17b001
Opcode Fuzzy Hash: 6f43fba58f2387a7c5d559bebce749471fb4d7842c317292c917b9ae692ab8f6
Instruction Fuzzy Hash: 22F06D3060E3C48FC70B97A8A46055DBFB1AF87200B5A81E6D099CF267D6248D4AC766

Function 05628E88 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8cf24ce7119f256b922cd42d7a424f6898eec7ebf46cb10458a555f27ba8dbf
Instruction ID: 8f79d30fa49f5274c72ab780bde8fae1a47f40f045ef17852e4bfa9ce4d32e07
Opcode Fuzzy Hash: f8cf24ce7119f256b922cd42d7a424f6898eec7ebf46cb10458a555f27ba8dbf
Instruction Fuzzy Hash: 72F0A7317007348BDB245A796C1576637A6EB85251F54487ED50ACB2C0DF72DC01CB54

Function 05335628 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621653411f138a8b9b5c3385ef00db45bf615be528b1a9b894742ab10d758ad6
Instruction ID: 8d331af871a773cfe6362fa2b746fa21c01173775406d88a42fe3c60e3010a89
Opcode Fuzzy Hash: 621653411f138a8b9b5c3385ef00db45bf615be528b1a9b894742ab10d758ad6
Instruction Fuzzy Hash: 5EF03A75904218EFCB84DFA8D891BEDBBF8EB48311F14C4AAE898D2341D2359A52DF50

Function 053D3A01 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 155931e47b51005cc6ca8de9ffd265c640e522a2573ff20c0d66497e8bdd33f9
Instruction ID: b1fe435a80d2a9005936a1371c7b3510d4afc7551e79f841038f4100a6a46273
Opcode Fuzzy Hash: 155931e47b51005cc6ca8de9ffd265c640e522a2573ff20c0d66497e8bdd33f9
Instruction Fuzzy Hash: 39F0F476904208EFCB41CFA8D841ADDBBB5EB48300F10C499ED18A2250D3369A62EF91

Function 05628E77 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d6b91ec11abfcbf022fda99b73fc551f91f98d76aac1557d979246a6e848110
Instruction ID: b1027840c0546041adc2c3a2692eb72b5564187a09b1218993c27d8760b70400
Opcode Fuzzy Hash: 8d6b91ec11abfcbf022fda99b73fc551f91f98d76aac1557d979246a6e848110
Instruction Fuzzy Hash: B5F0A031700B319BEB245A349D1ABA537A6AB41211F948979E8029B3C0DF73D802CB54

Function 053300FA Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6a76990fa7d9a244ee29f8ee2f3cdc92d954b1c98e4147e5d6bd51fe5324c9e
Instruction ID: 4059e3a79ca9bc75099e5bfa586ec384423cd3361c0717e1aa8a84bdc9b2a9ff
Opcode Fuzzy Hash: b6a76990fa7d9a244ee29f8ee2f3cdc92d954b1c98e4147e5d6bd51fe5324c9e
Instruction Fuzzy Hash: 8301F674A04219CFCB58DF54C8997AABBBAFB49301F008095D10EAB315DE308A85DF00

Function 053D90D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a3dc97d8623a42c12c5c9aaf9921fec41c5fc654b757c0f74c8507d4aad7fd9
Instruction ID: a0328fa5634986ac46f06a355e3474837517dc0076214ee83c43362c6064cfce
Opcode Fuzzy Hash: 8a3dc97d8623a42c12c5c9aaf9921fec41c5fc654b757c0f74c8507d4aad7fd9
Instruction Fuzzy Hash: C7F0B436809248EFCB01CF98D8506DCBFB1FF4A310F1481CAE8585B261C6325A53DB51

Function 05626438 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d33773e9cfa27cf1b80c90ec6cc0349055c0362bab34b97bfb52cd923e0c20d5
Instruction ID: 6654b5e141fa08df5f87b9abf3024f6a04cc657a157b425f982c1a7b1b927ece
Opcode Fuzzy Hash: d33773e9cfa27cf1b80c90ec6cc0349055c0362bab34b97bfb52cd923e0c20d5
Instruction Fuzzy Hash: 6DF05E353106109FC718DB29D854D3AB7AAEFC8721B10806DFA068B760CE71EC02CB90

Function 010A19C0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7906a3b43e7749adfadbf88c176772876401d110001c7bcff2108d8200daeca4
Instruction ID: cbf8e3be584de696e9c9fb0d10ee9ef13594a625793f21ec0884d52563d3479e
Opcode Fuzzy Hash: 7906a3b43e7749adfadbf88c176772876401d110001c7bcff2108d8200daeca4
Instruction Fuzzy Hash: 52F059B01047104FC325DB24E48020DBBE2EF94301740CD28E08D4B56BDF74AD8C87A0

Function 053DAE61 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34628cff27aa57c203e31c6cb0b9cbc1841c0957879361418b987f5700ba0d1d
Instruction ID: 740db06510a0a97508eabb95a37afda285b3e4ad10cbe3aa7d5b9ddbe9261072
Opcode Fuzzy Hash: 34628cff27aa57c203e31c6cb0b9cbc1841c0957879361418b987f5700ba0d1d
Instruction Fuzzy Hash: C4F03A75909208EFCB45CFA8D5406ACBFB1FB49310F10C09AD84897361E6368A56DF41

Function 053D4B78 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6605d77b13cddaaa4967f2a747903b9d886bdaa6f16a918311ba9e98664270
Instruction ID: cd93c67c047fb85bb45774efa33580f9052725d225d3edbab816f7bd54ca33f4
Opcode Fuzzy Hash: df6605d77b13cddaaa4967f2a747903b9d886bdaa6f16a918311ba9e98664270
Instruction Fuzzy Hash: 8EF0B435845248EFCB01CFA4C810AACBFB1FB16300F14C0DAD85597261C2324A42DB10

Function 0562A4E0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d781275779b587f917cfebdb06c2cc4eee5f5bc31ccaa216ccd0c70021f8c50d
Instruction ID: 429e437588ccf33784329f21a8da1302469b87d1ab860e76e22fb9d89e5bc59f
Opcode Fuzzy Hash: d781275779b587f917cfebdb06c2cc4eee5f5bc31ccaa216ccd0c70021f8c50d
Instruction Fuzzy Hash: 6EF09AB240D7C08FC7020720AC963A67F70EB63380F0E40AFC4808B6A7D52C891ACB52

Function 010A255D Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 936db3e9daba1490d29604f49f311cf22ad495bf2c9a6e979fca2f2d3b9ebad0
Instruction ID: 2fef05b30a39c8ae483377e0407ebecdd199f6f32d3bc0a56ff9e711cb4169b2
Opcode Fuzzy Hash: 936db3e9daba1490d29604f49f311cf22ad495bf2c9a6e979fca2f2d3b9ebad0
Instruction Fuzzy Hash: 02F09A3060D3C48FC7078BA8E42059DFFB2BF86200B1A81E2D0C6CF293C6248C89C765

Function 05335DF2 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3525fb1ece6c2e903812a8203933f557047201ce4d93f297050d8023590a2e5d
Instruction ID: 3ff0f265005ab42957ea3d31e62b0bc015baaa150aa97520ed26e2d6baf69b5b
Opcode Fuzzy Hash: 3525fb1ece6c2e903812a8203933f557047201ce4d93f297050d8023590a2e5d
Instruction Fuzzy Hash: E3F01CB5D04208AFCB94DFA8D8427ADBBF9EB48300F14C4A9E858D3341D6359A55DB50

Function 053311A0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cc81d7ee988e62c9ceb8a30cb8403abc48eee12cb81d645fa6d84d740aa511f
Instruction ID: d6c57bb028e6bb9e7b98496f17422376a3b67b0ebeee51cb51f85f861702ed4a
Opcode Fuzzy Hash: 8cc81d7ee988e62c9ceb8a30cb8403abc48eee12cb81d645fa6d84d740aa511f
Instruction Fuzzy Hash: 97E0D8768412089FCB40EBF4D8167ED3BF8EB00311F5040A6D08ED3191E9798590D791

Function 0563A5A0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d52075d2d81fe355dd98175f12e9fc39874ae36802a5960f7fc236834fdab7a9
Instruction ID: c5671a80ad89d9f7e18d2d6879e5c4538c4d0e7c2a188a7b35f791263e019d66
Opcode Fuzzy Hash: d52075d2d81fe355dd98175f12e9fc39874ae36802a5960f7fc236834fdab7a9
Instruction Fuzzy Hash: 2EF05874D08208AFC744DFA8C8816ACBFF0EB49314F1480EAC848D7352D6359E46DB41

Function 05636F70 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08cc95a559cc516bffb88a640d3c8739e5d2acaed958a4dcdc32c60361259721
Instruction ID: ad10e50e142940d646c3e20abd0571d3f594ebbfe13d572222c9636088f8acd1
Opcode Fuzzy Hash: 08cc95a559cc516bffb88a640d3c8739e5d2acaed958a4dcdc32c60361259721
Instruction Fuzzy Hash: F5F05474948244AFCB51CF94C85199CBFB1FB05314B5581CED894573A2C6715A52DB41

Function 05639869 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38c80e3b058797b0060c458a915a78f61fd9a796ccdd6466d17fd5a7bf251d00
Instruction ID: 2f690d47d9d9eff7b51d18603c9030f650ec1a118141f5c03aef71dac1a0263d
Opcode Fuzzy Hash: 38c80e3b058797b0060c458a915a78f61fd9a796ccdd6466d17fd5a7bf251d00
Instruction Fuzzy Hash: A3F0C974D44208AFD798DFA8D8527ACBBF4EB88324F24C4A9D849D7342D6799A42CF41

Function 053DC478 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82debb305711c023ad00de89eabe171868baa3bd3cb49c3316fbfaed63623345
Instruction ID: afb54b8a228ff6af8723650d98b3cf4975afeb7b1ecf2e9b3b49f1da7c4f6ce4
Opcode Fuzzy Hash: 82debb305711c023ad00de89eabe171868baa3bd3cb49c3316fbfaed63623345
Instruction Fuzzy Hash: 52F0E974909248AFCB11CFA8D841AA8BFB1FB46324F64C1DAD85487292C2324943DB11

Function 053DD458 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 440cd4112809d330d3ada6fe631f975d6625dc51e1dbb8922f73757244e9064f
Instruction ID: b7cd069f6a71ba7d1f35980d4ba0979fb152d6fee6d5cf884db422b7df3a6aa2
Opcode Fuzzy Hash: 440cd4112809d330d3ada6fe631f975d6625dc51e1dbb8922f73757244e9064f
Instruction Fuzzy Hash: 90F03A71D09348AFCB45CFA8D4546ACBFB1BB4A304F15C1EAD8489B292C6315A96EB11

Function 053D0968 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d41e513db768fcb9282060462534c987c8e1fe6f27959441437ed0937d864f
Instruction ID: 0b2f29b315e60f8cc772c5bb8d6adca2dce93154089b5b271054fff5ef140d6a
Opcode Fuzzy Hash: a9d41e513db768fcb9282060462534c987c8e1fe6f27959441437ed0937d864f
Instruction Fuzzy Hash: 50F01C75D05208EBCB44DBA8D8957DDFBF4EB48300F14C4A9D84893350D6719A42CB81

Function 053D41D0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 947a97ff138fe8f698fcae55a76e48f2c2ab5f91bf0e937752d993531f8bd508
Instruction ID: 81d5c6a20f5efec1a8c30aee0925b79596941cc7280756d91c4923b5f33c93a8
Opcode Fuzzy Hash: 947a97ff138fe8f698fcae55a76e48f2c2ab5f91bf0e937752d993531f8bd508
Instruction Fuzzy Hash: 1AF05870D49248AFCB41CFA8D44429CBFF1AB4A304F2580DAC858D7352C2714E86CB11

Function 056228D0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8caf1a8e5e7e4ac494c895c27c5078f0964d529fc5cf45cc247f72ebe48460ad
Instruction ID: c80ee53f95cd7310b55494c76409f9ab31e40a7e81fcaaff95a5c5411a33bffc
Opcode Fuzzy Hash: 8caf1a8e5e7e4ac494c895c27c5078f0964d529fc5cf45cc247f72ebe48460ad
Instruction Fuzzy Hash: D9E06C722003255BC7159A19EC45A8BBF96EFE1216B54C93AF00D87215DD7099468794

Function 05332421 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 933fa694afc5d2df4352c7847ddf852481374042f81dd9b032860c1776c5cec8
Instruction ID: 7b74cbf56abeafc77c66fcdbbdd4b5e604216ea41bd015512582ea9d688f9728
Opcode Fuzzy Hash: 933fa694afc5d2df4352c7847ddf852481374042f81dd9b032860c1776c5cec8
Instruction Fuzzy Hash: 32E02278408108EFC300CBA4D8927ADBFF8EB55300F20C4A9E80897380C6329A92C751

Function 010A974A Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17e84ffbaaaacd49d36e39e6fe1bf2392a3c5101ad825ad675255ce65a5af76d
Instruction ID: cbf9be3430e37f669cc0bb9ea8c769b1f964213bac9c1bead694ad36e50ff5c5
Opcode Fuzzy Hash: 17e84ffbaaaacd49d36e39e6fe1bf2392a3c5101ad825ad675255ce65a5af76d
Instruction Fuzzy Hash: 8BF0D474A04208AFCB84DFE8C845B9CBBF5FB48314F10C0A9A859A7350D6359A55DB41

Function 010ADC68 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 311ed65590f76d6e8c1682f3641ac1bbca6cc92d5e67db11cba32a05e92baf7b
Instruction ID: 1032484db9a449f1180116a32596b7570476fab4ebe00481f1349dd30117057c
Opcode Fuzzy Hash: 311ed65590f76d6e8c1682f3641ac1bbca6cc92d5e67db11cba32a05e92baf7b
Instruction Fuzzy Hash: 0BF03074D44208AFCB54DFD8D85179CBBF4FB89314F64C0A9D858D3341D6759A42CB40

Function 053D54F0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13c0beeea35ddd050cf658a14371454e53bd0983f5460adf8bbe0675483abae6
Instruction ID: 99dfde02d57f3a5179606e0520a9cec34f026327824a7cfb9fa40f92fa5ebc5c
Opcode Fuzzy Hash: 13c0beeea35ddd050cf658a14371454e53bd0983f5460adf8bbe0675483abae6
Instruction Fuzzy Hash: 4DF08C71948288EFCF12CB94D9407ECBFB6FB45300F1480DAC86A56242C6359A82DB61

Function 053D13A8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cc3af0407d77a0952b507fc75fba822161aeff3128fe4b37a9bbb64143bfb7c
Instruction ID: 8ce588b5752bea21b24056937d99dc4af300077b612085bed0828740772494a3
Opcode Fuzzy Hash: 6cc3af0407d77a0952b507fc75fba822161aeff3128fe4b37a9bbb64143bfb7c
Instruction Fuzzy Hash: 90F01575E04208EFC744DFA9D9957ACFBF4EB48304F14C0A9D808A3740D6759A46DB40

Function 053D3270 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31961156132ae1c60483eea04203ce877863f3bb9b2df75065d4d501458ffd43
Instruction ID: 6d4d0220052149e42539a8edff68d0b98b02f9bdf0501f49ac933314dbcb3a0c
Opcode Fuzzy Hash: 31961156132ae1c60483eea04203ce877863f3bb9b2df75065d4d501458ffd43
Instruction Fuzzy Hash: D6F08C75D04218ABCB84CBA9D9813ACFBF4EB48304F14C4A99C58A3340D6329A02CB51

Function 05335638 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b991e4461830dc813bb16d6f3d20351452da6d521953d0adb66cfad67b927bc
Instruction ID: 055bb6b891df35e69f494990bb8e431e188f4ede2c10b8223c0769d4429cfdb7
Opcode Fuzzy Hash: 6b991e4461830dc813bb16d6f3d20351452da6d521953d0adb66cfad67b927bc
Instruction Fuzzy Hash: ABF0F274908208AFCB80DFA8C841AADBBF8AB48311F14C4AAE858D3241D6359A51EF50

Function 0563776A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aba987f28080bfe5c4e8d836f4d049a15e6bc6b61487a5dfa8bac72321e5c8e
Instruction ID: 2cf4c9d620fb5dcc3a7d544781491fe885be5c74633f7b67403be25a73fb7ea2
Opcode Fuzzy Hash: 2aba987f28080bfe5c4e8d836f4d049a15e6bc6b61487a5dfa8bac72321e5c8e
Instruction Fuzzy Hash: E9F08CB4D0A308AFC741DBA8D8512ACBFF4EB4A310F1580DAD848D7381E6315E06CB41

Function 0563B120 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad46686be2cf3716bbd20409788c4610e80b8ed408973e95cc8fd8a2bfdacfe4
Instruction ID: 8e1d0aeef3648d8de9c8c8664e8325d7cf6e8b4ed7cf8006e734b8b32139d300
Opcode Fuzzy Hash: ad46686be2cf3716bbd20409788c4610e80b8ed408973e95cc8fd8a2bfdacfe4
Instruction Fuzzy Hash: 56E06D75A0426CAFCB04EAA8E8427ED7BA5DB85306F90559AE80CD3341DA319E01D791

Function 05637CF8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8c35c0b21982420f65568617dc6ad13a1ef5120206565557923424484506de7
Instruction ID: f8bc7cd9081bc31e031a8f12eb5ebfce017421ed68bd3c0e4b93b1dfe462fd47
Opcode Fuzzy Hash: e8c35c0b21982420f65568617dc6ad13a1ef5120206565557923424484506de7
Instruction Fuzzy Hash: D9E06874549248AFC346CB74C401AF97FB1FB06300F1080DED885873A2C6324E43C701

Function 05637ED2 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4abd954a4e2d72cd6b6296dd40058d606f8a3ef175b6407eb11ae68732eeaab
Instruction ID: 694545c7b5b0289a0b7221700a67bbcf2117922494c67b7fff41c1d845adc1bb
Opcode Fuzzy Hash: c4abd954a4e2d72cd6b6296dd40058d606f8a3ef175b6407eb11ae68732eeaab
Instruction Fuzzy Hash: 09F0F8B0D09208AFC785DBA8D94269CBBF4FB49300F1580EAD848D7391D6359A46CB51

Function 010A171C Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90cc4aa31e2feae90a68623d94a7b43eb08ed4f68e5da6576744c2681fd6ddf0
Instruction ID: 2fda0358ffc4d6182104bf49e2784a425798321697d763926c1d1d9af4c47c6f
Opcode Fuzzy Hash: 90cc4aa31e2feae90a68623d94a7b43eb08ed4f68e5da6576744c2681fd6ddf0
Instruction Fuzzy Hash: 37F03474E04209EFCB589FE8E4587ADBBB5BB48310F64801AE052D72A0CF300445CF91

Function 053D3A10 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0c2f03525f9b2ed5b7870885892ae001f6d9a6938694db8b9edba41a0a9c995
Instruction ID: 52dbfc2c459a97dc5e3a5ab723c3b0a841b146132c45ac8ad37ca3c68d3d0161
Opcode Fuzzy Hash: c0c2f03525f9b2ed5b7870885892ae001f6d9a6938694db8b9edba41a0a9c995
Instruction Fuzzy Hash: 95F0D475E0420CEFCB41DF98D840AADBBB5FB48300F10C499ED1892260D7369A61EF91

Function 0562DC70 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86ce2e0620407968ca345789d1ea632131d9225ec7d4d2298f93ad73c73c00e5
Instruction ID: b9aab424c23e0e49d6078d8b34a391613bf0720667065fb2a25ec4250ac824ac
Opcode Fuzzy Hash: 86ce2e0620407968ca345789d1ea632131d9225ec7d4d2298f93ad73c73c00e5
Instruction Fuzzy Hash: FDF01C74E45208AFCB44DFA8D8417ACFBF8EB48304F10C1A9981997380D6719A42CF41

Function 05638560 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 940b7ce5f03442a02de4bb744f10c7699b4406f8b916b2221748843bec02b387
Instruction ID: 96e21fc78c35e3d7da766e3a78ecf420e5ce432c7da8590c3de309cf95131d0b
Opcode Fuzzy Hash: 940b7ce5f03442a02de4bb744f10c7699b4406f8b916b2221748843bec02b387
Instruction Fuzzy Hash: 3EF04474A10248CFDB50DF68E49AB9DBBB2EB45314F20A498F40AA7344CBB05DC4CF10

Function 05637638 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db1fb9d80df969f56c6bf5a33a5973336ef3d91d10f651175573eb5f4965a76a
Instruction ID: 23ac58fb0dd2468fafc3b76b025e54588919a4f0b636bf676f31af0656767ea0
Opcode Fuzzy Hash: db1fb9d80df969f56c6bf5a33a5973336ef3d91d10f651175573eb5f4965a76a
Instruction Fuzzy Hash: F9F08274944208EFCB44CF68C891BEDBFF1EB06310F508199D85597391D2355A83DB41

Function 05636948 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a2b1b70a262f604cf55d3b9f74027d11202b934e1aa55a68fd93b6399c5e65a
Instruction ID: 481cd58ce0132b3d45220ae0dc242a41af4e672a9a314b6ed008576830181213
Opcode Fuzzy Hash: 1a2b1b70a262f604cf55d3b9f74027d11202b934e1aa55a68fd93b6399c5e65a
Instruction Fuzzy Hash: 8FF0A770944384AFCB45CBA8C4406ACBFF0FB06314F2581DAD8989B3E2D3314A43DB01

Function 05638861 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff3d04ea1fb3bb6c63a5ad6cdcbc6024ecb46af95f9b454b2be742f6d1b11735
Instruction ID: 50ba143b17683d8c7a8775be207bba06b961ca666806be020848bf930850145d
Opcode Fuzzy Hash: ff3d04ea1fb3bb6c63a5ad6cdcbc6024ecb46af95f9b454b2be742f6d1b11735
Instruction Fuzzy Hash: 01F0F474A45208CFDB50DF68E49AB9DBBB2FB49320F2050A9F509A7340DB745D94CF14

Function 010A0B0B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0d385ba5c69dff7ddbe019dc2b02638d77310a6ec4015c2e8a8228d9f4cf5fd
Instruction ID: ac104b0d4fe7ac1af8759e67ba6d99097af9efa8a471f84c858b2a6226f931a3
Opcode Fuzzy Hash: b0d385ba5c69dff7ddbe019dc2b02638d77310a6ec4015c2e8a8228d9f4cf5fd
Instruction Fuzzy Hash: 53F0377082824ECECB55CFD496452BD7FB0EB09218FA441DAA5D797159E6311181C7C1

Function 010A0A84 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d32e89934d7ec6e7b20a9e27159fda8e9329e547048914fd6db5646cafeb8d6d
Instruction ID: ab6abc5c89c7d252c79ce9dc306ec28d21572497035a8afedc2d1bec6d8ec154
Opcode Fuzzy Hash: d32e89934d7ec6e7b20a9e27159fda8e9329e547048914fd6db5646cafeb8d6d
Instruction Fuzzy Hash: F5E012393401068FD700EB68EA84EA977B1EF8D314F2041E5FA04CB379D632EC018B60

Function 053D2D68 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4ce06869aa26d71ec37de22129565d363cb082058b248caaafb334f922514b3
Instruction ID: c5912841d2c289759b9ad519d076d27be801c5d96f32d9a1fbb4847da9e71683
Opcode Fuzzy Hash: a4ce06869aa26d71ec37de22129565d363cb082058b248caaafb334f922514b3
Instruction Fuzzy Hash: C0E06D79904208EBCB44DFA8D4917ACFBF8EB88304F10C4A9E8089B340C6729E42DB40

Function 056391B1 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b06d57f3d2b2e89a63c2db0b4c877e3bee6f5f39883de69988345c32601c0d
Instruction ID: dc21f77f6048b54a381ca4bc52659cfef82795c4ae123a417da3461893d30133
Opcode Fuzzy Hash: f1b06d57f3d2b2e89a63c2db0b4c877e3bee6f5f39883de69988345c32601c0d
Instruction Fuzzy Hash: 3DE09230954108EFC744DFA8C9863ACBBF8EF04308F2080A9DC08E3341D6319E46CB41

Function 010ADD00 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 893ba714d4eab6f99da6f8f0e7d093c7f45f13960e1212ae6c086d338bbdc5d3
Instruction ID: 1fd9b1e8ee0b764f111584a8cca11038a132d8a9806aef2f2ce7d8caac86c647
Opcode Fuzzy Hash: 893ba714d4eab6f99da6f8f0e7d093c7f45f13960e1212ae6c086d338bbdc5d3
Instruction Fuzzy Hash: D7F01C74944248ABCB54CBE8C9417ADBFF0EB45324F248599D8A897392C7355A42DB41

Function 053D813A Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e2535c62fe2fcb1849fa7f52a914e863ffb7a3cd3ed3274231b72e903be9bf2
Instruction ID: edd68f1f6ae2d534f067f54c7fb2b15a1234934a9c8a49d48f66e31ff5408e0b
Opcode Fuzzy Hash: 8e2535c62fe2fcb1849fa7f52a914e863ffb7a3cd3ed3274231b72e903be9bf2
Instruction Fuzzy Hash: A5F0A0B1D082889FC700CFA8D8416ACFFF0EB06310F24C2CAC8988B3A2C2315A47DB11

Function 053D73B2 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8777723a6d17f5a00a03b7b8920332e64f732de8da8d2ac9e52e84d68d0ef697
Instruction ID: eef51385ffe42bf97dfbf0339a0bcda0e997e13143f4b68abbd9f572210a3c69
Opcode Fuzzy Hash: 8777723a6d17f5a00a03b7b8920332e64f732de8da8d2ac9e52e84d68d0ef697
Instruction Fuzzy Hash: 26F017B4910515DFCB50DF98E889BAABBF1FB08301F1185A5F51A97389DB709889CF50

Function 053D3BC8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7980af54f6195fd28966e3c70add373081b1faaaa7b53733c1e7e8fd76038b2d
Instruction ID: 3a4968a617f241d56b7e9e1ff3abcd911786954e49396cfe44495a96fecbbe8b
Opcode Fuzzy Hash: 7980af54f6195fd28966e3c70add373081b1faaaa7b53733c1e7e8fd76038b2d
Instruction Fuzzy Hash: EDE0DF3A908118EBC704CFA4E8837ACBBB8EB45300F24C498C80867341CA729D42CB92

Function 056228E0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 952c0b69317ebd418f4735f14331857d240df66d55612c0d3c826ae1f2c56b98
Instruction ID: 38b55ebe970e917f9670c20aaf4dfb9c8fc5e456fecd59d345d4425dc1694b4c
Opcode Fuzzy Hash: 952c0b69317ebd418f4735f14331857d240df66d55612c0d3c826ae1f2c56b98
Instruction Fuzzy Hash: CFE012713003255BC7249A1AE88488FFB9AEFE0266710C93AB11E87615DE70AD468794

Function 05335E00 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7f030a69f625a32f120ee1e3a494ac4ed203afcc26de6768ce693a7584e4858
Instruction ID: 6d140ff85f32fc9c20c96864736fa75d6c5a9d1141a52f12464455eb6a6d22bc
Opcode Fuzzy Hash: e7f030a69f625a32f120ee1e3a494ac4ed203afcc26de6768ce693a7584e4858
Instruction Fuzzy Hash: 0EF0C9B4D04208AFCB94DFA8D4416ADFBF8EB48310F10C0AAD859D7351D6359A55DF91

Function 05636F80 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c78149e2c193ec71c215e3e7dba32653bd7b0dd874d1e2ffa3e225ebddefab92
Instruction ID: 3cdb02aa4e7045d4f0fb1df6e39edd07f62bb0846428657033d663a867cdbca5
Opcode Fuzzy Hash: c78149e2c193ec71c215e3e7dba32653bd7b0dd874d1e2ffa3e225ebddefab92
Instruction Fuzzy Hash: 19F0A574E05208FFCB84DFA8D841AACBBF5FB48314F10C0AAE81897350D6319A55DF41

Function 05634870 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 450caa9ca85c76521cfd2368855cc81cbe86522bde49d21282fc28281428fe83
Instruction ID: ac004ab4c656eb53a6c59280577905eb2509b43ebe8e851697d67a74a41e5d12
Opcode Fuzzy Hash: 450caa9ca85c76521cfd2368855cc81cbe86522bde49d21282fc28281428fe83
Instruction Fuzzy Hash: C6E06D34945288EFCB84CFA4C5557ADFBF0FB8A305F1481EAC82993381CA328A42CF40

Function 010AE079 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2079bb8fd135ab8222684b041f23ac146f9a39cfe23eea89b39cb67f85fef70a
Instruction ID: d0774eaf8fabbbeef3245ba5d0054607b7cb9e112d6223aad13bf8f65f99dae0
Opcode Fuzzy Hash: 2079bb8fd135ab8222684b041f23ac146f9a39cfe23eea89b39cb67f85fef70a
Instruction Fuzzy Hash: 9CE0D8749492089BC704DBD8D8506ACBFB4EB41308F6090E9D84857381DA315D82C741

Function 010A8720 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2016bba6bbea3f1bff7ab360b2373e606e9a73c628a57349458d6775643582d
Instruction ID: f2a90ec36e78d89026bbbe088e5e25dca356ddf84bb24b85153b006e9848bf3f
Opcode Fuzzy Hash: d2016bba6bbea3f1bff7ab360b2373e606e9a73c628a57349458d6775643582d
Instruction Fuzzy Hash: F9E0DFB1400208AFCB01EBF8CC0978E7BF8FB05301F1080A9D109E3250EF359E489796

Function 010A9758 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c466cd35ffe7815959f2bb575333df9af9851f4c46b8709a2e60d688872418c0
Instruction ID: 2fdb7e32f855a90bcf85e80862612ffc98e825d9e6c924bf783707d57bda42f4
Opcode Fuzzy Hash: c466cd35ffe7815959f2bb575333df9af9851f4c46b8709a2e60d688872418c0
Instruction Fuzzy Hash: 07F09274A04208AFCB84DFA8D840AACBBF5FB48314F10C0AAA85997350D6319A55DB91

Function 053D3CE8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cf423e58f70b59406d16cdefabd7c4e47ded2e03595786a98dd9ad020ad59b2
Instruction ID: 7753f5d3130a9062bf835d1279edd6914f65f1b03f0761c30f485dca9a059991
Opcode Fuzzy Hash: 9cf423e58f70b59406d16cdefabd7c4e47ded2e03595786a98dd9ad020ad59b2
Instruction Fuzzy Hash: EBE0DF35208114EBC748DB60D481BADBBB5EB05318F20C8ADD80A47292CB334C47DA51

Function 053D4300 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf37987db0db043311bab79d7ce836345abed206edf70ab8f2f68627d295fa6
Instruction ID: 4e70648e1165e6460950eac84b61bb207573e28a0954cca17a3c48a5f665a364
Opcode Fuzzy Hash: aaf37987db0db043311bab79d7ce836345abed206edf70ab8f2f68627d295fa6
Instruction Fuzzy Hash: 99E06F31284144EBCB04DBACE540BE8BBB2EB46318F908089CC8847251C3322E93CB80

Function 057FA770 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76018d72cfb6893ea470ec96e7be4d97d4ff1af4a0f2479f5c2655a8d06e4349
Instruction ID: 2b9e31037349b70eb9e6e4e6ce6c07e081703ab36e71dc732266d6493a206f60
Opcode Fuzzy Hash: 76018d72cfb6893ea470ec96e7be4d97d4ff1af4a0f2479f5c2655a8d06e4349
Instruction Fuzzy Hash: 01E0C974D04208EFCB84DFA8D440AACBBF5FB48310F10C0AAD81893350D6319A51DF91

Function 057FBC20 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76018d72cfb6893ea470ec96e7be4d97d4ff1af4a0f2479f5c2655a8d06e4349
Instruction ID: 103d32099ae93c9424d65927b0e2ce1b74dd9948ab2afb668332d865ea1549b3
Opcode Fuzzy Hash: 76018d72cfb6893ea470ec96e7be4d97d4ff1af4a0f2479f5c2655a8d06e4349
Instruction Fuzzy Hash: FBE0C974D08208EFCB84DFA8D5416ADBBF5EB48314F10C0A9D85897350DA319A55EF41

Function 057F5C98 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76018d72cfb6893ea470ec96e7be4d97d4ff1af4a0f2479f5c2655a8d06e4349
Instruction ID: 412355aac9ca87a8d6dc923bd882b80645e665b91a10e3e7731be82e09c025ba
Opcode Fuzzy Hash: 76018d72cfb6893ea470ec96e7be4d97d4ff1af4a0f2479f5c2655a8d06e4349
Instruction Fuzzy Hash: 4CE0C274E06208EFCB84DFA8D940AADBBF5FB48314F10C1AADC49A3350D6319A51EF81

Function 0563F940 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8efd64ceac20f005f32fca87cfe9197ce838c5e4ffa61ea6196ca50693d2a7a
Instruction ID: 4cd12740fd464247af9858ea3cc5983d71eca2dbac09a13223775897f4301c19
Opcode Fuzzy Hash: e8efd64ceac20f005f32fca87cfe9197ce838c5e4ffa61ea6196ca50693d2a7a
Instruction Fuzzy Hash: 3FE026307003346BDF106A65484276572A9AF09662FA00469E60AAF3C0FE62EC01C750

Function 053DD468 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a6a726f3bcfdab2cf5761b6a3222e3f30913904d64e10fa06bfd03caad1b7e9
Instruction ID: 1b4deb783c6c5b71404b6e1cce23159d1572d6e414b829eeb26df5fa369eca58
Opcode Fuzzy Hash: 7a6a726f3bcfdab2cf5761b6a3222e3f30913904d64e10fa06bfd03caad1b7e9
Instruction Fuzzy Hash: ECE0ED75D05208EFCB44DFA8D4416ACFBF5FB48310F10C5A9D80997350D671AA51DF51

Function 053DC488 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a6a726f3bcfdab2cf5761b6a3222e3f30913904d64e10fa06bfd03caad1b7e9
Instruction ID: 30deb512c43fd2a0f3beaf1eb5e74da7602e3459707908d0e9b955acf4540587
Opcode Fuzzy Hash: 7a6a726f3bcfdab2cf5761b6a3222e3f30913904d64e10fa06bfd03caad1b7e9
Instruction Fuzzy Hash: 2DE0C275E09208EFCB84DFA8D841AACFBF5FB48314F20C0AAD809A3350D6319A51DF91

Function 053D90E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dbe06c9175929b97ce7ab1bb1e6538800703fec210bbeb51f01e62beaf64993
Instruction ID: 81c0c218596412b224a50443d83a8a84029f98c51f5606b8b74c3e981fe8f627
Opcode Fuzzy Hash: 1dbe06c9175929b97ce7ab1bb1e6538800703fec210bbeb51f01e62beaf64993
Instruction Fuzzy Hash: 9BF0C975904208EFCB44DF98E880AACFBB5FB48310F10C199EC1957350D7329A51DB91

Function 053D3B38 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9153b2acf1f9c55a5a317026849fd640cd14e64a9c8650ad122678d3d1917b9d
Instruction ID: ef359ad8fd014b7a5fbef798aa2313d3754e387dfb89905b71222d1987f9f7ad
Opcode Fuzzy Hash: 9153b2acf1f9c55a5a317026849fd640cd14e64a9c8650ad122678d3d1917b9d
Instruction Fuzzy Hash: 3BE0D83694D244AFC705CB64D500A79BF75EB06314F14C4EEDC454F292C6324C57C752

Function 057F9D48 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baa6f857f80680f6593a2fab46cd17521fcd652323318761f321ee0f9418cb8d
Instruction ID: ac918d605f68a90e8994437c79f6900f2bc8888b2a3597b3a432d8e40c55190e
Opcode Fuzzy Hash: baa6f857f80680f6593a2fab46cd17521fcd652323318761f321ee0f9418cb8d
Instruction Fuzzy Hash: 8DE0E574E04208EFCB94DFA8D4506ACBBF8EB49304F20C0AAD90893340D6319A42DF41

Function 05637560 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ead2bed6a2730b958ac26d02175579463290dfc2154380a8bff010b8a9ebcec1
Instruction ID: 779b5e424a7629e96f8adc0be8df3a750a44607e7047ad17f80ca80d3aedd97b
Opcode Fuzzy Hash: ead2bed6a2730b958ac26d02175579463290dfc2154380a8bff010b8a9ebcec1
Instruction Fuzzy Hash: C4E0EDAAD05204CFC7419BB489092AA7FB0FF05305B0408ABD44893112FA304A10D782

Function 0563A5B0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ad7f51606fa3b563f9a07485178803fc7aed79e8fb2dd459e00696a937ee07f
Instruction ID: d6b08fb25ecf58f6d417e6f2dacd7bfbd424104de2053be91cd4c7deb3eddf04
Opcode Fuzzy Hash: 8ad7f51606fa3b563f9a07485178803fc7aed79e8fb2dd459e00696a937ee07f
Instruction Fuzzy Hash: 01E0E574E08208EFCB84DFA8D4416ACBBF4FB48314F10C0A9D85993340D6319A46DF41

Function 05639878 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ad7f51606fa3b563f9a07485178803fc7aed79e8fb2dd459e00696a937ee07f
Instruction ID: 680920b1f1ba1f7d3a624a760779e58bc6875e8e54471d2fe27f0340a5d16b6e
Opcode Fuzzy Hash: 8ad7f51606fa3b563f9a07485178803fc7aed79e8fb2dd459e00696a937ee07f
Instruction Fuzzy Hash: 33E0E574E04208EFCB84DFA8D4416ACBBF4EB88304F10C4A9D80893340D6719A42CF41

Function 010AD8D0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e6178dbdba552f51e671b4a48c47adfebc2ee6048ce79be9ec80b0c6262d846
Instruction ID: b54a4f0c15b447df39c23553db8af7debaf9b60edaadcb6a10314e8c7a9cf7cf
Opcode Fuzzy Hash: 9e6178dbdba552f51e671b4a48c47adfebc2ee6048ce79be9ec80b0c6262d846
Instruction Fuzzy Hash: 4CE0C2B5909244EFC344DBE8D8516EDBBB8DB1B308F9450C9D84C97392DA329D46C751

Function 053D94F3 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60e8a0199ca35de09fe6c404ffdd4889774cb4aa88367aa94abd35f64594558d
Instruction ID: f6924e883e2dad85e5a4b14204339dc6a09e61d064cdc4fe3b6e6d7d190f2f0f
Opcode Fuzzy Hash: 60e8a0199ca35de09fe6c404ffdd4889774cb4aa88367aa94abd35f64594558d
Instruction Fuzzy Hash: B8F0BC79A11258CFDB40CF98E588F9CBBF1BB09314F104095E80AAB395C7B5AD89CF10

Function 053D3F90 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82dd1fed3f8e2f1079af6216219cab5dd360b692e86dc2817c31f2408c822b68
Instruction ID: dea3339e52cd0c3bd96926960de5adbf850b664d7bdf9a6fe68ea0c8ed12d3b6
Opcode Fuzzy Hash: 82dd1fed3f8e2f1079af6216219cab5dd360b692e86dc2817c31f2408c822b68
Instruction Fuzzy Hash: 19E01A3590920CEBCB04DF94E840AADFFB9FB49310F20C499EC0817350C6329E66EBA1

Function 053DA630 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82dd1fed3f8e2f1079af6216219cab5dd360b692e86dc2817c31f2408c822b68
Instruction ID: 1f107630fcfa6c966f47743aa9c6c36d448c75e7c62a3defff0de38774df277c
Opcode Fuzzy Hash: 82dd1fed3f8e2f1079af6216219cab5dd360b692e86dc2817c31f2408c822b68
Instruction Fuzzy Hash: 63E01A75908108FBCB04DFA4E941AADFFB5FB49310F10C099EC0917350C6729A61EB91

Function 053D890D Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f6ac7014ae7d7df637968a1ba7bcb4e308260ca13d67d40d365faa2b3e988fa
Instruction ID: 86fb4ce43e512c1d43cbd8e3402969cee4efb4d7d124a6c5ea40fe676e7ebcb1
Opcode Fuzzy Hash: 1f6ac7014ae7d7df637968a1ba7bcb4e308260ca13d67d40d365faa2b3e988fa
Instruction Fuzzy Hash: 6BF0FE74A082598FCB40CB24C988BA9FB76FF45305F0485E5988DAB249C7705E81CF55

Function 053D0978 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8817843e2917b7c95cb48b4bd5c45a9882d0852b78bb1a199f3767d53417ab76
Instruction ID: e95bdbcc296c5aa43b4407a7f865de98157381678b392bf55a6d41bf480e3e96
Opcode Fuzzy Hash: 8817843e2917b7c95cb48b4bd5c45a9882d0852b78bb1a199f3767d53417ab76
Instruction Fuzzy Hash: 31E0E5B4E04208EFCB84DFA8E4446ACFBF4EB88304F10D0A9D84893350E6319A42CF81

Function 053D41E0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8817843e2917b7c95cb48b4bd5c45a9882d0852b78bb1a199f3767d53417ab76
Instruction ID: 227a59bb58f562ea26fbfc38d47522c718279296657ced748c70ab447710aa7a
Opcode Fuzzy Hash: 8817843e2917b7c95cb48b4bd5c45a9882d0852b78bb1a199f3767d53417ab76
Instruction Fuzzy Hash: BFE0E574E04208EFCB84DFA8D4416ACFBF4FB48304F10C1AAD81893341D6719A42CF51

Function 053D13B8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8817843e2917b7c95cb48b4bd5c45a9882d0852b78bb1a199f3767d53417ab76
Instruction ID: 92b54381779ac8b81f15988c06ef63ce6030d341773220f023fddb3b9a735a88
Opcode Fuzzy Hash: 8817843e2917b7c95cb48b4bd5c45a9882d0852b78bb1a199f3767d53417ab76
Instruction Fuzzy Hash: DEE0E574E04208EFCB84DFA9D5406ACFBF4EB48304F10C0A9D808A3340D671AA42CF41

Function 053D3280 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f26793a0beb3f3f50181e82741130594d4129e7275c7a33c08b095d0bbff0d00
Instruction ID: 8930a45cbea9dc5729b067a813df680e00f213facdf4d4057adf003191924fc8
Opcode Fuzzy Hash: f26793a0beb3f3f50181e82741130594d4129e7275c7a33c08b095d0bbff0d00
Instruction Fuzzy Hash: 35E0E5B4D48208AFCB84DFA9D5446ACFBF4FB89304F10C4EAD85893341D6355A41DF51

Function 0562DC80 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 583b7c78eed40f295d20b06cad6085190fc74221b59717ee7d33ee99173a907c
Instruction ID: 2b3d0fb6e3571804ae9192737576b08508acf73487faeb42953df52b1c11fced
Opcode Fuzzy Hash: 583b7c78eed40f295d20b06cad6085190fc74221b59717ee7d33ee99173a907c
Instruction Fuzzy Hash: 7CE0C274E04208AFCB84DFA8D5406ACBBF8EB88304F20C0A9981893340D6719A42CF41

Function 05332430 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a7483b3b6b108b8708ff3fce1c1086497876e4741d989fea3a28db7488aec00
Instruction ID: 26a63d55b2806424ba44ec00e1ac43b5d1fdc7ac1435ca575c245f40d1db841c
Opcode Fuzzy Hash: 7a7483b3b6b108b8708ff3fce1c1086497876e4741d989fea3a28db7488aec00
Instruction Fuzzy Hash: 95E086B8908108EBC704DF94D852ABDBFB8EB45310F10C099E84857351C6319A91DB91

Function 05638BCD Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a92c1a3f58d68b614488d9600effecb47db495c85fc979730669034d54eba2d9
Instruction ID: a71465e96a1531d13c860cee45ce0767cea311de28a38faabdc6d3637545abed
Opcode Fuzzy Hash: a92c1a3f58d68b614488d9600effecb47db495c85fc979730669034d54eba2d9
Instruction Fuzzy Hash: 4AE06D70E46108CBCB58DF60E8956EDB7B2EF89704F505058A00A6B355CE341D49CF01

Function 053D87C3 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ccfd230fa23797016d14e379cd4376239c867467e610ba32cc5e18e8447972d
Instruction ID: 26e939d7403e72c0272f8b70e21ef568135badb79a1980632824bb158adc4bfd
Opcode Fuzzy Hash: 8ccfd230fa23797016d14e379cd4376239c867467e610ba32cc5e18e8447972d
Instruction Fuzzy Hash: 0EF0F274910218CFCB94CF69E884B9CFBB2FB48300F0440A9E40AE3250DB306985CF20

Function 0562EFB2 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1405038a2f9d5ce83f517d80222d74f0cc6aa9a276a79702feb90b528fe92c04
Instruction ID: ec6195a63bd0d893e2be43990cb0515a4d398fca02a364c19e277d047a25651d
Opcode Fuzzy Hash: 1405038a2f9d5ce83f517d80222d74f0cc6aa9a276a79702feb90b528fe92c04
Instruction Fuzzy Hash: 65E01A74D08118EBC744DF98D4816BCBFB8EB48315F1480EAD84867341C6329E42DF81

Function 0562E990 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15008498268a96c7d46f2b52c8d62b1bfa2260404b2d44d762a4e45a585349ce
Instruction ID: b60576b8eb6222c5a54bf8cdd9806eace0673f76d1b1cf71b2c51280040c7f0a
Opcode Fuzzy Hash: 15008498268a96c7d46f2b52c8d62b1bfa2260404b2d44d762a4e45a585349ce
Instruction Fuzzy Hash: 25E0C275C09114EBDB84CB94D851BBDB7BCEB06308F6440ADDC08AB392C6739D06CB94

Function 05625275 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e97e8c76bbd47836d2ee3fd7e71559bfea83603bb437beb6f90b5357ddb9b97
Instruction ID: d045cf005a8895dae5f773d519dcf7c7f4e285dcab883a89dd9fabf06f4758e3
Opcode Fuzzy Hash: 9e97e8c76bbd47836d2ee3fd7e71559bfea83603bb437beb6f90b5357ddb9b97
Instruction Fuzzy Hash: 6EE0863B7000688B8F54CF18E4555DDBBB2EB88211754827AF942C7701C6358927C7D0

Function 053311F8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8be6c9532e4386c853814cb497485c48bfb181b627408931eb9a2ed23c45397
Instruction ID: d7240d56b44dcf6fcc5e11dd378542ab54abea32a62cebbf79bc31f55b1fb77e
Opcode Fuzzy Hash: d8be6c9532e4386c853814cb497485c48bfb181b627408931eb9a2ed23c45397
Instruction Fuzzy Hash: 0FE08674948108EBCB44DF94D845AACBFB9FB45314F20C0A9DC0457351C6319E52DB81

Function 057F8900 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a145609de42f2a401abee48d5a21d7fea9cc445004e08bbcffd053493c5fd02
Instruction ID: 836d52bd7791a3849930747243eea290dd835efd986c39ae8656c61b00e78daa
Opcode Fuzzy Hash: 8a145609de42f2a401abee48d5a21d7fea9cc445004e08bbcffd053493c5fd02
Instruction Fuzzy Hash: D5E01274D08208EFCB44DFA8D4456ACBBF4EB88314F2080EAD85857381C6319A42EB82

Function 056385CB Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fd4d1918cf2d48d633ecade65fea3141b95b80bcd1e9ee95df1d93e584624bd
Instruction ID: a81e33e3c1068bf2e1ac46115835e2b0f04d099ef8e6f9adab11c0a07399985b
Opcode Fuzzy Hash: 9fd4d1918cf2d48d633ecade65fea3141b95b80bcd1e9ee95df1d93e584624bd
Instruction Fuzzy Hash: E3F01534A00258CFCB10DF24E49A7DDBB72EB46300F10A59AF50AA7340CBB05E84CF44

Function 056391C0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75b77b5a9bb70491600965240061553f3c45424ad583b3bd7c71be321781667a
Instruction ID: 2d89646fc8c67168a019a2c03b1073c3f3550f2817b81b5742d2d531d8d104b3
Opcode Fuzzy Hash: 75b77b5a9bb70491600965240061553f3c45424ad583b3bd7c71be321781667a
Instruction Fuzzy Hash: 16E04F70914108EFC784DFA8C8456ACBBF4EB08304F2080A9CC08A3340D6719E41CB41

Function 056388D3 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e78a01f5d263566cff903025cd24a485c9a6ffb2d56d90628825e1db5097a755
Instruction ID: 8d6083922f98319cd5e5a537cf98af2a2f5914e98f14600331a9c080de42b340
Opcode Fuzzy Hash: e78a01f5d263566cff903025cd24a485c9a6ffb2d56d90628825e1db5097a755
Instruction Fuzzy Hash: 3CF0F874A011188FDB50DF24D865B9DBBB1FB89304F0081A5E609A7384DE741D44CF80

Function 05634880 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f35fd04925094662f548071f238dbe2a0fcf12202e06122338f4b2f20d2ead08
Instruction ID: 633f4db1cdd7ce56fa65adfe56ed1096ae39897a4349b230aeb15fb023dcf6d5
Opcode Fuzzy Hash: f35fd04925094662f548071f238dbe2a0fcf12202e06122338f4b2f20d2ead08
Instruction Fuzzy Hash: B7E01A74D04108EBCB44DF98D4456ACFBF4EB48304F1080A9D80857340CA329A42CB41

Function 053D5500 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27958899f0755b54b08e8db75737ab0bf7bde9335d2d99d85279799ff653f988
Instruction ID: ef18b7af2cf377125c21a1daba127c617dcd19bb527f5457b899c7f5cd8bfc37
Opcode Fuzzy Hash: 27958899f0755b54b08e8db75737ab0bf7bde9335d2d99d85279799ff653f988
Instruction Fuzzy Hash: ACE01A74D08108EBCB45DF98D4406ACFFB6EB48304F1080E9D85957341D6319A45DB91

Function 053D2D78 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf6278188b1029a1e260a72e3e49aac971c922cc7b62f67efea9b8a7cd295c3f
Instruction ID: d5e993726580b2ac8393c5816cec1eda0d7d082126990ebd180745b6f232f133
Opcode Fuzzy Hash: cf6278188b1029a1e260a72e3e49aac971c922cc7b62f67efea9b8a7cd295c3f
Instruction Fuzzy Hash: C9E01A78D04108EBC744DF98D4406ACFBB9EB48304F10C0A9E81857340C6315A41CB41

Function 053D3CF8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f49de424c25ce9ca75b3cc72a8a942a692f894a8c1c5df8bc659a6fd669536f7
Instruction ID: 35da36d28d2eb342081a6b245b91227129b0cf72b9250b822d1e36d75b826efb
Opcode Fuzzy Hash: f49de424c25ce9ca75b3cc72a8a942a692f894a8c1c5df8bc659a6fd669536f7
Instruction Fuzzy Hash: 1EE08C74908208EBCB04DF94E840AACFFB9FB45314F20C0A9DC0827351C6329E96EB92

Function 053DD009 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8374aefb887a052d3046dc696d470d86e8276c6316cc714ba5b5f07d62e42d0b
Instruction ID: b2dba9c7f7f183f638a278b8d5fab8d1415167581f1362543007d5756f5d13c9
Opcode Fuzzy Hash: 8374aefb887a052d3046dc696d470d86e8276c6316cc714ba5b5f07d62e42d0b
Instruction Fuzzy Hash: 73E02674E182498FC700CBB9D89869EBFBAEB4E300F108041E008D7340DEB4480DCF80

Function 053D4310 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f49de424c25ce9ca75b3cc72a8a942a692f894a8c1c5df8bc659a6fd669536f7
Instruction ID: 01d78e7d96ca97ad2711c16f997356d116caf3d884c752d75811a5ea050ba2aa
Opcode Fuzzy Hash: f49de424c25ce9ca75b3cc72a8a942a692f894a8c1c5df8bc659a6fd669536f7
Instruction Fuzzy Hash: A3E08674909108EBCB04DF98E8809ACFFB5FB45315F50C099DC0417350C6715E61DB91

Function 053D3B48 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f49de424c25ce9ca75b3cc72a8a942a692f894a8c1c5df8bc659a6fd669536f7
Instruction ID: 26199d8c0cd95201c16694fea0a54e2f5ff1b55504c03df111e94dd7148c9bea
Opcode Fuzzy Hash: f49de424c25ce9ca75b3cc72a8a942a692f894a8c1c5df8bc659a6fd669536f7
Instruction Fuzzy Hash: E7E08675948108EBCB04DF98E8409ACFFB9FB45310F10C099DC042B351C6315E51DB95

Function 0562E3E0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f31e2ed965066287d5f8672df977f3a0bedd90abf07471994c9c4e1bf09824af
Instruction ID: 106b8345d1cbcb767a5f2f1f2d7a0fb23eacd43490ed336d4451ce898b4c1bc2
Opcode Fuzzy Hash: f31e2ed965066287d5f8672df977f3a0bedd90abf07471994c9c4e1bf09824af
Instruction Fuzzy Hash: 70E01274D08218EFCB44DBA8D4406BCBBB9EB89305F2080EADC5957391C6369E86DF81

Function 0533F5C8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43a19894eb478d41d6c20dcaa87ac56baa7a8bb5e21aee3fc1ef5839b5313348
Instruction ID: aa3ef9885564088c09255e2c5be7ba830527541587a0c00f3787c01aed48093d
Opcode Fuzzy Hash: 43a19894eb478d41d6c20dcaa87ac56baa7a8bb5e21aee3fc1ef5839b5313348
Instruction Fuzzy Hash: 25E0EC74D55208EFC740DFB8E4866ACBFF8AB04305F5040A9D80993250EB745A84CB45

Function 053311B0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99b75c174620ac03abbbeacc5790e54a2e96713509a2a2e2e40d3836e6537944
Instruction ID: fbee8b35487ba09df8154a2363c4b760f77eb2df80e69f010e7acc1df79a5a1e
Opcode Fuzzy Hash: 99b75c174620ac03abbbeacc5790e54a2e96713509a2a2e2e40d3836e6537944
Instruction Fuzzy Hash: A0E0C2B5801208ABC700EBF8C80579E7BF8EB05301F0044A6D00993150E9714A50D792

Function 053311F7 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb220f389ebfb38dab8b8cb29cda0c909dda1324ab63882341a0ba7f2bb6eb10
Instruction ID: 7c01d6a327623ba3cb942f0a08d0c667f92ee25554fbbb279d1593bdad3fd3cd
Opcode Fuzzy Hash: eb220f389ebfb38dab8b8cb29cda0c909dda1324ab63882341a0ba7f2bb6eb10
Instruction Fuzzy Hash: FBE0C234188004EBC748CB94C541ABCBBB5EB4A318F24C0E8DC0887392C6339D43D640

Function 057FB5C8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a64670ddb963bd21bc6745d8ac26624caf10bc58dbcad8c1e16f59c722210ff9
Instruction ID: b2b202788eda4e1f0a160efc03e4409f26175aae30b82a630ca8d0ea5aa45aa8
Opcode Fuzzy Hash: a64670ddb963bd21bc6745d8ac26624caf10bc58dbcad8c1e16f59c722210ff9
Instruction Fuzzy Hash: 2BE012B1945208ABC700EFF8D81469E7BF8EB45301F5045A5D50997250ED358A5497D6

Function 057FE278 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2145f9b0801d703fb36085182c0dff2065c4a14080330d2b14d854b55e958bb4
Instruction ID: 2993332809d344b84982592a604332e1c4689a1439c06624a7fbca5f5147a193
Opcode Fuzzy Hash: 2145f9b0801d703fb36085182c0dff2065c4a14080330d2b14d854b55e958bb4
Instruction Fuzzy Hash: 0DE08C34908108EBC744DF94E840AACBFB9FB85304F209098CC0817350DA315E42EB81

Function 05637570 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a9824ac633d2ce5a74001a0b25d7441a2614fa775d607478deb2970354b3d0a
Instruction ID: ea20ea61f5f66ca1c3c3b52aec9647c240ec45c8c91d90a706e8a0f95fa5e982
Opcode Fuzzy Hash: 6a9824ac633d2ce5a74001a0b25d7441a2614fa775d607478deb2970354b3d0a
Instruction Fuzzy Hash: 76E012B1941108ABC704EBF9C80569E7BF8EF05311F5044A6D54997150ED314A5497D6

Function 010A8730 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7a0fbf8da37291c7f689d14557ed539901bb4f0fb40ce389be98c9a993444f8
Instruction ID: ce30ea64d4d668cb2c1c03c253a9d1edede2838de74f48584a536a9cce4050b8
Opcode Fuzzy Hash: f7a0fbf8da37291c7f689d14557ed539901bb4f0fb40ce389be98c9a993444f8
Instruction Fuzzy Hash: 0EE0ECB1541208ABC701EBA89C0979E7BF8EB09311F1084A5D50997150EE314A549796

Function 010A0B70 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ec2d662c91804c345d230b2a081084df00e32e7d14ea79850cf79ab3b9f5b95
Instruction ID: e66f1d8d07fe8871ac9436bfeb884af102857bdd4825d875294b2c17ea3c1e54
Opcode Fuzzy Hash: 2ec2d662c91804c345d230b2a081084df00e32e7d14ea79850cf79ab3b9f5b95
Instruction Fuzzy Hash: ABE01234224509DFC388EFA8D554E3D33F9B7887143508894F58ACB369EB70EC058B50

Function 053D3BD8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aaf4e990912526b237e765643904d4333cd0515ccca8f4455cc549a95a89e70
Instruction ID: ae8c3d18f7758559aaab2e6ce37cb355b3f72b078532ba40b9b9c2c20be43a75
Opcode Fuzzy Hash: 5aaf4e990912526b237e765643904d4333cd0515ccca8f4455cc549a95a89e70
Instruction Fuzzy Hash: 33E0C235908108EBC704DFD8E8826ACFBB8FB45304F20D0DDC80817340CA325E82CB92

Function 0562FDE8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3df8cec613c7cde68406cdff8393e646f9f2539c1c37d1baaaf83d2af36de532
Instruction ID: 72996e17693e645ecb96779a9fb15f472a56383d296ad8910d3000cbc6ae7580
Opcode Fuzzy Hash: 3df8cec613c7cde68406cdff8393e646f9f2539c1c37d1baaaf83d2af36de532
Instruction Fuzzy Hash: 97E0C234908208EBC704DF94D8426BCFBB8FB45304F2090DCC84827341CB715E42CB81

Function 0562DF90 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb82e16e6f1ec4aea555cf8ebd9f6f3db16bd20c46777ef025f326bfcec6f227
Instruction ID: d6c033ae0097452206607367c6c0b2d86905e25c1fc72f6cba5f85b21a7bdaeb
Opcode Fuzzy Hash: fb82e16e6f1ec4aea555cf8ebd9f6f3db16bd20c46777ef025f326bfcec6f227
Instruction Fuzzy Hash: 45E0C270801108ABC700EBF88804A9E7BF8EB45300F1044A5C40997210EA318A50D796

Function 0533657E Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b81cf0f0cdb51947fcdd9fae6d2a9b21c861767ddb72524d56c874ff03019165
Instruction ID: 04f597e90ec3f43c97dfd07b6852b7703d0f32aa7ff66c3e711cb6e5339eab3c
Opcode Fuzzy Hash: b81cf0f0cdb51947fcdd9fae6d2a9b21c861767ddb72524d56c874ff03019165
Instruction Fuzzy Hash: D7E08CB0C19209DFCF01CFA4C502BBEBBB0FB06300F010046D402F7240C7788A458B2A

Function 0563B178 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e33de78a56d48a18d0478a732cd061f228ace0f754d6cf026edca3983bba552c
Instruction ID: 9cf392ca493b668a84acba640e1383ba4f657394be8c189697d112c266c43ee3
Opcode Fuzzy Hash: e33de78a56d48a18d0478a732cd061f228ace0f754d6cf026edca3983bba552c
Instruction Fuzzy Hash: 2BE01270A01258EFCB04EFB5D941BAD7BF5DB85305F5045A9E40997244DA715F05D780

Function 0563B130 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 949bfa240f0df41aa635b6ac880c36fb38b96370e6ec3e2283866ee38243f881
Instruction ID: fb3303637b7dc27426b96354d836183fb8cdd9e0c08816838a8f831be5a65b2b
Opcode Fuzzy Hash: 949bfa240f0df41aa635b6ac880c36fb38b96370e6ec3e2283866ee38243f881
Instruction Fuzzy Hash: 1CE0EC74A01218AFCB00EBA4D94169DB7F9DB45305F904599A80C93245DA716F019791

Function 0563906A Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03ee057f83eaa91847944feddee4a8bad4107f9f13557687251627360e29c6ca
Instruction ID: 7014aad173fbc178d3f789b12c67342df54142078e849b10859784e4e724aac9
Opcode Fuzzy Hash: 03ee057f83eaa91847944feddee4a8bad4107f9f13557687251627360e29c6ca
Instruction Fuzzy Hash: 28E0E574A002188FDB64DF64D8AABA9BBB1FF89315F1002A5A009A7344DF705D84CF54

Function 010A27C9 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff8b42e6644d1404f7af44ac9cea8c0df5666b5368bd6570e1f84bf5e25669f9
Instruction ID: 54f0fea41d3c0da65250e36347a0d23b8ea74762f21e6856e5d44c308b36d22b
Opcode Fuzzy Hash: ff8b42e6644d1404f7af44ac9cea8c0df5666b5368bd6570e1f84bf5e25669f9
Instruction Fuzzy Hash: A4D0A77170D1D49FCB0727A4B8205ADAF66FFC6314B8840B3D082CA557CB148A859391

Function 010AD8E0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dee402b3721707293a63dec8e16717c3b16cc68f71c5be6d2f4b4d61896e5b72
Instruction ID: 7e21dc4bafeb4bbdfc396c180626d9e1d625e29b8e9c1323b2cf2b067012b4e4
Opcode Fuzzy Hash: dee402b3721707293a63dec8e16717c3b16cc68f71c5be6d2f4b4d61896e5b72
Instruction Fuzzy Hash: 11D05E70509208EBC744CBD8D940AACBBBCEB4A314F5080DCD80C57751CA329D41C741

Function 0562F588 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 142f4c3dd5e633f1f1d5e2401dd5249e3d85f106f6c08aaacf91762369565639
Instruction ID: 921f8e5c27cc6d1d0544c648f65fdec21fb64bec53cc23403ab665792a28dfc3
Opcode Fuzzy Hash: 142f4c3dd5e633f1f1d5e2401dd5249e3d85f106f6c08aaacf91762369565639
Instruction Fuzzy Hash: EFD05EB4509108EBC744CF94D881A69F7B8EB49314F50809CD80957351DA32AD42CB91

Function 05623F50 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e80a7a233445a06fbaba02ff1dd99ed9469972d1c14f388a5acbc9715b4b283
Instruction ID: 1ad42e36f3c47ac98b3e07f981bde8a9fd353a3eb51d61c6cf924c62e95096b8
Opcode Fuzzy Hash: 8e80a7a233445a06fbaba02ff1dd99ed9469972d1c14f388a5acbc9715b4b283
Instruction Fuzzy Hash: 16D02B3214C2D44FC702D3297C025D53FF09AC7001345D9A5E0C987957C0508507C790

Function 0562E9A0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 142f4c3dd5e633f1f1d5e2401dd5249e3d85f106f6c08aaacf91762369565639
Instruction ID: 3ff629a2ce806f098bdd0c60f09b5263ac8a3445c40e9614c2c3f0776a75feee
Opcode Fuzzy Hash: 142f4c3dd5e633f1f1d5e2401dd5249e3d85f106f6c08aaacf91762369565639
Instruction Fuzzy Hash: 0CD05E70909118EBCB84CB94D840B78B7BDEB46314F5080ADD80957391CA739D42CB81

Function 0563878C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 022270b495a2b02116b8f351def357e7482652a93ca03f4ce48693c24457b9a5
Instruction ID: 19d4379f54a62197effffda3a071d100c267be771e3423c52a9ae57512a45b1b
Opcode Fuzzy Hash: 022270b495a2b02116b8f351def357e7482652a93ca03f4ce48693c24457b9a5
Instruction Fuzzy Hash: DCE04F34A40258CBC715EF24D49979DBBB2FB8D301F109198E40AA7344DF701D94CF08

Function 05638677 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57c10970feb2bfb966723718c3580bf72b6340aeae9072f6d1547c91d92a3b42
Instruction ID: 732f771e1b8012bc31afd53a7411c33e0dd0641022f353c5ea046a3c91dbc1b9
Opcode Fuzzy Hash: 57c10970feb2bfb966723718c3580bf72b6340aeae9072f6d1547c91d92a3b42
Instruction Fuzzy Hash: D0E01274900219CFD758DF20D5A5BADBB72EF44300F108099A50967754CF341E44CF65

Function 05638621 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6de40260256336307879b191259e889f0e7ce6f61e92a4d5d4baaf9681fb420d
Instruction ID: 2d1c19a1b5a6ea4d32301c5668b9e7e01b793aaff5266af53fc1fffa37a6a73d
Opcode Fuzzy Hash: 6de40260256336307879b191259e889f0e7ce6f61e92a4d5d4baaf9681fb420d
Instruction Fuzzy Hash: 35E0E578A0121C8FC768DBA0D4A6799BB72EF8A300F0004A9E209AB344CEB01E848F45

Function 05638D56 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccebb92d432a0ed69891d7a4f59b326d83c6fd8f2d9c65e84ff84d6f1cb48b65
Instruction ID: 858d5285313158f491e78ab556371ff7508012483b7dc813ac2851c1859e7ad0
Opcode Fuzzy Hash: ccebb92d432a0ed69891d7a4f59b326d83c6fd8f2d9c65e84ff84d6f1cb48b65
Instruction Fuzzy Hash: FAE01AB4A10554CFD765DF34DCA9BADBB72EB85302F208098A50E6B345CF305D858F65

Function 05638DF1 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01350f950f90e84784aafa538fddb5cb2bc9a91c76915672c26b83469b673964
Instruction ID: f289cb53e7dd5d781693c6bb25518e120ee5a1189fc615267fa9bd6021e99cbb
Opcode Fuzzy Hash: 01350f950f90e84784aafa538fddb5cb2bc9a91c76915672c26b83469b673964
Instruction Fuzzy Hash: EEE01A34A40298DFC764EF24D8A979DBB71EB85311F109098A40E6B344CE741EC98F84

Function 05638C1B Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9380174bda0b5eb1f2548902730df5d106df4c7851585cd8bd35c3538a06160c
Instruction ID: be333c3c2dc67ff6c44d8f58cf957051ae513c5ed690abc8d6ceaa01745c5f1b
Opcode Fuzzy Hash: 9380174bda0b5eb1f2548902730df5d106df4c7851585cd8bd35c3538a06160c
Instruction Fuzzy Hash: 11E01A74A01218DFCBA4DF20D8A579DBBB1EB86300F108099A44E67344CE301D898F56

Function 05638954 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fafa0a3d94ec1ad6cc77f0f38225e8a9daa164a160c83349b6d1c1deb845f5d
Instruction ID: 96848ad2e1c259a811e08e04d135162d71cd701cf5a1bc65326f1b057f330a71
Opcode Fuzzy Hash: 9fafa0a3d94ec1ad6cc77f0f38225e8a9daa164a160c83349b6d1c1deb845f5d
Instruction Fuzzy Hash: D1E01A74A50219CFDB25DF20D4AA799BBB1FB8A301F5000A8E50A67344CF301E44CF15

Function 0563880B Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c75cd1f623e68abe615f8b8429af7b45ef418c29288d0d3e3ba1c82d408b785
Instruction ID: 34c12d8ffa4dd2eb0644ef74b0f1ab801424007b8f1b275d477282d331d3a5e3
Opcode Fuzzy Hash: 1c75cd1f623e68abe615f8b8429af7b45ef418c29288d0d3e3ba1c82d408b785
Instruction Fuzzy Hash: 40E01A74A012198FCB64DF30D596799BBB2EB8A301F108099E40D67746CE741D89DF58

Function 010A8592 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b862917ee7622f935f84cc976933b31e46ae2cc8c0995835df159f56a2a7b038
Instruction ID: c181b89b36da7478b41c93e7a0d77e07e6d1606811895776c17ad26fe7f11ec6
Opcode Fuzzy Hash: b862917ee7622f935f84cc976933b31e46ae2cc8c0995835df159f56a2a7b038
Instruction Fuzzy Hash: D7D012650C050546E79973FDAD0EBFC3AE8D714327F889051D6DD915A1DBBC40C1C26A

Function 010A09B1 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 906609de99061bddb14821f4ec0c8473e0f4df63395de097ec87093f8b290ef0
Instruction ID: f8ed2f80a7a3262fc4a16de0ff45f85a94aaef9f4bb1d283c36df0b5b361f361
Opcode Fuzzy Hash: 906609de99061bddb14821f4ec0c8473e0f4df63395de097ec87093f8b290ef0
Instruction Fuzzy Hash: 47D02BF0801208DEC7458F64D90579F7FB5DB48301F804811E00977154D73124018B30

Function 05636723 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c893e72f53ef6c599538382b72e0cf94c5882bdc0ef0319fa1719b3e6c5915b
Instruction ID: f5c094ca4d8bcbd912f8a0505b15c6623dd55f0f2cd9e093dc893976c1b082e7
Opcode Fuzzy Hash: 9c893e72f53ef6c599538382b72e0cf94c5882bdc0ef0319fa1719b3e6c5915b
Instruction Fuzzy Hash: 85E0B6B8A042199FCB60EF28E855B5ABBB2FB4A304F0080A5A509A7348DF705A44CF45

Function 010A09C0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8362095b0d0495e4f6a35b54d45ef6aaff4b6c46bb71ea21ac46d6b62fac4e4f
Instruction ID: 2d0bebd9ece70e8971b7a0f0f168165353f0f3393e928b72e4f033a95bc8b302
Opcode Fuzzy Hash: 8362095b0d0495e4f6a35b54d45ef6aaff4b6c46bb71ea21ac46d6b62fac4e4f
Instruction Fuzzy Hash: 40D0A93090420CA6D748AAAAA808B9FBEBEDB88311F804020F10A72298DA32281084A0

Function 053D0F4F Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d4537f16403bf2a159e7c2bc4702eac3e60ca7a1eea6c1a5c9f13e02d6d4e5
Instruction ID: 22e0b925df00d053b2041e6407ecf97f51f3fabbfdeba6cfead3a22fb8752c52
Opcode Fuzzy Hash: a3d4537f16403bf2a159e7c2bc4702eac3e60ca7a1eea6c1a5c9f13e02d6d4e5
Instruction Fuzzy Hash: 61E0B674B0011ACFDB20DB58E845BD9BBB1EB89315F0040E6A60CA7344DA305E45CFA1

Function 0533AD62 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cbbc4a3ac4830ae4b62834778f5040b5d0bf0d408a30f328294e9152511c905
Instruction ID: f7654fd961182e387e2e499ea0e796d32bc496c1e04446cd7f00ca117876efc0
Opcode Fuzzy Hash: 0cbbc4a3ac4830ae4b62834778f5040b5d0bf0d408a30f328294e9152511c905
Instruction Fuzzy Hash: B7E0BD70A01228CFEB21EF15CD08B9AB7F6BB56306F0052D8808962294D7F41AC4CF02

Function 053D1D03 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e59a8ff37b92c15be96b31e28cfe7f31ad521d8b30beb6b3a408bb3bbb55445c
Instruction ID: 5598f66e1f4b030b5b838f5af0dc6ab680eefde8ef02182bfb8396d8a84ae65c
Opcode Fuzzy Hash: e59a8ff37b92c15be96b31e28cfe7f31ad521d8b30beb6b3a408bb3bbb55445c
Instruction Fuzzy Hash: 0FD05E70508285CFC751DBA4D859A5BBF79BB47304F108088F1059B24ACB360C0ACB62

Function 0563C5E0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f9219b8ed2d865cc2badbd21a0435cbcf2a6035f8b3b75e5ba94a233424d26f
Instruction ID: 51e76ee3d36b6b69e789248e2a747dbdc860704f6999c46aec9c7c835272d19b
Opcode Fuzzy Hash: 0f9219b8ed2d865cc2badbd21a0435cbcf2a6035f8b3b75e5ba94a233424d26f
Instruction Fuzzy Hash: F2C0923999012856FE5C12B0CC07FC52E14D700B14F942648BA43E52C3C9CC4013C860

Function 05626400 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6700f3d4f46354314eab04dfded62dda09383e7b351c0be5eb4b270e8382190
Instruction ID: b8a9c71e1f34bcef6cdcabe3cc6dc35452108e6c3a7ff9a2a64767cce524cbe7
Opcode Fuzzy Hash: f6700f3d4f46354314eab04dfded62dda09383e7b351c0be5eb4b270e8382190
Instruction Fuzzy Hash: D1D012B7004114BFCB008B24D885F8577A8DB39360F465051F50487731D661EA519640

Function 0562B20F Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4d597f34c64f3dee37fea64ec6bd9d43464b5e6b88e9fa17b8a26e6d155e5a4
Instruction ID: a34167379db133eef73cb6e4b5dec80a93e13129b39c146fba827933b0fa147c
Opcode Fuzzy Hash: b4d597f34c64f3dee37fea64ec6bd9d43464b5e6b88e9fa17b8a26e6d155e5a4
Instruction Fuzzy Hash: 65C012751400006BC204CA04CCC1F81B36ADB94324F18C4596D0947351C73BED17EA20

Function 010A85A0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0bb30d4cb62f85eddb0baf9781c7bc48b8918b8c03de63281e71fb894fed604
Instruction ID: 4bfe9bd486b6890d7d8cf5770a1bfc01eeb3c59b64fac9222f0da6afe2a09a73
Opcode Fuzzy Hash: c0bb30d4cb62f85eddb0baf9781c7bc48b8918b8c03de63281e71fb894fed604
Instruction Fuzzy Hash: 8DC08C6408060446C38433ED680DBAC3AE89B00316F800040D6CC004619EB000C0826B

Function 053349E7 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 583d8344e2a3db38f76ff63e25183b16be3d7b3d30f23739e3255c76d4bb1ab4
Instruction ID: 5a2d3eb741bc4ee2af13469481720a7f4650341215dc5c0279859fdd62fee600
Opcode Fuzzy Hash: 583d8344e2a3db38f76ff63e25183b16be3d7b3d30f23739e3255c76d4bb1ab4
Instruction Fuzzy Hash: B8D092B8D112298FDB61CF54C884BAAF7BAAB49240F1090DA9A0DF3340D3715F8ACF41

Function 0563733D Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c70ef460f3c89da901d98a38385934d6f5afa7c3e19b9aa400d134f105f1826
Instruction ID: 1076f2a83119e6b3b7eaa84ef1c09e78a98c8d2fefa010ac18d5d00a255178bc
Opcode Fuzzy Hash: 7c70ef460f3c89da901d98a38385934d6f5afa7c3e19b9aa400d134f105f1826
Instruction Fuzzy Hash: 62C0027AF5041A9BCF00EBD9F8408DEF7B5EB98361B008076D614A7208D6706926CFA1

Function 010A0838 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91abf5ce2f89aebb4e8789fedb740b5166d21fb7d9f3cbb2ae5307b706dc7d46
Instruction ID: e796e62cf7e484930e061152b6de778b8e93f839085514ea295b5fb19f95ed4d
Opcode Fuzzy Hash: 91abf5ce2f89aebb4e8789fedb740b5166d21fb7d9f3cbb2ae5307b706dc7d46
Instruction Fuzzy Hash: A1C08CB0044208CFC3082F20FC0A7887BFCEB15711F010080E00C4A130C7B018808B98

Function 053DB0E1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 543b5aa4ff618e4014e8ca40d0250ff3e246c4abaaf2d1e3b2af728efcbe2a09
Instruction ID: 187cf2c06e38287e80de1b9965fc29ef807c949b56a66189d8b205898f5f34e4
Opcode Fuzzy Hash: 543b5aa4ff618e4014e8ca40d0250ff3e246c4abaaf2d1e3b2af728efcbe2a09
Instruction Fuzzy Hash: 9FD012B490028C8BCF00DFE4C0806CEBFF2FB08310F208009D441AB309C3384A489B60

Function 0562A4C1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d771cd6d8eb896958a620d1186d81c636c575003fcae444156ba0a59f6dd34d0
Instruction ID: 99d6cfa9b339a4a4f2cd4503137efdde164b06ad580a6fa31fd5c538e9394f95
Opcode Fuzzy Hash: d771cd6d8eb896958a620d1186d81c636c575003fcae444156ba0a59f6dd34d0
Instruction Fuzzy Hash: B6C08C310089819BC3418320DC9A7D7FF108F51219F0882ADD08E83A52D2128805C782

Function 05628621 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcdd5b4c849abbdb98556bc7ef3ee2a54302b88068a8d5c23ae5db7f5532b65b
Instruction ID: ebc756113f58e6295710f5fb3e54bf2c86891a1c059ea4268845535f401b7e92
Opcode Fuzzy Hash: fcdd5b4c849abbdb98556bc7ef3ee2a54302b88068a8d5c23ae5db7f5532b65b
Instruction Fuzzy Hash: 05C08C320041409BC3109B44DC69759BBD0EB40305F2980A8D04D0B192D736B400CF81

Function 0563F4E0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e744fc5dff1dec870f69098fc4394279777f0b27f77f6c00f83b01eb31b732f
Instruction ID: 4eddf0768bae6a6c295271baea8f14b850e7a504ccf9274af4b4c81e9dc6f6e8
Opcode Fuzzy Hash: 2e744fc5dff1dec870f69098fc4394279777f0b27f77f6c00f83b01eb31b732f
Instruction Fuzzy Hash: 4AC09273AA45604BFB15DA10DC5B7E53750E324304F5204A4E902C65C9CA28A4278E9F

Function 05638BF2 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6435274b0bb2e28386fb6b47375f303cf1e06a6489e69f1f6a0ffdc9eae45c9c
Instruction ID: 328913aadb7849bdbfe3be0807dd7f671527ec10a513ac449fdf9f90f3b3285a
Opcode Fuzzy Hash: 6435274b0bb2e28386fb6b47375f303cf1e06a6489e69f1f6a0ffdc9eae45c9c
Instruction Fuzzy Hash: 31C08C30240209CBC750AB20D4AFABABF32E7C2306F10402471020F288CE78080E9744

Function 010A0990 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98b7cf101a1e85537ed7dac906d4b338583e080773d16a0411f71df7646f9cd3
Instruction ID: 66e800796aa24e861b6b2ab14782790f4f24818809e514c1aafbc390033ebca8
Opcode Fuzzy Hash: 98b7cf101a1e85537ed7dac906d4b338583e080773d16a0411f71df7646f9cd3
Instruction Fuzzy Hash: 0EC09B5924E6C44DD70B07B959204153FB099073847C980C6D0C4CF1A7C3194507CF67

Function 05626410 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 010A1D17 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 408150833619e74f6efcd0e5892c23c6b33c0a33b4807cd0990ae852b5f9250d
Instruction ID: 7b97b642f67b3e078b17a2dd3ad65890106215711bfba84fcad99794a05de313
Opcode Fuzzy Hash: 408150833619e74f6efcd0e5892c23c6b33c0a33b4807cd0990ae852b5f9250d
Instruction Fuzzy Hash: 34B09234114606DBE309A790882436A36A29788390F528818C1DB87794CB71AD828795

Function 010A0CAE Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02f391ec9186be7460d7ceff6d79b41e4f57d1e64c9a78734556b4d1cf90d301
Instruction ID: b85e2fca3398a85c4a9ac4d37eb7eebe5a379a0fe5ee4097b0af5a2511f46b4f
Opcode Fuzzy Hash: 02f391ec9186be7460d7ceff6d79b41e4f57d1e64c9a78734556b4d1cf90d301
Instruction Fuzzy Hash: BFB0923000C284CFD7054BA4C86B72C3BB9EE0B30034A48C1E4828B02ACAA025209A22

Function 0562A508 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d756c28cb7e4e1dc6f0c0ea2ad59e2791d8c1de204be40d9b0680d54ec6612d8
Instruction ID: d3e1fe9d2342bb06aeff6c3644870c31aefd9ab557655486704de444e7c1e6aa
Opcode Fuzzy Hash: d756c28cb7e4e1dc6f0c0ea2ad59e2791d8c1de204be40d9b0680d54ec6612d8
Instruction Fuzzy Hash: 49B09232000208AB86009B84EC0896ABB69AB59710B10C025A60906122CB32A822DB98

Function 010A0848 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03135dec36dcb92b552c028599ff3637483626f752e90151072e45240dafd05d
Instruction ID: db1df9ec590eb397a92a1849ca709516bc8e6728889711fddd719def80922d0f
Opcode Fuzzy Hash: 03135dec36dcb92b552c028599ff3637483626f752e90151072e45240dafd05d
Instruction Fuzzy Hash: 85A0123009020DCB83082750BC0D74C3B5C95005227440011A00D804208B1014804645

Function 010A0CBB Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94954832f288a73b15b8e171e60877e2d555a49e600581a1f1120becc6f4f321
Instruction ID: fddfafb6c6631846978c1ee075b0e8a8fbff3d361312ace7be61ad2c398dcf97
Opcode Fuzzy Hash: 94954832f288a73b15b8e171e60877e2d555a49e600581a1f1120becc6f4f321
Instruction Fuzzy Hash: 63B01238D24718DBE34C97B1E894D7D3271BEC41D074C4410F44792244DE740840C550

Function 0562A4D0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00678b2b2428b6d572111f3222932edeab1f1c2fbe9d190f586c657ef4eb0b2c
Instruction ID: 2789a85c6b3b4aee3d3e4dcfa8029d91f8af8d667d4a4bf5a6c717cb48c95d0e
Opcode Fuzzy Hash: 00678b2b2428b6d572111f3222932edeab1f1c2fbe9d190f586c657ef4eb0b2c
Instruction Fuzzy Hash: 44A012300002088781405744EC09559775C9A446257104054900D021115B12BC01C784

Function 05623F31 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5891817224fbb3b97d0ba392ce27b9b4f3f885ad2ee9ec906802283cfec0ffed
Instruction ID: b4bbc28e7f061987190f2ef9179499e52d96b05d7b1cb66d543bc461af99a5df
Opcode Fuzzy Hash: 5891817224fbb3b97d0ba392ce27b9b4f3f885ad2ee9ec906802283cfec0ffed
Instruction Fuzzy Hash: 68A0222E008AB203EE003B20CE0B3C8A8E0CF83200FCC08AE0CC0C02C3C30C82A0C300

Function 05628630 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3838eb1bb3be65f6964060a3a267ddf9a730bc179fb2e6b7a25dab29f0004cc2
Instruction ID: bae3b1b0f7304c31ae0c457ce8aca704ac3fdbfe014ac09ccbc620a02b0574a2
Opcode Fuzzy Hash: 3838eb1bb3be65f6964060a3a267ddf9a730bc179fb2e6b7a25dab29f0004cc2
Instruction Fuzzy Hash: 47A0123001020887C2006784E919518779CA644A14F144058900D031114B12B801C684

Function 010A1092 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a3c7ea11c8531bc2e540a69ce446aa915151cdfcc83caf5e868eaa87d5304f2
Instruction ID: bc0b3c55fc10b6e557c2e7914a7a0d281dec74acc812234465ce021a7ecf2b47
Opcode Fuzzy Hash: 3a3c7ea11c8531bc2e540a69ce446aa915151cdfcc83caf5e868eaa87d5304f2
Instruction Fuzzy Hash: A9A002F2CB4A1881C50406781D4289923A595A297076AD7157075C4AD6D68E86074116

Non-executed Functions

Function 04F32EA8 Relevance: 3.9, Strings: 2, Instructions: 1395COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04F33E99
4'^q, xrefs: 04F33EA9

Memory Dump Source

Source File: 00000000.00000002.1713091076.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f30000_lumma1.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 74503839b667c3a2ca552bab6d475c6ae3514c58ef842f89b5ab363cd5e5b40f
Instruction ID: 40a467f7dc60ef5d29b4e00a50628cceebdde95ad7c777b81d914e57dedf147b
Opcode Fuzzy Hash: 74503839b667c3a2ca552bab6d475c6ae3514c58ef842f89b5ab363cd5e5b40f
Instruction Fuzzy Hash: 92C2C474E09358DFCB15DBA4C899BAE7FB1FF06302F15409AE905AB292C7346C46CB61

Function 0563F04A Relevance: 2.8, Strings: 2, Instructions: 335COMMON

Download Yara Rule

Strings

,bq, xrefs: 0563F14E
(bq, xrefs: 0563F3FC

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: (bq$,bq
API String ID: 0-1616511919
Opcode ID: 5a8cf3857d19b391146d56a812670c8a3c6d27b88aaa8a43782a1ee78cdbbcd7
Instruction ID: 3192bab2e83e9f8cd79e16db1300bed7a47e2a577a8ab397008b940a96fdb4c9
Opcode Fuzzy Hash: 5a8cf3857d19b391146d56a812670c8a3c6d27b88aaa8a43782a1ee78cdbbcd7
Instruction Fuzzy Hash: 1BD1F934A006148FDB14DF69C585AAEFBF2FF88311F2585A9E4059B762DB35EC41CB90

Function 010A4640 Relevance: 2.7, Strings: 2, Instructions: 171COMMON

Download Yara Rule

Strings

4'^q, xrefs: 010A4732
4'^q, xrefs: 010A4707

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 79255cceb6cf45347a3b1b2e676e0eb364485b37f5ff708b1218ff1d4ec0e59e
Instruction ID: 1099c4d71560a3f7a9defd15b04fd2e88c1997f8fbd309403968f6ac80a196a5
Opcode Fuzzy Hash: 79255cceb6cf45347a3b1b2e676e0eb364485b37f5ff708b1218ff1d4ec0e59e
Instruction Fuzzy Hash: FA711DB4A406498FD708EF6AE89479EBBF3FB88301F04C569D10897269EF705549CF42

Function 010A4650 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'^q, xrefs: 010A4732
4'^q, xrefs: 010A4707

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 945d435cd71be1c922f67934780a074832dd3ec6de3ebf418d9761e822fb6ad9
Instruction ID: 4843a5fc080a354df67edcbda65079ef3c841ba1acc48fc612b078335f32ebdf
Opcode Fuzzy Hash: 945d435cd71be1c922f67934780a074832dd3ec6de3ebf418d9761e822fb6ad9
Instruction Fuzzy Hash: 9F71FEB4A406498FD708EF6AE89479EBBF2FB88301F14C569D10897269EF705549CB42

Function 05332478 Relevance: 2.6, Strings: 2, Instructions: 93COMMON

Download Yara Rule

Strings

6, xrefs: 05332547
q, xrefs: 05332705

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID: 6$q
API String ID: 0-156098620
Opcode ID: 2cad837886698f3dda5f0c48522b5fd105c3df0a133cf9c6cfbb251ae2dab917
Instruction ID: cf1ba5ba3b614a516e7610e22cd0f5817452093c2fcc5c664cbf2b1c46a22cd2
Opcode Fuzzy Hash: 2cad837886698f3dda5f0c48522b5fd105c3df0a133cf9c6cfbb251ae2dab917
Instruction Fuzzy Hash: C841CA75E156288FDB19CF2BC84069EFAFBBFC8300F04D1AAD408A6254DB705B818F51

Function 04F32E8C Relevance: 2.1, Strings: 1, Instructions: 867COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04F33E99

Memory Dump Source

Source File: 00000000.00000002.1713091076.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f30000_lumma1.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: f9e71e95c2e09db3907b1032bd38a683ae3f88d9bb440179af901139c403db84
Instruction ID: 39b722cc7c9d192667cc5d7808a4752d8fca8db95c1b075e25fd1567d0c845b9
Opcode Fuzzy Hash: f9e71e95c2e09db3907b1032bd38a683ae3f88d9bb440179af901139c403db84
Instruction Fuzzy Hash: 3B62A3B094A384AFD716DB748C59BAA3F74EF03301F1941DAE544DB2E3C678684AC762

Function 0562B8B8 Relevance: 1.8, Strings: 1, Instructions: 598COMMON

Download Yara Rule

Strings

(bq, xrefs: 0562B988

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: e9b4e132d3acf4e86ebca277c9669f71c7a8f5a87249d94fc9e74d1b28d46d87
Instruction ID: 93915ba54a30f3fa4f039203c2f9e9fb2c15df8f25af07a839f1627243ad119b
Opcode Fuzzy Hash: e9b4e132d3acf4e86ebca277c9669f71c7a8f5a87249d94fc9e74d1b28d46d87
Instruction Fuzzy Hash: EF324A74B046268FCB18DF69C494A6EBBF2FF88300F548929E55AD7791DB34A941CF80

Function 0563A6C8 Relevance: 1.5, Strings: 1, Instructions: 259COMMON

Download Yara Rule

Strings

Te^q, xrefs: 0563A752

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 1b78d16f34b9b465968a2f14dc7124acadfbb2b93d592b59c1462717144f4a91
Instruction ID: 566f22adad17e6d586bcfb1a8923595fbd748054d806cf586cf78c5610b8e980
Opcode Fuzzy Hash: 1b78d16f34b9b465968a2f14dc7124acadfbb2b93d592b59c1462717144f4a91
Instruction Fuzzy Hash: 7DB1F774E04218CFDB24DFA9D885BADBBF2BF49300F1091A9D489A7395EB745986DF00

Function 0563A6B9 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

Te^q, xrefs: 0563A752

Memory Dump Source

Source File: 00000000.00000002.1716317695.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5630000_lumma1.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 1f02dfcdcc026c01f64ee6e44bd39bd94717c0994e69b9c6c4feabe4dd5ac866
Instruction ID: 015da0e68548745946b9bf6f80461014603d9ab03ae781b54716cd610da1c786
Opcode Fuzzy Hash: 1f02dfcdcc026c01f64ee6e44bd39bd94717c0994e69b9c6c4feabe4dd5ac866
Instruction Fuzzy Hash: 0AB10574E04218CFEB24DFA9D885BADBBF2BF49300F1090A9D449A7395EB745986DF00

Function 010A4EAD Relevance: 1.5, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

sq, xrefs: 010A4EB4

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID: sq
API String ID: 0-1320738648
Opcode ID: 0a18564d2f7f928b0ae3d63f35f2dadc9e7a1af577e808fbe1e48040d7c65db3
Instruction ID: 6e9ee7b3da91b39d104b80a84cbbc199a6c4b5807e7c165cecee71efa9d12917
Opcode Fuzzy Hash: 0a18564d2f7f928b0ae3d63f35f2dadc9e7a1af577e808fbe1e48040d7c65db3
Instruction Fuzzy Hash: 94910674D06228CBEB64DFA6CC58B9DBBB2BB89300F54D5EAD44DA7255DB710A84CF00

Function 053D2E88 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

pqI, xrefs: 053D2FAA

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: pqI
API String ID: 0-1078129942
Opcode ID: 217129cf22cb0759e1b635af561a730146bfd219b7265a906d5c7ecaa9a30b8a
Instruction ID: 0983468e3ec220086ec3c4e732f9132dfa6035647daac2eefa15c23c504b28bd
Opcode Fuzzy Hash: 217129cf22cb0759e1b635af561a730146bfd219b7265a906d5c7ecaa9a30b8a
Instruction Fuzzy Hash: 81417F75E0520ADFCF44CFA9D4812AFFBFABB88300F548825A506E7714E7348A459BA1

Function 053D2E78 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

pqI, xrefs: 053D2FAA

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: pqI
API String ID: 0-1078129942
Opcode ID: d285ec9acbfb0f83b63c63f5eec5c35ae8ce8667b11253ca1be03a03c5000b85
Instruction ID: cca6ad9051ddfd9f17ddffb94bf48357e0f59cef1bcea2a28909559bdf407ec1
Opcode Fuzzy Hash: d285ec9acbfb0f83b63c63f5eec5c35ae8ce8667b11253ca1be03a03c5000b85
Instruction Fuzzy Hash: 6B41B075A0524ACFCF44CF69D4812AEFBFABB88300F148875E106DB714E3348A41DBA1

Function 05332467 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

6, xrefs: 05332547

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: 7d24cd35b14eb1a50a62b416f6c66aecfef978de749aa3031d93233dd9ec8f2d
Instruction ID: 1bfa695c66141882fe691fcf8a7de3e3c628e3e5d6bf943c01eeea652a223ee5
Opcode Fuzzy Hash: 7d24cd35b14eb1a50a62b416f6c66aecfef978de749aa3031d93233dd9ec8f2d
Instruction Fuzzy Hash: 0A319F71E156188BEB1DCF5BDC4169AFAFBAFC8300F04D1BA994CA6254DB700B818F51

Function 053D09C8 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

(, xrefs: 053D0A43

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 97bb9aa90e3db6916f2b225bb579f334ee2484f8bd8a2a18e4d5d96f8dc2d5e6
Instruction ID: ed3ac66b17e3d573c9c2cd036271518832cdd98cac9adc2438a20f18648343c9
Opcode Fuzzy Hash: 97bb9aa90e3db6916f2b225bb579f334ee2484f8bd8a2a18e4d5d96f8dc2d5e6
Instruction Fuzzy Hash: 1B21E971D016188BEB18CF6AD9447AEFBF7BBC8300F14C1AAC40CA7255EB740A858F60

Function 053389E0 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8740f2c0a421d920d36fe20e26643174c54ef10a60759bbcee321344ef9bd434
Instruction ID: 9ad49b5dac5905fe5b284eb84185be61bb496dc73695b2bdd8bbfa3c6f20cbf1
Opcode Fuzzy Hash: 8740f2c0a421d920d36fe20e26643174c54ef10a60759bbcee321344ef9bd434
Instruction Fuzzy Hash: 5612C271E056199FDB14CFAAC98169EFBF2FF88304F24C169E418AB219D734A946CF50

Function 010A4FE0 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1693126719.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10a0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89edfdca050931d4726131ba6007ed43524d82ec132764c016153a71e21d9482
Instruction ID: 41c1bd3fb9ad4368158e5a2b12132bcf126e0a91c76b8dc077ff91a3c8a4524d
Opcode Fuzzy Hash: 89edfdca050931d4726131ba6007ed43524d82ec132764c016153a71e21d9482
Instruction Fuzzy Hash: 7EB1C0B4D45228CFEB64CF6ACC58BDDBBB6BB89300F5081EAD54DA6251DB711A858F00

Function 0562F178 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51059e0fd5378717fc14bff2f1ae85ebf1bff26ec933b0f2a3b5ca7fa1e611d6
Instruction ID: 972637873c18ce437159f37c81e7f36574681c45203684b1ff01717ab6764f11
Opcode Fuzzy Hash: 51059e0fd5378717fc14bff2f1ae85ebf1bff26ec933b0f2a3b5ca7fa1e611d6
Instruction Fuzzy Hash: F1815374E05618CFDB14DFA8D859BEDBBB6FB4A304F148069E409A7381EBB05945CF40

Function 0562F200 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a6fc9595178c81c6dac04f3d07dfd05d68b1682b9c42a937e70afbaae036f17
Instruction ID: 304b9de57fd2b89f35cd6abdbc9b4d8f6f8d59d49eef4868601fa2922fdf687a
Opcode Fuzzy Hash: 3a6fc9595178c81c6dac04f3d07dfd05d68b1682b9c42a937e70afbaae036f17
Instruction Fuzzy Hash: F5517574E06658CFDB10CFA8D4497EDFBB2BB4A304F14516AE409A7395EBB45846CF40

Function 0562F210 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52756032f6b8dca32a87997ba42e687e357734a7e0b8adc1fdc5ec8579c7f4d1
Instruction ID: 8ffbfd518cf3178e4c79e47c625b747a93582495909329af80d9dd51a2c3972a
Opcode Fuzzy Hash: 52756032f6b8dca32a87997ba42e687e357734a7e0b8adc1fdc5ec8579c7f4d1
Instruction Fuzzy Hash: EB510E74E06A28CFDB10CFA8D449BEDFBB2BB4A304F149029E409A7384DBB45946CF40

Function 053389D0 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa283ba90373bdfe9af379d3e05285c8fa65910250c19876fcdb61c3bebd1e4a
Instruction ID: ebe356ec83be4f04255ddd1cb8a973f5fdc5fc05d7c6abb809d0a14ed827a25b
Opcode Fuzzy Hash: aa283ba90373bdfe9af379d3e05285c8fa65910250c19876fcdb61c3bebd1e4a
Instruction Fuzzy Hash: EA519AB1E016198BDB08CFABC94169EFBF3BFC8300F14C17AD818AB214EB3059468B54

Function 053F001A Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714929485.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53f0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02ce16cf7674b98a32404a9a0a769fc9fc89a92f49002c77baeb7822f6292918
Instruction ID: c9981d95c0bc0aceb3558fcddf3d852bbc39fdd6b5cd5257f812097e4a4271c9
Opcode Fuzzy Hash: 02ce16cf7674b98a32404a9a0a769fc9fc89a92f49002c77baeb7822f6292918
Instruction Fuzzy Hash: 73514DB1D056588BEB69CF2B8D443CAFAF7AFC9300F14C1FA954CA6255DB7409C58E11

Function 053F0040 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714929485.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53f0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6050cb170cad2af6b4cd2bac63950e7c40090eb7845076f88107c7a3c6dc8917
Instruction ID: d29e7dbffb519e04c3b02539e6f781c24034d18f7e3cc183ef1433733a6b364c
Opcode Fuzzy Hash: 6050cb170cad2af6b4cd2bac63950e7c40090eb7845076f88107c7a3c6dc8917
Instruction Fuzzy Hash: 80512AB1D056688BEB68CF2B8D447DAFAF7AFC8340F14C1FA954CA6254DB740AC58E11

Function 057E0040 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0913fb2fc154d23cd2b344e084af3b3329d7b9c08970469feed47320e4659a5e
Instruction ID: 8b97b3a4ae6c45e17660d2c2da1eafa004584c6961cd4de68be8a3e71e4945cc
Opcode Fuzzy Hash: 0913fb2fc154d23cd2b344e084af3b3329d7b9c08970469feed47320e4659a5e
Instruction Fuzzy Hash: 6051E870E05229CFDB28CF66CC5879ABBF6BB89304F10C0EAD548A7254EB744A84DF11

Function 053FD220 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714929485.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53f0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bebe1c77edb711de0b9ec78e0e7c3f700fc66cbd226e6881f9e63d63bb61fe33
Instruction ID: 28fffc46ce19103b09379d45b95552938aafb565ae7d1b4b5c696a0a7258ef21
Opcode Fuzzy Hash: bebe1c77edb711de0b9ec78e0e7c3f700fc66cbd226e6881f9e63d63bb61fe33
Instruction Fuzzy Hash: 574100B0D043489FDB14CFE9C888A9DBBF1BB09300F20952AE915BB350D7749885CF85

Function 05339098 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 311cc0537f9783cc5af735329f2a440f44efe7f080194c35e11411ddb0d9c338
Instruction ID: 305e235a68edce530b0ba450b422b639c7306996b9c04cbf9c7f2dcc327dfc1a
Opcode Fuzzy Hash: 311cc0537f9783cc5af735329f2a440f44efe7f080194c35e11411ddb0d9c338
Instruction Fuzzy Hash: A2415BB1E15A18CFEB18CF6B8D4579AFAF7AFC9301F14C1B9840CAA255DB7049868F11

Function 05330040 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80decd638f4546759002eb9c5a04ecb2049b3f4eda345e791766a22ef7e87608
Instruction ID: 75da5b3ee51da1c02d2846ca8e0de6805e4fbc694b78d720ab658cb522059e04
Opcode Fuzzy Hash: 80decd638f4546759002eb9c5a04ecb2049b3f4eda345e791766a22ef7e87608
Instruction Fuzzy Hash: F831B4B1E05658CBDB18CF6ACD446DABBF7AFC9301F14C0AA940DAB318DA355A85CF40

Function 0533001A Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714376390.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5330000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30790f99e7eeda92c5227d082fa51a45dc8eb35d20a6a206704589ec4fc01a11
Instruction ID: 613e2ecb35a21b8f4d19b08765083829facfab3bc8ae9b7fb1a7cfc4b1f49c3b
Opcode Fuzzy Hash: 30790f99e7eeda92c5227d082fa51a45dc8eb35d20a6a206704589ec4fc01a11
Instruction Fuzzy Hash: CC212A71D096988BDB19CF6B8C442CABBF7AFCA300F58C1EAD448AA265DA310945CF50

Function 056D7061 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4678d376db99f81fd20bb39ffde2c42b53fa7999fcc86fa4cd2314aa8ba2715d
Instruction ID: 4148159553ad72dc8ba60e851fa8936c02cbbdfcb04d3bb03d3dd667bed08405
Opcode Fuzzy Hash: 4678d376db99f81fd20bb39ffde2c42b53fa7999fcc86fa4cd2314aa8ba2715d
Instruction Fuzzy Hash: 3D21EDB9D042089FCB14CFA9D985AEEFBF1FB49320F14941AE809B7240C735A945CFA4

Function 05645CC0 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244c089b5be03de068b90e0fa61d2be6ab9f29b99e2f013e7519292615b61155
Instruction ID: d3d2a5090b5f77fceddab9ebee960d063a57bfd8307d9d6105030840c8b21711
Opcode Fuzzy Hash: 244c089b5be03de068b90e0fa61d2be6ab9f29b99e2f013e7519292615b61155
Instruction Fuzzy Hash: 8021C5B0D056188BEB58CF9AC8447DDBBF7BF88300F14D1AAD409AB254DBB40989CF45

Function 056D7068 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716872006.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a86801a1505d00bc52a8406a42b047487d92fb5e18d6ee2431fcd9c90147efb9
Instruction ID: b83306065770a2475f6fb7b4db2dc1eb606baf04d0a1cd98c75e10dbb8c08e28
Opcode Fuzzy Hash: a86801a1505d00bc52a8406a42b047487d92fb5e18d6ee2431fcd9c90147efb9
Instruction Fuzzy Hash: D521FEB5D042089FCB14CFA9D885AEEFBF1FB49320F14941AE809B7240C735A945CFA5

Function 053D18F8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17fc96be6ccb8b45330090bb77c4e2aa6b87e76d86305a7258c05ea1470f77ed
Instruction ID: 7db4ad663b7025b723b57b37c634ce74fe35193b62f6b59ab51c1a25bb471544
Opcode Fuzzy Hash: 17fc96be6ccb8b45330090bb77c4e2aa6b87e76d86305a7258c05ea1470f77ed
Instruction Fuzzy Hash: 6721A8B2D046588BEB18CFABD8442DEFBF7AFC9300F14C07A940CAA658DB700586CE51

Function 057E0031 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717260628.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57e0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2937828d4d6de4e5a515005f528bff135d550a0481b7d13f70c1d022a4bafdbf
Instruction ID: 4c530cac5102d511b812585b1ff0c6bded98a8592087eb27fc1821d0073c01f5
Opcode Fuzzy Hash: 2937828d4d6de4e5a515005f528bff135d550a0481b7d13f70c1d022a4bafdbf
Instruction Fuzzy Hash: D221AB71D046158BEB2DCF6B9C5439ABAF3AFC8340F14D0BAD808A6254E7740A859F11

Function 05645CB0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716428630.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5640000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a3ad8f50fabf417da70248be6ef57e6ea074b319a96166b423dfbcfc5dc973b
Instruction ID: 93cd8c722a4e63f1ddf1b724330be95a1c1b80f571482e16f27b8691a261a090
Opcode Fuzzy Hash: 5a3ad8f50fabf417da70248be6ef57e6ea074b319a96166b423dfbcfc5dc973b
Instruction Fuzzy Hash: 9421C3B1D056288BEB58CF9BC84479DFAF7BF88300F14C16AD809AA254DB74098ACF54

Function 053D18EE Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feb83e26ede5435acf853b7cbdfa56f2f5da642a0e49d9fca3133b3bd0b6e887
Instruction ID: f03220982c71bb711309213208b074e0843e1f29ae8dacfcf546c773a831bddc
Opcode Fuzzy Hash: feb83e26ede5435acf853b7cbdfa56f2f5da642a0e49d9fca3133b3bd0b6e887
Instruction Fuzzy Hash: 602199B2D046588BEB59CF6B99442DEFAF7AFC9300F54C0BA8408AA254DB700546CF40

Function 05622AC0 Relevance: 7.7, Strings: 6, Instructions: 152COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05622B74
pbq, xrefs: 05622C17
4'^q, xrefs: 05622C0A
(bq, xrefs: 05622C8A
4'^q, xrefs: 05622B92
4'^q, xrefs: 05622B44

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
API String ID: 0-723292480
Opcode ID: 545917763c2a77e9c46ced5cf04f7830af0b4583f7f6bf9f1bf0ef2cfa553393
Instruction ID: 47f6e1617feaa10b1bb92f3f3236ea0d57422552eedd42d16c39cb340aab717b
Opcode Fuzzy Hash: 545917763c2a77e9c46ced5cf04f7830af0b4583f7f6bf9f1bf0ef2cfa553393
Instruction Fuzzy Hash: 1351A171A003158FC748DF79C8917AEBBE7AFC8301F548928D40A9B395DF3499468BA1

Function 05621F58 Relevance: 5.3, Strings: 4, Instructions: 321COMMON

Download Yara Rule

Strings

(bq, xrefs: 05621FB6
Hbq, xrefs: 056222D4
Hbq, xrefs: 0562233C
(bq, xrefs: 05621F8A

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: (bq$(bq$Hbq$Hbq
API String ID: 0-2599935029
Opcode ID: 36c7a9064ffd0bfa8813b33358769d2be38a921a80d1d1f9787d27f15ff7877d
Instruction ID: a17785c98ac8c6055acc1fb4a64eb0045e18df6db878b42aba9ab2a6436d4e98
Opcode Fuzzy Hash: 36c7a9064ffd0bfa8813b33358769d2be38a921a80d1d1f9787d27f15ff7877d
Instruction Fuzzy Hash: 99C1BF387005659FCB18DF28C494AAE7BE2FF88310F158568E90A8B391DF34ED42CB95

Function 056294FF Relevance: 5.2, Strings: 4, Instructions: 182COMMON

Download Yara Rule

Strings

(_^q, xrefs: 05629C39
(_^q, xrefs: 05629C03
(_^q, xrefs: 05629BBD
(_^q, xrefs: 05629BB3

Memory Dump Source

Source File: 00000000.00000002.1716255741.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_lumma1.jbxd

Similarity

API ID:
String ID: (_^q$(_^q$(_^q$(_^q
API String ID: 0-2697572114
Opcode ID: affc7e22719237014507279f46f367b51747a641eebff95b6aa59cce61a94431
Instruction ID: b2be7d3fdea2a62a7fe91e7b880fb0710cea60ed4b4f51aada1eb6651bbafb8a
Opcode Fuzzy Hash: affc7e22719237014507279f46f367b51747a641eebff95b6aa59cce61a94431
Instruction Fuzzy Hash: C1618D75B046148FC714DF78C4956AE7BB2EF8A304F5484A9E806AB362DA35DC81CB91

Function 053D0573 Relevance: 5.1, Strings: 4, Instructions: 52COMMON

Download Yara Rule

Strings

%, xrefs: 053D0661
#, xrefs: 053D00EC
, xrefs: 053D010E
$, xrefs: 053D048D

Memory Dump Source

Source File: 00000000.00000002.1714768940.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_lumma1.jbxd

Similarity

API ID:
String ID: $#$$$%
API String ID: 0-3799324578
Opcode ID: 3e3f171b3e55534d507618617b8d91c4c339f38ac50968e33ba9ef158b8be85f
Instruction ID: 71530028aea22cb545f6b95b07829bad6f4ed025f52750b32e7e91ee9d526a7b
Opcode Fuzzy Hash: 3e3f171b3e55534d507618617b8d91c4c339f38ac50968e33ba9ef158b8be85f
Instruction Fuzzy Hash: 8511E2B1845208EBEB18CF65E48CBEDFBB6BB45718F605059E00163680E7F444C8CF26

Analysis Process: lumma1.exePID: 7576, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	13.3%
Total number of Nodes:	83
Total number of Limit Nodes:	6

Executed Functions

Function 00578740 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 228
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 00578764
GetCurrentThreadId.KERNEL32 ref: 0057876E
SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 005787C0
GetForegroundWindow.USER32 ref: 0057884A
ExitProcess.KERNEL32 ref: 00578A04

Strings

b/7, xrefs: 00578794

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
String ID: b/7
API String ID: 4063528623-2085417233
Opcode ID: 002a7f1790ce63c2f0cc71d6ca70a720407b59254aaa870a93829176d9c5995d
Instruction ID: 48aacee71f2498df175d8fcf50610297a9ea6bc3eae342cbff78a9d4333ec6bc
Opcode Fuzzy Hash: 002a7f1790ce63c2f0cc71d6ca70a720407b59254aaa870a93829176d9c5995d
Instruction Fuzzy Hash: 2F71F973A043154FC318EF79DD8976AFAD6BBC4320F0AC63DE58897391EA74A8059781

Function 005B02D0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(005B3370,00000002,00000018,?,?,00000018,?,?,?), ref: 005B02FE

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 005B06A2 Relevance: 3.0, APIs: 2, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetForegroundWindow.USER32 ref: 005B06A2
GetForegroundWindow.USER32 ref: 005B06B1

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: c3a8a02c6491cd6bceec1445c9124ecd3c34581161cbaf80d4d34a663aa660ef
Instruction ID: 356e061ad945d9744e8695cbe72c4e1455728271bfb73b2b4903174ac444e310
Opcode Fuzzy Hash: c3a8a02c6491cd6bceec1445c9124ecd3c34581161cbaf80d4d34a663aa660ef
Instruction Fuzzy Hash: 5ED0A7F5450501CFC3899730FC8D47A3A3ABAE4205B488118E50341213FD31B41EDB23

Function 005AAA74 Relevance: 1.6, APIs: 1, Instructions: 55
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserDefaultUILanguage.KERNELBASE ref: 005AAAAF

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: DefaultLanguageUser
String ID:
API String ID: 95929093-0
Opcode ID: 81dc0ebbf7ace4010756b0951a8337b9780db3a66d37a89b9531532072973c88
Instruction ID: a6cb02016380b570146786ab84744af94b97137dd6a805f3943ab1361d1c674c
Opcode Fuzzy Hash: 81dc0ebbf7ace4010756b0951a8337b9780db3a66d37a89b9531532072973c88
Instruction Fuzzy Hash: FB112931E096A18FD719DA3CC54436CBFE27F9A300F08819CC48557345CB706D50C752

Function 005B0260 Relevance: 1.5, APIs: 1, Instructions: 45
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,?,0057B51C,00000000,00000001), ref: 005B0292

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d38b437a7ffcba84e7025206fd9e18def373c3d919c4e3676bc509e65fd37812
Instruction ID: 8b543b50ddbd5e3145c236d8d2a8562e9c0d81ed1a127ecc6193e91e5153bc0a
Opcode Fuzzy Hash: d38b437a7ffcba84e7025206fd9e18def373c3d919c4e3676bc509e65fd37812
Instruction Fuzzy Hash: A4F0A036508212FBC6205F28BC1AA9B3E68BFD6720B060C20F404D6152D635F8089692

Function 005AE860 Relevance: 1.5, APIs: 1, Instructions: 22
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,005B02AB,?,0057B51C,00000000,00000001), ref: 005AE87E

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 854c90074e4e473644395d27e1ed783df244f66191a0992d16f6fadb9285f4e1
Instruction ID: 7f7b4d4f6034bac2f3aada76451e181e386245c2f24c90528b1ae48fb0e42c87
Opcode Fuzzy Hash: 854c90074e4e473644395d27e1ed783df244f66191a0992d16f6fadb9285f4e1
Instruction Fuzzy Hash: F0D0A730108522DFD3405F14FC09F863B5CEF19310F164451B404AB1B1C234FC40D6A4

Function 005AE840 Relevance: 1.5, APIs: 1, Instructions: 9
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,67660564,00578969,67660564), ref: 005AE850

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d011f1f95e7ecbeec6c067597ea0c6b2658b368b458ba6d37a50d18c93ca457a
Instruction ID: a7b22822eb6427327c389df0eca2fa66b6874d111d6b05bace83150d674d80a6
Opcode Fuzzy Hash: d011f1f95e7ecbeec6c067597ea0c6b2658b368b458ba6d37a50d18c93ca457a
Instruction Fuzzy Hash: C3C09231245525AFCA502B15FC09FCABF68FF953A0F0240A1B005670B1C760BC82DAE9

Non-executed Functions

Function 00593E44 Relevance: 19.7, APIs: 1, Strings: 10, Instructions: 429COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000), ref: 00593E6A

Strings

]_, xrefs: 00594070
Y1\3, xrefs: 005942CB
O-O/, xrefs: 00594303
A!K#, xrefs: 005942EB
H%Z', xrefs: 005942F3
UW, xrefs: 005940AE, 005940B2
<QrS, xrefs: 0059430B
d)E+, xrefs: 005942FB
4Y>[, xrefs: 0059431B
P5Y7, xrefs: 005942D3

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: 4Y>[$<QrS$A!K#$H%Z'$O-O/$P5Y7$Y1\3$d)E+$UW$]_
API String ID: 237503144-2105826625
Opcode ID: 3492092bf009411f421e865b2b690ae383716367bdbc1d44c0ab42a4ec87210d
Instruction ID: 4f37c0b4c58bd1c114c496141fa048c22a18dc2a948bb20b4ff22568dd4c5e39
Opcode Fuzzy Hash: 3492092bf009411f421e865b2b690ae383716367bdbc1d44c0ab42a4ec87210d
Instruction Fuzzy Hash: 41D1C9B1508351DBCB10CF98E88126BBBE1FF95354F048A2DF9D99B351E3789906CB82

Function 005A6590 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 005A65D0
GetSystemMetrics.USER32 ref: 005A65E0
DeleteObject.GDI32 ref: 005A6623
SelectObject.GDI32 ref: 005A6673
SelectObject.GDI32 ref: 005A66CA
DeleteObject.GDI32 ref: 005A66F8

Strings

, xrefs: 005A66A1

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: Object$DeleteMetricsSelectSystem
String ID:
API String ID: 3911056724-3916222277
Opcode ID: d04622e707859f9ae3eabcb8711e99471b519f0ea383fc97f3c37f0775c8d1fd
Instruction ID: 9678ce9b270f8075fc5291636b2ecdc7b3bcf97fcfa2073595485e1a50ed3e6d
Opcode Fuzzy Hash: d04622e707859f9ae3eabcb8711e99471b519f0ea383fc97f3c37f0775c8d1fd
Instruction Fuzzy Hash: FB619FB04087848FD3A4EF68D58979ABFE0BB85304F00892DE5C88B250D7B56848DF87

Function 005945C0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 217COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000), ref: 00594698

Strings

}z, xrefs: 00594646
=jh, xrefs: 00594622
D6v4, xrefs: 00594655

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: =jh$D6v4$}z
API String ID: 237503144-2424248051
Opcode ID: c996e11b4fbca86153e63767697c4ffd654d154f1bcb1c6ebe6668874d6c47a3
Instruction ID: e9846e99a76016f7562afa3a27aa17dfc770eadf50f8702e4120bb8ad9628d0f
Opcode Fuzzy Hash: c996e11b4fbca86153e63767697c4ffd654d154f1bcb1c6ebe6668874d6c47a3
Instruction Fuzzy Hash: 3C71157150C3459FE7548F28E841B6FBBE4FBC1718F108A2CF5959B291D7B1980ACB92

Function 005A63E0 Relevance: 9.1, APIs: 6, Instructions: 130clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 005A6402
GetClipboardData.USER32 ref: 005A6423
GlobalLock.KERNEL32 ref: 005A6440
GlobalUnlock.KERNEL32 ref: 005A6565
CloseClipboard.USER32 ref: 005A656D

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: Clipboard$Global$CloseDataLockOpenUnlock
String ID:
API String ID: 1006321803-0
Opcode ID: 18ac3b3a6ef6309486027ee6b7f81a0edbcd626ed75f10868f2b14686d51d37d
Instruction ID: afc181fecece0b67637721a7905f1769af966650fcc3e5c61f989b8dd72a6a54
Opcode Fuzzy Hash: 18ac3b3a6ef6309486027ee6b7f81a0edbcd626ed75f10868f2b14686d51d37d
Instruction Fuzzy Hash: 7D41C6B1D08B528FD711AF7C984935EBFA0BB16320F088B28E4E5972C5E3349954C793

Function 005865EE Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 363COMMON

Download Yara Rule

Strings

AtP, xrefs: 0058663A
GpFv, xrefs: 00586633
LH, xrefs: 005865FD

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID:
String ID: AtP$GpFv$LH
API String ID: 0-40351562
Opcode ID: f8e2a25695a67ef39612c98bda71e49ce7baea73641b9ee6f69fc09dddf0ce31
Instruction ID: ef9de67d8f80125b92a870c9700da1572e89dd1d1ca680a81144c5c0ad48311c
Opcode Fuzzy Hash: f8e2a25695a67ef39612c98bda71e49ce7baea73641b9ee6f69fc09dddf0ce31
Instruction Fuzzy Hash: 38C10175600B028FC728CF29C891663BBF2FF99314B19895DD8968BBA5E774F841CB40

Function 0057D690 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 329COMMON

Download Yara Rule

APIs

Part of subcall function 005A6590: GetSystemMetrics.USER32 ref: 005A65D0
Part of subcall function 005A6590: GetSystemMetrics.USER32 ref: 005A65E0
Part of subcall function 005A6590: DeleteObject.GDI32 ref: 005A6623
Part of subcall function 005A6590: SelectObject.GDI32 ref: 005A6673
Part of subcall function 005A6590: SelectObject.GDI32 ref: 005A66CA
Part of subcall function 005A6590: DeleteObject.GDI32 ref: 005A66F8

CoUninitialize.OLE32 ref: 0057D6A0

Strings

;d, xrefs: 0057D8B1
^_/C, xrefs: 0057D756
TC03, xrefs: 0057D75D
SD, xrefs: 0057D8B8

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: Object$DeleteMetricsSelectSystem$Uninitialize
String ID: ;d$SD$TC03$^_/C
API String ID: 1556769885-3729532250
Opcode ID: 4ed01e2d4a88d2f29e923e33b20f8fabf7ffd02d4114fa3fb950077da05f2c46
Instruction ID: 0fdee3282079b6949d70a6fcab67b55a72daca53cf84b0ea5470131dd23aed14
Opcode Fuzzy Hash: 4ed01e2d4a88d2f29e923e33b20f8fabf7ffd02d4114fa3fb950077da05f2c46
Instruction Fuzzy Hash: 6DA1F4B52047918FD719CF26D4A0662BFF2FFA7314B28818CC0D64BB46D739A406DB95

Function 0059A810 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 0059A8EB
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,?,?), ref: 0059A97D

Strings

~, xrefs: 0059A832

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: ~
API String ID: 237503144-2894255414
Opcode ID: 503f7a9688b42031f3b177799d008b7bbc709af43b6fc0899c2c8bb3c217a245
Instruction ID: ee06dd9d97f9c698faeb4cbe705b2d799e1d98209a022c76b735d4ba1b0c9467
Opcode Fuzzy Hash: 503f7a9688b42031f3b177799d008b7bbc709af43b6fc0899c2c8bb3c217a245
Instruction Fuzzy Hash: 875100B56083459FE390DF20AC85B2BBBB9FBD5700F10652CF6808B291DBB0E409CB42

Function 005A0050 Relevance: .9, Instructions: 875COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d7a4fb0d73c451541eeedd550a23b77702b3e1cff7bccdef9b1cfa4b3322c65
Instruction ID: 31e407cd13a8288f132119dfb52ddc4b0731ad0577915c75440a0e82d72cad76
Opcode Fuzzy Hash: 6d7a4fb0d73c451541eeedd550a23b77702b3e1cff7bccdef9b1cfa4b3322c65
Instruction Fuzzy Hash: 60928DB0615B809FD3A6CF3DC841793BEE8AB5A301F04496EE1AED7342D774B5408B66

Function 0059912D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 89COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,FF5DFD53,0000001E,00000000,00000000,0=), ref: 005991F6

Strings

ER, xrefs: 00599152
0=, xrefs: 005991EA
0=, xrefs: 00599160
P&, xrefs: 0059914B

Memory Dump Source

Source File: 00000001.00000002.1709908816.0000000000571000.00000020.00000400.00020000.00000000.sdmp, Offset: 00570000, based on PE: true

Associated: 00000001.00000002.1709856943.0000000000570000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710020253.00000000005B4000.00000002.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710063166.00000000005B6000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.1710098735.00000000005C4000.00000002.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_570000_lumma1.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: 0=$0=$ER$P&
API String ID: 237503144-76498936
Opcode ID: eb30da119629b8e15a6d1ffe12c66f2ab0e0bf2851f9831b6540972f834ff884
Instruction ID: b230db67bebff67b8341f906dccaf3bc1b576b4bf2ddd95fc0b8a73ebd438670
Opcode Fuzzy Hash: eb30da119629b8e15a6d1ffe12c66f2ab0e0bf2851f9831b6540972f834ff884
Instruction Fuzzy Hash: EB31A070A08B518FD7718F28D84036BBBF2FB85710F149A2DC4A69BB91D775B4428F80

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report lumma1.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
lumma1.exe

Function 010A8780 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Function 05631605 Relevance: 5.7, Strings: 3, Instructions: 1950
COMMON

Function 053DC745 Relevance: 5.1, Strings: 4, Instructions: 133
COMMON

Function 053DECB8 Relevance: 4.4, Strings: 3, Instructions: 616
COMMON

Function 010AAD40 Relevance: 3.8, Strings: 2, Instructions: 1339
COMMON

Function 056D5558 Relevance: 3.1, Strings: 2, Instructions: 607
COMMON

Function 053D32EF Relevance: 2.9, Strings: 2, Instructions: 357
COMMON

Function 056217F0 Relevance: 4.2, Strings: 3, Instructions: 478
COMMON

Function 056234B8 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Function 05627AA0 Relevance: 4.1, Strings: 3, Instructions: 358
COMMON

Function 053DF4F4 Relevance: 4.0, Strings: 3, Instructions: 296
COMMON

Function 053DCCF2 Relevance: 3.8, Strings: 3, Instructions: 83
COMMON

Function 053DD911 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON