Edit tour
Windows
Analysis Report
AimPrivStoreAtt117.exe
Overview
General Information
| Sample name: | AimPrivStoreAtt117.exe |
| Analysis ID: | 1590900 |
| MD5: | 199e093792c0a0c91233709796553e3c |
| SHA1: | 3046ad48ef9e69c4482b58e89f2d6573e2e75793 |
| SHA256: | cbb3e224ed616e62f2a81dedd1d88a7b1c3dfe318372506364662cadb73353c6 |
| Tags: | exemalwaretrojanuser-Joker |
| Infos: | |
 | |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Uses Microsoft's Enhanced Cryptographic Provider
Uses taskkill to terminate processes
Classification
- System is w10x64
AimPrivStoreAtt117.exe (PID: 3536 cmdline: "C:\Users\ user\Deskt op\AimPriv StoreAtt11 7.exe" MD5: 199E093792C0A0C91233709796553E3C) 
conhost.exe (PID: 5852 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 4688 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq fi ddler*" /I M * /F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 1656 cmdline:
taskkill / FI "IMAGEN AME eq fid dler*" /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 5260 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq wi reshark*" /IM * /F / T >nul 2>& 1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 2804 cmdline:
taskkill / FI "IMAGEN AME eq wir eshark*" / IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 3480 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq ht tpdebugger *" /IM * / F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 4320 cmdline:
taskkill / FI "IMAGEN AME eq htt pdebugger* " /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 6224 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rPro >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 1240 cmdline:
sc stop HT TPDebugger Pro MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 5780 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rProSdk >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 5860 cmdline:
sc stop HT TPDebugger ProSdk MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 652 cmdline:
C:\Windows \system32\ cmd.exe /c @RD /S /Q "C:\Users \%username %\AppData\ Local\Micr osoft\Wind ows\INetCa che\IE" >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 5352 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq fi ddler*" /I M * /F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 3012 cmdline:
taskkill / FI "IMAGEN AME eq fid dler*" /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 6768 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq wi reshark*" /IM * /F / T >nul 2>& 1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 6204 cmdline:
taskkill / FI "IMAGEN AME eq wir eshark*" / IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 3176 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq ht tpdebugger *" /IM * / F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 1436 cmdline:
taskkill / FI "IMAGEN AME eq htt pdebugger* " /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 2788 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rPro >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 5004 cmdline:
sc stop HT TPDebugger Pro MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 3560 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rProSdk >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 4564 cmdline:
sc stop HT TPDebugger ProSdk MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 5012 cmdline:
C:\Windows \system32\ cmd.exe /c @RD /S /Q "C:\Users \%username %\AppData\ Local\Micr osoft\Wind ows\INetCa che\IE" >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 7124 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq fi ddler*" /I M * /F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 1200 cmdline:
taskkill / FI "IMAGEN AME eq fid dler*" /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 3160 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq wi reshark*" /IM * /F / T >nul 2>& 1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 4616 cmdline:
taskkill / FI "IMAGEN AME eq wir eshark*" / IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 6536 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /FI "IMAGE NAME eq ht tpdebugger *" /IM * / F /T >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 1656 cmdline:
taskkill / FI "IMAGEN AME eq htt pdebugger* " /IM * /F /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 6256 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rPro >nul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 4352 cmdline:
sc stop HT TPDebugger Pro MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 892 cmdline:
C:\Windows \system32\ cmd.exe /c sc stop H TTPDebugge rProSdk >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - sc.exe (PID: 1816 cmdline:
sc stop HT TPDebugger ProSdk MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 6612 cmdline:
C:\Windows \system32\ cmd.exe /c @RD /S /Q "C:\Users \%username %\AppData\ Local\Micr osoft\Wind ows\INetCa che\IE" >n ul 2>&1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 0_2_00007FF7F677A87D | |
| Source: | Code function: | 0_2_00007FF7F679D780 | |
| Source: | Code function: | 0_2_00007FF7F679F870 | |
| Source: | Code function: | 0_2_00007FF7F6796410 | |
| Source: | Code function: | 0_2_00007FF7F6796D30 | |
| Source: | Code function: | 0_2_00007FF7F677CB50 | |
| Source: | Code function: | 0_2_00007FF7F677CB60 | |
| Source: | Code function: | 0_2_00007FF7F6779B70 | |
| Source: | Code function: | 0_2_00007FF7F6779C40 | |
| Source: | Code function: | 0_2_00007FF7F677CB00 | |
| Source: | Code function: | 0_2_00007FF7F675FA20 | |
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00007FF7F6789440 | |
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_00007FF7F6766810 | |
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00007FF7F679D780 | |
| Source: | Code function: | 0_2_00007FF7F677A87D | |
| Source: | Code function: | 0_2_00007FF7F6768600 | |
| Source: | Code function: | 0_2_00007FF7F67672C0 | |
| Source: | Code function: | 0_2_00007FF7F67692C0 | |
| Source: | Code function: | 0_2_00007FF7F676FED0 | |
| Source: | Code function: | 0_2_00007FF7F6751E70 | |
| Source: | Code function: | 0_2_00007FF7F6751AD0 | |
| Source: | Code function: | 0_2_00007FF7F679F800 | |
| Source: | Code function: | 0_2_00007FF7F674977B | |
| Source: | Code function: | 0_2_00007FF7F679D780 | |
| Source: | Code function: | 0_2_00007FF7F6751780 | |
| Source: | Code function: | 0_2_00007FF7F674959D | |
| Source: | Code function: | 0_2_00007FF7F6778600 | |
| Source: | Code function: | 0_2_00007FF7F6796410 | |
| Source: | Code function: | 0_2_00007FF7F6785330 | |
| Source: | Code function: | 0_2_00007FF7F674D340 | |
| Source: | Code function: | 0_2_00007FF7F67731D0 | |
| Source: | Code function: | 0_2_00007FF7F676A180 | |
| Source: | Code function: | 0_2_00007FF7F67592D0 | |
| Source: | Code function: | 0_2_00007FF7F6741000 | |
| Source: | Code function: | 0_2_00007FF7F6760F40 | |
| Source: | Code function: | 0_2_00007FF7F6775D20 | |
| Source: | Code function: | 0_2_00007FF7F6790EC0 | |
| Source: | Code function: | 0_2_00007FF7F674DED0 | |
| Source: | Code function: | 0_2_00007FF7F6791EF0 | |
| Source: | Code function: | 0_2_00007FF7F677CF10 | |
| Source: | Code function: | 0_2_00007FF7F6789E60 | |
| Source: | Code function: | 0_2_00007FF7F678DB60 | |
| Source: | Code function: | 0_2_00007FF7F674AC3D | |
| Source: | Code function: | 0_2_00007FF7F674EC60 | |
| Source: | Code function: | 0_2_00007FF7F6763C70 | |
| Source: | Code function: | 0_2_00007FF7F677A93C | |
| Source: | Code function: | 0_2_00007FF7F677A945 | |
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00007FF7F675279A | |
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | String found in binary or memory: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00007FF7F67692C0 | |
| Source: | Process created: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Decision node followed by non-executed suspicious API: | graph_0-48005 | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00007FF7F67A06AC | |
| Source: | Code function: | 0_2_00007FF7F67A0A48 | |
| Source: | Code function: | 0_2_00007FF7F67692C0 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF7F67A0854 | |
| Source: | Code function: | 0_2_00007FF7F67A06AC | |
| Source: | Code function: | 0_2_00007FF7F67A03B4 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF7F67A08C4 | |
| Source: | Code function: | 0_2_00007FF7F67753A0 | |
| Source: | Code function: | 0_2_00007FF7F6785330 | |
| Source: | Code function: | 0_2_00007FF7F6767F70 | |
| Source: | Code function: | 0_2_00007FF7F678C090 | |
| Source: | Code function: | 0_2_00007FF7F678BE35 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 Windows Service | 1 Windows Service | 1 Disable or Modify Tools | OS Credential Dumping | 1 System Time Discovery | 1 Exploitation of Remote Services | 12 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | 1 Data Encrypted for Impact |
| Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 11 Process Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 21 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 1 Service Execution | Logon Script (Windows) | 1 DLL Side-Loading | 11 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | 1 Native API | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 3 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 61% | Virustotal | Browse | ||
| 63% | ReversingLabs | Win64.Trojan.Generic | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| keyauth.win | 104.26.0.5 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.26.0.5 | keyauth.win | United States | 13335 | CLOUDFLARENETUS | false |
| IP |
|---|
| 127.0.0.1 |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1590900 |
| Start date and time: | 2025-01-14 16:44:14 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 45s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 38 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | AimPrivStoreAtt117.exe |
| Detection: | MAL |
| Classification: | mal56.evad.winEXE@67/18@1/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.109.210.53
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
| Time | Type | Description |
|---|---|---|
| 10:45:48 | API Interceptor | |
| 10:47:04 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.26.0.5 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Babadeda, Conti, Mimikatz | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | XWorm | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| keyauth.win | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Babadeda, Conti, Mimikatz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | NetSupport RAT | Browse |
| ||
| Get hash | malicious | NetSupport RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, PureLog Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
| Process: | C:\Users\user\Desktop\AimPrivStoreAtt117.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 302 |
| Entropy (8bit): | 3.591458873507413 |
| Encrypted: | false |
| SSDEEP: | 3:rRRqmIEaGj3F/9Dqa+U4W42oJXTIFNBh2To3G3oJXTIFNBhWXqowvxOwVGt:H041lqABhHfABhwcV4 |
| MD5: | 2093ABDC1CC5C502980BCE5F4F8897A7 |
| SHA1: | 23552E512460D3CC05A91E5491BF3ADCD9AB8568 |
| SHA-256: | 6B1550C3CDBCADFC23C19F432C52168C41BF0B54784962910391352D800ECDA5 |
| SHA-512: | 6E6C2E4E350921C2F8070E2B47FF1B056AEC8102CDA839B7288B578F7C86791C50DAE291568948C6E759801018BDFF48023FD856DDF56FF1D07F7E8BD21402F3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\cmd.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 44 |
| Entropy (8bit): | 4.003997527334849 |
| Encrypted: | false |
| SSDEEP: | 3:HnRthLK5a6eCMABe:HRoJPO |
| MD5: | DF5DC1ABC0D52F3C9E931E26A7C0065C |
| SHA1: | EE84123D3B3BC440C63DFE65FF5616BE2B0904D5 |
| SHA-256: | F7167A2FACDE50428D8D2697A1CDFF075DE809323DD16D62B65CDD103B2A9A6D |
| SHA-512: | 9B2253CE41880D22A2DDF4F886BB6CB22FF0C981400CD9D03A1FCA81DE5FAEB86C26B85B66ECEC960816D7BBE9740843890F2FCCD334B6D274295A32A8E6A4E9 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.418976746883596 |
| TrID: |
|
| File name: | AimPrivStoreAtt117.exe |
| File size: | 510'464 bytes |
| MD5: | 199e093792c0a0c91233709796553e3c |
| SHA1: | 3046ad48ef9e69c4482b58e89f2d6573e2e75793 |
| SHA256: | cbb3e224ed616e62f2a81dedd1d88a7b1c3dfe318372506364662cadb73353c6 |
| SHA512: | f59dc0b6b5df0889db3819bb57c71bf878ccefaf0107fc1fb0e54a49a161fcb35caadd8cb3995760cc9cf871656d5aa0b6f437d53a9c6a755e74f17167f53c0a |
| SSDEEP: | 12288:GXDur8S9+8Qu/y9x2EpL5UcY+6cm3C/pk:6urP93v/C2E19Y+7/pk |
| TLSH: | 8FB46D96A7A913E9D1A7C07CC547C603E7B6B4991311DBDB43A0CA791F137E22E3A720 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V..._...B...PHe.^...PH..v...PH..\...PH..R...PH..P.......A...V...x.......?...9H..T...9H..W...9Hg.W...9H..W...RichV.. |
 | |
| Icon Hash: | 00928e8e8686b000 |
| Entrypoint: | 0x140060398 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x140000000 |
| Subsystem: | windows cui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x677DDF4C [Wed Jan 8 02:13:32 2025 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 551e5f19de2baa264d46ee5c6718793c |
| Instruction |
|---|
| dec eax |
| sub esp, 28h |
| call 00007F024508C2C8h |
| dec eax |
| add esp, 28h |
| jmp 00007F024508BC17h |
| int3 |
| int3 |
| jmp 00007F024508C57Eh |
| int3 |
| int3 |
| int3 |
| inc eax |
| push ebx |
| dec eax |
| sub esp, 20h |
| dec eax |
| mov ebx, ecx |
| xor ecx, ecx |
| call dword ptr [00001D6Bh] |
| dec eax |
| mov ecx, ebx |
| call dword ptr [00001D5Ah] |
| call dword ptr [00001DB4h] |
| dec eax |
| mov ecx, eax |
| mov edx, C0000409h |
| dec eax |
| add esp, 20h |
| pop ebx |
| dec eax |
| jmp dword ptr [00001DB0h] |
| dec eax |
| mov dword ptr [esp+08h], ecx |
| dec eax |
| sub esp, 38h |
| mov ecx, 00000017h |
| call dword ptr [00001DA4h] |
| test eax, eax |
| je 00007F024508BDA9h |
| mov ecx, 00000002h |
| int 29h |
| dec eax |
| lea ecx, dword ptr [00019462h] |
| call 00007F024508BF6Eh |
| dec eax |
| mov eax, dword ptr [esp+38h] |
| dec eax |
| mov dword ptr [00019549h], eax |
| dec eax |
| lea eax, dword ptr [esp+38h] |
| dec eax |
| add eax, 08h |
| dec eax |
| mov dword ptr [000194D9h], eax |
| dec eax |
| mov eax, dword ptr [00019532h] |
| dec eax |
| mov dword ptr [000193A3h], eax |
| dec eax |
| mov eax, dword ptr [esp+40h] |
| dec eax |
| mov dword ptr [000194A7h], eax |
| mov dword ptr [0001937Dh], C0000409h |
| mov dword ptr [00019377h], 00000001h |
| mov dword ptr [00000081h], 00000000h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x77318 | 0x1cc | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x7f000 | 0x1e8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x7a000 | 0x405c | .pdata |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x80000 | 0x4ec | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x71080 | 0x70 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x71100 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x70f40 | 0x140 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x62000 | 0x858 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x60718 | 0x60800 | 602f1089df07ef344959cfe41447af2c | False | 0.5326414750647669 | data | 6.334775760528484 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x62000 | 0x16ec4 | 0x17000 | 34b296da2f473d4b9bd8f08336dcff29 | False | 0.37954313858695654 | data | 5.599267697230251 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x79000 | 0xe08 | 0x400 | 5b070ba4bf716bd9abd9429588bdb3ed | False | 0.21484375 | data | 2.448207517753268 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .pdata | 0x7a000 | 0x405c | 0x4200 | 12d13dd91b54cb2b26af3136bc3f645d | False | 0.4738991477272727 | data | 5.697151102004698 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0x7f000 | 0x1e8 | 0x200 | 9682c2bd23621eded0bee00be928ba8f | False | 0.54296875 | data | 4.772037401703051 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x80000 | 0x4ec | 0x600 | 43a6897ca7133ec62c7e8be294ec97b7 | False | 0.5162760416666666 | data | 4.831811206446416 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_MANIFEST | 0x7f060 | 0x188 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5892857142857143 |
| DLL | Import |
|---|---|
| KERNEL32.dll | ReadFile, PeekNamedPipe, WaitForMultipleObjects, CreateFileA, GetFileSizeEx, WideCharToMultiByte, RtlCaptureContext, GetModuleHandleA, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FreeLibrary, GetSystemDirectoryA, QueryPerformanceFrequency, VerSetConditionMask, SleepEx, GetEnvironmentVariableA, EnterCriticalSection, FormatMessageA, SetLastError, CloseHandle, GetCurrentProcess, DeleteCriticalSection, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetModuleHandleW, GetCurrentProcessId, GetCurrentThreadId, GetFileType, MultiByteToWideChar, WaitForSingleObjectEx, MoveFileExA, GetTickCount, QueryPerformanceCounter, VerifyVersionInfoA, LoadLibraryA, LeaveCriticalSection, GetSystemTimeAsFileTime, GetProcAddress, GetLastError, InitializeCriticalSectionEx, GetConsoleWindow, SetConsoleTitleA, SetConsoleTextAttribute, SetConsoleScreenBufferInfoEx, GetConsoleScreenBufferInfoEx, SetConsoleMode, GetConsoleMode, Sleep, RtlLookupFunctionEntry, GetStdHandle, OutputDebugStringW, InitializeSListHead |
| USER32.dll | MessageBoxA, MoveWindow, GetWindowRect, GetWindowLongA, SetWindowLongA |
| ADVAPI32.dll | CryptEncrypt, CryptAcquireContextA, CryptReleaseContext, CryptGetHashParam, CryptGenRandom, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptDestroyKey, CryptImportKey |
| SHELL32.dll | ShellExecuteA |
| MSVCP140.dll | ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?_Xlength_error@std@@YAXPEBD@Z, _Thrd_detach, _Cnd_do_broadcast_at_thread_exit, ?_Throw_Cpp_error@std@@YAXH@Z, ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z, ?_Random_device@std@@YAIXZ, ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A, ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?uncaught_exception@std@@YA_NXZ, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?_Xbad_function_call@std@@YAXXZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z |
| urlmon.dll | URLDownloadToFileA |
| Normaliz.dll | IdnToAscii |
| WLDAP32.dll | |
| CRYPT32.dll | CertFreeCertificateChain, CertGetCertificateChain, CertFreeCertificateChainEngine, CertCreateCertificateChainEngine, CryptQueryObject, CertGetNameStringA, CertFindExtension, CertAddCertificateContextToStore, CryptDecodeObjectEx, PFXImportCertStore, CryptStringToBinaryA, CertFreeCertificateContext, CertFindCertificateInStore, CertEnumCertificatesInStore, CertOpenStore, CertCloseStore |
| WS2_32.dll | ntohl, gethostname, sendto, recvfrom, freeaddrinfo, getaddrinfo, select, __WSAFDIsSet, ioctlsocket, htonl, accept, WSACleanup, WSAStartup, WSAIoctl, WSASetLastError, socket, setsockopt, ntohs, htons, getsockopt, getsockname, getpeername, connect, bind, WSAGetLastError, send, recv, closesocket, listen |
| VCRUNTIME140.dll | __std_exception_destroy, __std_exception_copy, memcpy, memcmp, _CxxThrowException, __std_terminate, __C_specific_handler, strchr, __current_exception_context, strrchr, __current_exception, memchr, memset, strstr, memmove |
| VCRUNTIME140_1.dll | __CxxFrameHandler4 |
| api-ms-win-crt-runtime-l1-1-0.dll | _errno, __sys_nerr, _invalid_parameter_noinfo_noreturn, strerror, exit, _getpid, system, _beginthreadex, _register_thread_local_exe_atexit_callback, terminate, _configure_narrow_argv, _initialize_narrow_environment, _initialize_onexit_table, _register_onexit_function, _crt_atexit, _cexit, _seh_filter_exe, _set_app_type, _c_exit, _get_initial_narrow_environment, _initterm, _initterm_e, _exit, __p___argv, __p___argc |
| api-ms-win-crt-heap-l1-1-0.dll | _callnewh, calloc, realloc, malloc, _set_new_mode, free |
| api-ms-win-crt-stdio-l1-1-0.dll | __stdio_common_vfprintf, fseek, feof, __p__commode, fputc, ftell, _lseeki64, _read, _write, _close, _open, __acrt_iob_func, __stdio_common_vsscanf, fgets, fputs, fopen, fflush, __stdio_common_vsprintf, fread, fclose, _set_fmode, fwrite |
| api-ms-win-crt-convert-l1-1-0.dll | atoi, strtoul, strtoull, strtoll, strtol, strtod |
| api-ms-win-crt-locale-l1-1-0.dll | localeconv, _configthreadlocale |
| api-ms-win-crt-time-l1-1-0.dll | _time64, _gmtime64 |
| api-ms-win-crt-string-l1-1-0.dll | strpbrk, strcspn, strcmp, strncmp, strncpy, strspn, isupper, tolower, _strdup |
| api-ms-win-crt-utility-l1-1-0.dll | qsort |
| api-ms-win-crt-filesystem-l1-1-0.dll | _stat64, _access, _unlink, _fstat64 |
| api-ms-win-crt-math-l1-1-0.dll | __setusermatherr, _dclass |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 14, 2025 16:45:10.843503952 CET | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
| Jan 14, 2025 16:45:10.843533993 CET | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
| Jan 14, 2025 16:45:10.843638897 CET | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
| Jan 14, 2025 16:45:10.855520010 CET | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
| Jan 14, 2025 16:45:10.855535984 CET | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
| Jan 14, 2025 16:45:11.337727070 CET | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
| Jan 14, 2025 16:45:11.337945938 CET | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
| Jan 14, 2025 16:45:11.341658115 CET | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
| Jan 14, 2025 16:45:11.341679096 CET | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
| Jan 14, 2025 16:45:11.341931105 CET | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
| Jan 14, 2025 16:45:11.345634937 CET | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
| Jan 14, 2025 16:45:11.391324043 CET | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
| Jan 14, 2025 16:45:11.575515032 CET | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
| Jan 14, 2025 16:45:11.575612068 CET | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
| Jan 14, 2025 16:45:11.575659037 CET | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
| Jan 14, 2025 16:45:11.584867954 CET | 49708 | 443 | 192.168.2.5 | 104.26.0.5 |
| Jan 14, 2025 16:45:11.584887028 CET | 443 | 49708 | 104.26.0.5 | 192.168.2.5 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 14, 2025 16:45:10.825987101 CET | 56144 | 53 | 192.168.2.5 | 1.1.1.1 |
| Jan 14, 2025 16:45:10.838439941 CET | 53 | 56144 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 14, 2025 16:45:10.825987101 CET | 192.168.2.5 | 1.1.1.1 | 0x78e | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 14, 2025 16:45:10.838439941 CET | 1.1.1.1 | 192.168.2.5 | 0x78e | No error (0) | 104.26.0.5 | A (IP address) | IN (0x0001) | false | ||
| Jan 14, 2025 16:45:10.838439941 CET | 1.1.1.1 | 192.168.2.5 | 0x78e | No error (0) | 104.26.1.5 | A (IP address) | IN (0x0001) | false | ||
| Jan 14, 2025 16:45:10.838439941 CET | 1.1.1.1 | 192.168.2.5 | 0x78e | No error (0) | 172.67.72.57 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49708 | 104.26.0.5 | 443 | 3536 | C:\Users\user\Desktop\AimPrivStoreAtt117.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-14 15:45:11 UTC | 128 | OUT | |
| 2025-01-14 15:45:11 UTC | 74 | OUT | |
| 2025-01-14 15:45:11 UTC | 1322 | IN | |
| 2025-01-14 15:45:11 UTC | 47 | IN | |
| 2025-01-14 15:45:11 UTC | 428 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 10:45:07 |
| Start date: | 14/01/2025 |
| Path: | C:\Users\user\Desktop\AimPrivStoreAtt117.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7f6740000 |
| File size: | 510'464 bytes |
| MD5 hash: | 199E093792C0A0C91233709796553E3C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 1 |
| Start time: | 10:45:07 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6d64d0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 10:45:07 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 10:45:07 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\taskkill.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74efb0000 |
| File size: | 101'376 bytes |
| MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\taskkill.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74efb0000 |
| File size: | 101'376 bytes |
| MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 8 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\taskkill.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74efb0000 |
| File size: | 101'376 bytes |
| MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\sc.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b1040000 |
| File size: | 72'192 bytes |
| MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 12 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\sc.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b1040000 |
| File size: | 72'192 bytes |
| MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 13 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 14 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 15 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\taskkill.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74efb0000 |
| File size: | 101'376 bytes |
| MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 16 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 17 |
| Start time: | 10:45:08 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\taskkill.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74efb0000 |
| File size: | 101'376 bytes |
| MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 18 |
| Start time: | 10:45:09 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 19 |
| Start time: | 10:45:09 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\taskkill.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74efb0000 |
| File size: | 101'376 bytes |
| MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 20 |
| Start time: | 10:45:09 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 21 |
| Start time: | 10:45:09 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\sc.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b1040000 |
| File size: | 72'192 bytes |
| MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 22 |
| Start time: | 10:45:09 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 23 |
| Start time: | 10:45:10 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\sc.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b1040000 |
| File size: | 72'192 bytes |
| MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 24 |
| Start time: | 10:45:10 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6d64d0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 25 |
| Start time: | 10:45:10 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 26 |
| Start time: | 10:45:10 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\taskkill.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74efb0000 |
| File size: | 101'376 bytes |
| MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 27 |
| Start time: | 10:45:11 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 28 |
| Start time: | 10:45:11 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\taskkill.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74efb0000 |
| File size: | 101'376 bytes |
| MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 29 |
| Start time: | 10:45:11 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 30 |
| Start time: | 10:45:11 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\taskkill.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff74efb0000 |
| File size: | 101'376 bytes |
| MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 31 |
| Start time: | 10:45:11 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 32 |
| Start time: | 10:45:11 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\sc.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b1040000 |
| File size: | 72'192 bytes |
| MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 33 |
| Start time: | 10:45:11 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 34 |
| Start time: | 10:45:11 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\sc.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b1040000 |
| File size: | 72'192 bytes |
| MD5 hash: | 3FB5CF71F7E7EB49790CB0E663434D80 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 35 |
| Start time: | 10:45:11 |
| Start date: | 14/01/2025 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61d7f0000 |
| File size: | 289'792 bytes |
| MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 4.8% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 22.8% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 93 |
Graph
Function 00007FF7F676FED0 Relevance: 178.5, APIs: 31, Strings: 70, Instructions: 1702stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6751E70 Relevance: 124.5, APIs: 58, Strings: 13, Instructions: 288processsleepfileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677A87D Relevance: 116.1, APIs: 43, Strings: 23, Instructions: 552stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67692C0 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 191libraryloadernetworkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6768600 Relevance: 38.9, APIs: 15, Strings: 7, Instructions: 357networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67753A0 Relevance: 24.1, APIs: 16, Instructions: 127networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67672C0 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 337COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6751AD0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 195COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6766810 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6742AE0 Relevance: 40.7, APIs: 16, Strings: 7, Instructions: 402sleepwindowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677BF00 Relevance: 38.9, APIs: 6, Strings: 16, Instructions: 385COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677B390 Relevance: 31.9, APIs: 9, Strings: 9, Instructions: 415encryptionCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677A5B0 Relevance: 30.1, APIs: 4, Strings: 13, Instructions: 348libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6763260 Relevance: 28.6, APIs: 6, Strings: 10, Instructions: 557COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67621F0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 153COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6768FA0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 128librarystringloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6767C40 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 161networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6779010 Relevance: 19.6, APIs: 13, Instructions: 128networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6776920 Relevance: 16.7, APIs: 11, Instructions: 241sleepnetworkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6765830 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 153COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6742880 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 121processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6776580 Relevance: 10.7, APIs: 7, Instructions: 242sleepnetworkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67797F0 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 184COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677C5D0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 172COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6757640 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 193COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6761AD0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6772050 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 138COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6758738 Relevance: 7.8, APIs: 4, Strings: 1, Instructions: 297COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6743590 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 157windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6792DC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F675826B Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 246COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6771C10 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677A3C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67627D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 106COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6771E30 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 43COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67731D0 Relevance: 127.2, APIs: 25, Strings: 47, Instructions: 1229stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67592D0 Relevance: 105.7, APIs: 41, Strings: 19, Instructions: 745stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F674959D Relevance: 78.0, APIs: 39, Strings: 5, Instructions: 975COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6796410 Relevance: 72.3, APIs: 17, Strings: 24, Instructions: 549encryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6785330 Relevance: 67.0, APIs: 25, Strings: 13, Instructions: 515networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6796D30 Relevance: 52.8, APIs: 17, Strings: 13, Instructions: 253fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6791EF0 Relevance: 42.4, APIs: 21, Strings: 3, Instructions: 425COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6767F70 Relevance: 38.8, APIs: 14, Strings: 8, Instructions: 317stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F674977B Relevance: 37.3, APIs: 18, Strings: 3, Instructions: 509COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6790EC0 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 252fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6778600 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 422stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F675279A Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679F870 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 69encryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679D780 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112encryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678C090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 127networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67A08C4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F674D340 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6751780 Relevance: .1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679F800 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67A0854 Relevance: .0, Instructions: 2COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6779D70 Relevance: 145.9, APIs: 50, Strings: 47, Instructions: 399stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6765390 Relevance: 52.7, APIs: 34, Strings: 1, Instructions: 215COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67877D0 Relevance: 49.9, APIs: 6, Strings: 27, Instructions: 385COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6781270 Relevance: 47.5, APIs: 18, Strings: 9, Instructions: 297stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679E750 Relevance: 44.0, APIs: 22, Strings: 3, Instructions: 250COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67934F0 Relevance: 37.1, APIs: 10, Strings: 11, Instructions: 312networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678E450 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 257stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678C620 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 175stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F675C740 Relevance: 34.9, APIs: 6, Strings: 17, Instructions: 352COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6774DC0 Relevance: 33.2, APIs: 6, Strings: 16, Instructions: 206COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6746350 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 463COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F675A360 Relevance: 31.8, APIs: 21, Instructions: 269stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67842F0 Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 284stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67837A0 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 208stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6752650 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 134COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6776D80 Relevance: 27.3, APIs: 1, Strings: 17, Instructions: 341COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67454B0 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 364COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6772340 Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 218stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6798541 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 165COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67925B0 Relevance: 24.2, APIs: 14, Strings: 2, Instructions: 227COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6799300 Relevance: 24.2, APIs: 1, Strings: 15, Instructions: 179COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F6DC Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 252COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6782310 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 279COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F674A7E2 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 217COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F674C071 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 217COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6795270 Relevance: 19.8, APIs: 8, Strings: 5, Instructions: 266COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6797150 Relevance: 19.7, APIs: 5, Strings: 8, Instructions: 165COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678A660 Relevance: 19.7, APIs: 4, Strings: 9, Instructions: 151stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678CEE3 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 290COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678D760 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 222networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678B190 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 180networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6764730 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 151stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F675A740 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 143fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F676C310 Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 227COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677E320 Relevance: 18.2, APIs: 4, Strings: 8, Instructions: 207COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6764ED0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 280stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6741FF0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 241COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F676C710 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 162COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679BFC0 Relevance: 16.8, APIs: 2, Strings: 9, Instructions: 279COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677DFF0 Relevance: 16.7, APIs: 5, Strings: 6, Instructions: 223COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F675D270 Relevance: 16.6, APIs: 11, Instructions: 119stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67625A0 Relevance: 16.4, APIs: 13, Instructions: 164stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67644C0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6764468 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 152COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6784ED0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 117COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6768DE0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 112stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6752F80 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 72stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67527A6 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67527B2 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67527BE Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67527CA Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6752782 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F675278E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67526CE Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 69stringwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67880F0 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 168COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6747439 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 230COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6772DF0 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 181COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6780FE0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 135stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67973DC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 94COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F220 Relevance: 13.7, APIs: 3, Strings: 6, Instructions: 223COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679828C Relevance: 13.7, APIs: 5, Strings: 4, Instructions: 174COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6797716 Relevance: 13.7, APIs: 5, Strings: 4, Instructions: 169COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67917C0 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 148COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6788450 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 111stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6786EB9 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 268COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679C560 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 252stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678E830 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 170COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6749510 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679A0F5 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6787500 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 145stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F770 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F746 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678AFE0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6797FFE Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67974AE Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 74COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67980FD Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 173COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679759D Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 165COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6798895 Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 146COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6798034 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 130COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67974D7 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 123COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6798294 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 110COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67860F6 Relevance: 12.1, APIs: 5, Strings: 3, Instructions: 104COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6793FE0 Relevance: 10.9, APIs: 5, Strings: 2, Instructions: 424stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6778240 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 165stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6799F6A Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 154COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6783D40 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 146stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679870B Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 145COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6768D60 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 144COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678C8F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67423B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 134COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6791470 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 129COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F7C7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F7B7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F71C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F72A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F738 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F762 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F7ED Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67748D0 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 109stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678D440 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 109COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6797F50 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 106COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679864E Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 102COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6797411 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6780750 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679771E Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679A0FD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6790D70 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679889D Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677F276 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6798625 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6765F80 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6797D1C Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 126COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679824F Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 98COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67976DF Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 91COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679E190 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 91COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6797FC5 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6780271 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 85stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6798016 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 84COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6797FE3 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6798580 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 81COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6797481 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 80COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67974BF Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 76COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6797499 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 75COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67862A3 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 71COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6742650 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678FEC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6799EA8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F676F890 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6744350 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6787350 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 98COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67666C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F676D150 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6799D99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6781710 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6799640 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678237B Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 134COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679A675 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 133COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679DF20 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 129stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F676C010 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 127COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677ED90 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 118COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679885E Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67828D0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6797D24 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67985F8 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6798636 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6798610 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6753580 Relevance: 7.5, APIs: 1, Strings: 4, Instructions: 46stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67760D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 206COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67830F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 120networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679A335 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678C380 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6799DCE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679A0AF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6766430 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6782ED0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677E820 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6754DD8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678ADD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F676B0F0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 135COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679A4EF Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 132COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6799800 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 122COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679B170 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 105COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679B5B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 103COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679A435 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 90COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6799745 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 78COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679A67D Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 70COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6782DF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 54stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F67722A0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F677D820 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F678F09F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F676AFC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6769630 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6765E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F679A408 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF7F6799718 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|