Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
monkey-ascend.exe

Overview

General Information

Sample name:monkey-ascend.exe
Analysis ID:1670629
MD5:5b4b7dcfa65b11dfa1944348ffe17aa4
SHA1:650c2982b09cb23d2be09b41488307af86e51542
SHA256:aded581fa5347952fc4a051db9c4c43e52097ee93311a8b151d4a798f956eb4b
Tags:exeuser-FelloBoiYuuka
Infos:

Detection

Score:3
Range:0 - 100
Confidence:40%

Signatures

Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • monkey-ascend.exe (PID: 5156 cmdline: "C:\Users\user\Desktop\monkey-ascend.exe" MD5: 5B4B7DCFA65B11DFA1944348FFE17AA4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: monkey-ascend.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: monkey-ascend.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: E:\Fusion25SDK\Extensions\Get\Run_Only_Unicode\Get.pdb source: monkey-ascend.exe, 00000000.00000003.1143386291.0000000001426000.00000004.00000020.00020000.00000000.sdmp, Get.mfx.0.dr
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\user\AppData\Local\Temp\mrt79E7.tmpJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmfs2.dllJump to behavior
Source: monkey-ascend.exe, 00000000.00000003.1142772615.000000000142B000.00000004.00000020.00020000.00000000.sdmp, MultipleTouch.mfx.0.drString found in binary or memory: http://clickstore.clickteam.com
Source: monkey-ascend.exe, 00000000.00000003.1152456563.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1152282771.0000000001492000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1240598173.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1229152612.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1192529397.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1167857043.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1155270257.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1148268440.0000000001463000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1153981194.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1221841011.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1146191917.0000000001480000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1146175643.0000000001495000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1232933643.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1161769844.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1194262669.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1257086927.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1223523209.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1160663833.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1262284896.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1189454241.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1187928303.0000000006A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gamejolt.com/api/game/v1/
Source: monkey-ascend.exe, Layer.mfx.0.dr, kcedit.mfx.0.dr, kchisc.mfx.0.dr, Get.mfx.0.drString found in binary or memory: http://www.clickteam.com
Source: monkey-ascend.exe, 00000000.00000003.1142772615.000000000142B000.00000004.00000020.00020000.00000000.sdmp, MultipleTouch.mfx.0.drString found in binary or memory: http://www.clickteam.com&%o:
Source: monkey-ascend.exeString found in binary or memory: http://www.clickteam.com/pub
Source: monkey-ascend.exeString found in binary or memory: http://www.clickteam.com/pub.bmp
Source: monkey-ascend.exeString found in binary or memory: http://www.clickteam.comztc
Source: monkey-ascend.exe, 00000000.00000003.1144416051.000000000142A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameoggFlt.sft vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1142597681.0000000001426000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLAYER.mfx vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1143991587.000000000142A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKCHISC.MFX2 vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1144322147.000000000142B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewaveFlt.sft vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1143729194.0000000001426000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePARSER.COXD vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1142772615.000000000142B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMultipleTouch.mfx vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1143604359.0000000001427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKCINI.MFX2 vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1144337010.0000000001428000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewaveFlt.sft vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000000.1141075719.0000000000B7A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameStdRt.exeD vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1143861588.000000000142B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKCBUTTON.MFX2 vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1143386291.0000000001426000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGet.mfx vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1144222499.000000000142A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemp3Flt.sft vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1144105418.000000000142B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKCEDIT.MFX2 vs monkey-ascend.exe
Source: monkey-ascend.exe, 00000000.00000003.1141372969.000000000319B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStdRt.exeD vs monkey-ascend.exe
Source: monkey-ascend.exeBinary or memory string: OriginalFilenameStdRt.exeD vs monkey-ascend.exe
Source: monkey-ascend.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: clean3.winEXE@1/14@0/0
Source: C:\Users\user\Desktop\monkey-ascend.exeMutant created: NULL
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmpJump to behavior
Source: monkey-ascend.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\monkey-ascend.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeFile read: C:\Users\user\Desktop\monkey-ascend.exeJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: ddraw.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: dsound.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: dciman32.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeSection loaded: usp10.dllJump to behavior
Source: monkey-ascend.exeStatic file information: File size 5448455 > 1048576
Source: monkey-ascend.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: E:\Fusion25SDK\Extensions\Get\Run_Only_Unicode\Get.pdb source: monkey-ascend.exe, 00000000.00000003.1143386291.0000000001426000.00000004.00000020.00020000.00000000.sdmp, Get.mfx.0.dr
Source: monkey-ascend.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: monkey-ascend.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: monkey-ascend.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: monkey-ascend.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: monkey-ascend.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: mmf2d3d8.dll.0.drStatic PE information: section name: .data1
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\Get.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kchisc.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmf2d3d9.dllJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\KcButton.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\oggflt.sftJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmf2d3d8.dllJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mp3flt.sftJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\MultipleTouch.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kcini.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\waveflt.sftJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\Layer.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmfs2.dllJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\parser.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kcedit.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mp3flt.sftJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\waveflt.sftJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\oggflt.sftJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\Layer.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\MultipleTouch.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\Get.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kcini.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\parser.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\KcButton.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kchisc.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile created: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kcedit.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\Get.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kchisc.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\KcButton.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\oggflt.sftJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmf2d3d8.dllJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mp3flt.sftJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\MultipleTouch.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kcini.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\waveflt.sftJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\Layer.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmfs2.dllJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kcedit.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\parser.mfxJump to dropped file
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\user\AppData\Local\Temp\mrt79E7.tmpJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\Desktop\monkey-ascend.exeFile opened: C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmfs2.dllJump to behavior
Source: monkey-ascend.exe, 00000000.00000003.1152612157.000000000145A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
DLL Side-Loading		LSASS Memory2
File and Directory Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1670629 Sample: monkey-ascend.exe Startdate: 22/04/2025 Architecture: WINDOWS Score: 3 4 monkey-ascend.exe 15 17 2->4         started        file3 7 C:\Users\user\AppData\Local\...\waveflt.sft, PE32 4->7 dropped 9 C:\Users\user\AppData\Local\...\parser.mfx, PE32 4->9 dropped 11 C:\Users\user\AppData\Local\...\oggflt.sft, PE32 4->11 dropped 13 11 other files (none is malicious) 4->13 dropped

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
monkey-ascend.exe3%VirustotalBrowse
monkey-ascend.exe8%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\Get.mfx0%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\KcButton.mfx0%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\Layer.mfx0%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\MultipleTouch.mfx0%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kcedit.mfx0%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kchisc.mfx0%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kcini.mfx0%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmf2d3d8.dll4%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmf2d3d9.dll4%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmfs2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mp3flt.sft0%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\oggflt.sft0%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\parser.mfx0%ReversingLabs
C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\waveflt.sft0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.clickteam.com&%o:0%Avira URL Cloudsafe
http://www.clickteam.com0%Avira URL Cloudsafe
http://www.clickteam.comztc0%Avira URL Cloudsafe
http://www.clickteam.com/pub.bmp0%Avira URL Cloudsafe
http://clickstore.clickteam.com0%Avira URL Cloudsafe
http://www.clickteam.com/pub0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://clickstore.clickteam.commonkey-ascend.exe, 00000000.00000003.1142772615.000000000142B000.00000004.00000020.00020000.00000000.sdmp, MultipleTouch.mfx.0.drfalse
  • Avira URL Cloud: safe
unknown
http://gamejolt.com/api/game/v1/monkey-ascend.exe, 00000000.00000003.1152456563.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1152282771.0000000001492000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1240598173.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1229152612.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1192529397.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1167857043.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1155270257.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1148268440.0000000001463000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1153981194.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1221841011.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1146191917.0000000001480000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1146175643.0000000001495000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1232933643.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1161769844.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1194262669.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1257086927.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1223523209.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1160663833.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1262284896.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1189454241.0000000006A72000.00000004.00000020.00020000.00000000.sdmp, monkey-ascend.exe, 00000000.00000003.1187928303.0000000006A72000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    http://www.clickteam.commonkey-ascend.exe, Layer.mfx.0.dr, kcedit.mfx.0.dr, kchisc.mfx.0.dr, Get.mfx.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.clickteam.com/pubmonkey-ascend.exefalse
    • Avira URL Cloud: safe
    		unknown
    http://www.clickteam.com&%o:monkey-ascend.exe, 00000000.00000003.1142772615.000000000142B000.00000004.00000020.00020000.00000000.sdmp, MultipleTouch.mfx.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.clickteam.comztcmonkey-ascend.exefalse
    • Avira URL Cloud: safe
    		unknown
    http://www.clickteam.com/pub.bmpmonkey-ascend.exefalse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:42.0.0 Malachite
    Analysis ID:1670629
    Start date and time:2025-04-22 00:33:16 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 5m 1s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:10
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:monkey-ascend.exe
    Detection:CLEAN
    Classification:clean3.winEXE@1/14@0/0
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.29.183.29, 172.202.163.200
    • Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtQueryValueKey calls found.
    • Report size getting too big, too many NtSetInformationFile calls found.

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\Get.mfx

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):320000
    Entropy (8bit):6.57575564287963
    Encrypted:false
    SSDEEP:6144:oOrtUA8fGRglnF97hiI2dP4wJikKm3r7V9z:o4qA8f6gxF97hd2p4w0o7
    MD5:44A6DBFA3B9AE84C34040452AF3F41F8
    SHA1:46F0C188835491B29479E85E7219777870D7890C
    SHA-256:D7213515E06F4344B01EE8D8CDF63200BD30DE9A0E724CEF0CBE060C301EA0EF
    SHA-512:A0021BEAB0DABADC36BB59CECF181F40CDE901AD412A3F4F62022441BF1B5A10A45F441E032AEC2A92CDD09600D0D47B76212CD96954B2921E52ECE4CC581771
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qh.5...5...5.....n.?.....l.B.....m.-....W..&....W..%....W..*...<q..2...5...\....W..3....W..4....W`.4...5...4....W..4...Rich5...........PE..L.....X...........!................>P.......................................0......................................@...L.......P...............................\$......T...........................h...@............................................text...l........................... ..`.rdata..............................@..@.data...............................@....gfids..,...........................@..@.rsrc...............................@..@.reloc..\$.......&..................@..B........................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\KcButton.mfx

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):40960
    Entropy (8bit):4.340086689388845
    Encrypted:false
    SSDEEP:384:irIl9u7/J7NBiwOlWwnTXn02Fp1ARNq1O1gLPw3p8/FN0+SX8gBuvBw9U:irIlCxNByT3BFTAAqgPqcvBs
    MD5:DE7680BA479D8C09BF8A2F9D6115F338
    SHA1:E01F589A3812890B5F6AC28EC2EAA765D9EC9B3F
    SHA-256:166C1108C05C407FA81E6F567B94F8C72865E28EE772ED6A7D69538186A7F47C
    SHA-512:10D89895C51F3AB6A751C7B12D2F2FF2B7C56EC2994DE9E41D853640C0BF5BC2B3BAA909089C18DD7E6B18CA07108A9FF68087F7CD7070DC2A21E68538A6E057
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.sH..sH..sH..oF..sH..lB..sH..lL..sH......sH..sI..sH..{...sH..Py..sH.XuN..sH.`SL..sH.Rich.sH.........................PE..L...h.`X...........!.....P...@.......S.......`....P.................................................................Pi.......a..x.......h............................................................................`...............................text...jD.......P.................. ..`.rdata.......`.......`..............@..@.data...l....p.......p..............@....rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\Layer.mfx

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):124416
    Entropy (8bit):6.266967297803831
    Encrypted:false
    SSDEEP:1536:XqGBE+Lmx0Ine/RPtCNmhpimICDP/ac8VkRyvsWjcdZ+8Bf0x+eOsa5Guq:XqGBnzCIICT/ueZ+Mf0x/Otgr
    MD5:18CFF382A92BC1163A7BDACA9B2862EC
    SHA1:02E0E17619583718CF2EF0392F7EFD70D63EF8CD
    SHA-256:7AD720E366A82F2BF848557BEC15E12D06D4EA9CE594EB380E1EDEBC7E9D6AB2
    SHA-512:A196E981BDCCB654416F1B9759E5885C5FE815A511985FD3AC68CB21C8B767319E6E2DBA60262900942BC84CEF6E27229A4116CA38DB187403B017B87BE513FA
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.T...:U..:U..:U...U$.:U...U..:U...Ux.:U...U..:Un'.U..:U..;U[.:Un'.U..:Un'.U..:Un'.U..:U..U..:Un'.U..:URich..:U................PE..L....Y.X...........!................uh.......0...............................0............@......................... ...@.......<.......P...............................................................@............0...............................text............................... ..`.rdata..`i...0...j..."..............@..@.data...P8..........................@....rsrc...P...........................@..@.reloc... ......."..................@..B........................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\MultipleTouch.mfx

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):45056
    Entropy (8bit):4.244074011907441
    Encrypted:false
    SSDEEP:768:XQsZBooxa4r5vBRATj4SJTvO7sg6wTVJzaZ3djCEYa:XJZBV9RATjjTcsg6u
    MD5:8836591F73968B23CB4A2A5858BAD6F5
    SHA1:DE51B68AD322454D625BE76C345CFC5B7E240D90
    SHA-256:1B854521BCC0D944004E944E9D0FB9B4710B91BBAA26FCC3EBD0EDD21C2D044E
    SHA-512:F7D69527B63BE2446B7AF3A48F6421C87F3E913FC1D0D5CF678349FDC7CEC2EF348959331CE43E46496F79432B04039F9C40FFF56887AA5C85DA1BDB3D91707D
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"...Ce..Ce..Ce.|_k..Ce..\o..Ce..\a..Ce......Ce..Cd..Ce.|K8..Ce..`T..Ce.8Ec..Ce..ca..Ce.Rich.Ce.........................PE..L......Y...........!.....@...`.......O.......P......................................................................@T...... Q..d....p... ...........................................................................P...............................text....?.......@.................. ..`.rdata.......P.......P..............@..@.data........`.......`..............@....rsrc.... ...p...0...p..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kcedit.mfx

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):3.3965689158426184
    Encrypted:false
    SSDEEP:384:1q1xStw4nRnmFL5f2uvJgLDUFXUCeyqPPy0Kn:GwWYRmFcKeHPHK
    MD5:92833939454FF3A3E7E0CDF75338ABB8
    SHA1:E5B38CB8E607C3F32140468D48133D0A1A5430AE
    SHA-256:DE32C3528088A5274BF7733A157B86961E1D241A7A7008ADFFEF99E3A1ECAD14
    SHA-512:B9F241A565D59EA97EE0A3CA71CCE12F2A6CA8FB3E588601B87F36692797EB3378634F7A445561BEB1FE0D899EA6108348EE6F1149FE1FC9552CC6E71A2EE077
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...G.F.G.F.G.F.[.F.G.F.X.F.G.F.X.F.G.F...F.G.F.G.F.G.F.O.F.G.F.d.F.G.FXA.F.G.F`g.F.G.FRich.G.F................PE..L.....kX...........!.....0...@.......0.......@.......................................................................E.......A.......`.......................p.......................................................@...............................text.... .......0.................. ..`.rdata.......@.......@..............@..@.data........P.......P..............@....rsrc........`.......`..............@..@.reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kchisc.mfx

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):3.420293996842928
    Encrypted:false
    SSDEEP:384:AJjkYWYVqk6w8+U8AeLbPosPxx1/I/kqVy:AJbWYVqktAeLb5NI/kO
    MD5:4FE356A3BC77A52077EC19D6B98442AE
    SHA1:D288EF41E164A1A2C53B74A99DDE5945E0483F6B
    SHA-256:126E33642796B8F3098CC446F7F7FF2F244EE7575401D5B45D099854A79081B2
    SHA-512:18AA811C92E294E294DDB45543932BE667424F438DC6FBBC3C3B187DD5B2B85F99774F450E6D34D54706366BCD878760C6295E1B52A88B06D839F4966FD87E09
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............F...F...F...F...F...F...F..rF...F...F...F...F...F.=.F...F^..F...Ff>.F...FRich...F................PE..L.....iW...........!.....0...@......;0.......@......................................................................0F.......A.......`..X....................p.......................................................@...............................text.... .......0.................. ..`.rdata.......@.......@..............@..@.data...0....P.......P..............@....rsrc...X....`.......`..............@..@.reloc..F....p.......p..............@..B................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\kcini.mfx

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):28672
    Entropy (8bit):2.8610351356181094
    Encrypted:false
    SSDEEP:192:ikEJMP77OKmGWyOOVqFAS5TNg/lOgSGOJtjz9zfdgQvwiWDgwkj:JEJSmGWylepe/lOgSGOJt9zVDvGD
    MD5:4FF7BE1A9BB8EDE86739CEE1B9B31278
    SHA1:DDC780C4AC30BBA8AF8523C198C93B5977E7D0F6
    SHA-256:20BAD52F883914C6FB11EEC9D94173A53A67F2EB97413BA9118EDB101F11ABB3
    SHA-512:245D469050C6743A7E52A29252D12981A80E04937CF459F12E8706CFD46D01F06328E2BEAC7B9A755B7074588701A277643B2BFF8FE9D608267FA1E0A0D0DA4E
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................................B.....................>.......Rich....................PE..L....`VX...........!..... ...@.......&.......0...............................p.......................................4.......0..d....P..P....................`.......................................................0...............................text...>........ .................. ..`.rdata.......0.......0..............@..@.data........@.......@..............@....rsrc...P....P.......P..............@..@.reloc..0....`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmf2d3d8.dll

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):432128
    Entropy (8bit):6.658679924782444
    Encrypted:false
    SSDEEP:6144:TAk+IU64oYn1Loec0NmBFaFOVEQeewQeegQeesQeePdQeefQeegjCDUVGfKTzUhK:ElIU64bnOe/FSDUVG4Dey
    MD5:91E61257A5843528C8D80DE5D765168C
    SHA1:16E78A2832FCEC1A055F42B19CA0E0BE8D66D32D
    SHA-256:32EE51A34BF22D38BB83C783B859C49EEF9A99D9464EDF645E4C1B351E9FE056
    SHA-512:CB4A9FFF56B80B8517256321B68BF00C0905454B01EBAEF5F9A766FCD339BF9EECA45A9C36D706F9178A53F26A3D3B7CA6811BA6DE97F8F89DA0F6EEFE541E0A
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 4%
    Reputation:low
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......................5<W.....5<U.....5<V.@...8.$.....8.!.....>.............8......................S.........(....W......R......Q......T.....Rich....................PE..L....2QX...........!.........H.......,....................................................@.............................x...D...................................@<..................................h...@...............d............................text.............................. ..`.rdata...#.......$..................@..@.data...........|..................@....data1...............4..............@....rsrc................>..............@..@.reloc...V.......X...@..............@..B........................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmf2d3d9.dll

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):1128960
    Entropy (8bit):6.635754220930601
    Encrypted:false
    SSDEEP:24576:xYp1fP9305CinyE+FBB5joW4pXGFps8PA+:sflinc9zs6L
    MD5:6B609661C2C50DA042487E79F13E4F92
    SHA1:5571709E3EAF58B98B6599EC95668957F4E92D00
    SHA-256:1A46578E8C579E366BF28B081A3C24ABF7C74620950013DBF99A3DA6570BF871
    SHA-512:DB02C483B7140ECDE52B00B633405DF36B859EA67ED0AE910B13B2A023501B492F2795E9A83EBF8D258DB143EE355F2242E94A681B9DAB9A58BB0C153126F987
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 4%
    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........5.T..T..T..v.M.T..v.O.T..v.L.'T..{#>.T..{#;.T..D[..T..D[..T..\..T..{t..T..D[...T...I.T..T..U...M.T...H.T...K.T...N.T..Rich.T..........................PE..L....2QX...........!.....^...&...............p............................................@.............................x.................................... ...k..................................x...@............p...............................text....\.......^.................. ..`.rdata.......p.......b..............@..@.data...p...........................@....rsrc...............................@..@.reloc..8.... ......................@..B........................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mmfs2.dll

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):471040
    Entropy (8bit):6.697643702758073
    Encrypted:false
    SSDEEP:12288:OF/DXwivQ8U37n16GkOmKb8pzGYhBVkvwF44eTUctk/:OF/DXwivQ/1iW0zhhBlbeT1t
    MD5:D85D31F5589CEDEFE455355355722F13
    SHA1:E87163F4F2B23CC7AC3317BE363102FB0900EB48
    SHA-256:3067A7784B2ED3315B5FCFA5F431DC6B881DBA2AAC2118D4E5AAF175A1FE480F
    SHA-512:BEA2C8B63955601F80A18B227FD948454D705511E7AA0A850F1F5B379C30C9AB49C9DDBD93D16AE347F6FEB6A525F3E3131E61C1E4694CC78DC579A21D43CD81
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......|.M*8.#y8.#y8.#y...y<.#y.a.y..#y.a.y..#y.a.yO.#y^I.y1.#y.:y:.#y..Cy9.#y1.y5.#y8."y.#y8.#y1.#y^I.y..#y^I.y9.#y^I.y9.#y8..y9.#y^I.y9.#yRich8.#y........................PE..L...|..Z...........!.....t..........t.....................................................@.............................N............ .......................0...:.....................................@............................................text...,r.......t.................. ..`.rdata..^9.......:...x..............@..@.data...0M.......,..................@....rsrc........ ......................@..@.reloc...I...0...J..................@..B................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\mp3flt.sft

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):24576
    Entropy (8bit):2.1195874299920194
    Encrypted:false
    SSDEEP:96:24K7bMnfxKgUEDGDaq5E9my5F3MM+YuU0UNESZpMS07oQCcw95bcPw5D9qQ+5lyc:24KMCQiaOC3j9dJlfMSkI5wP69zElt
    MD5:F0EBC8596156D8EBF6201A10F9864305
    SHA1:0EFD689D027D2D592369C3585CDD9A0B879E6562
    SHA-256:FCCA0E08E8A64081D71F3AD7455CB5BEA48E73F158F0773E856FA100914FE192
    SHA-512:7752FB5D3D114791C7940088B98C03252D6FB151AD11774A8FD8B4FDF2D289C66B5D54A56FEDDDA2E2E4DE125F7F6B75C1197EAE276ADD1774E3290BECD8BCF7
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?i..?i..?i.~#g..?i.. c..?i.. m..?i.~74..?i..?h..?i...X..?i.:9o..?i...m..?i.Rich.?i.........................PE..L......W...........!.........@............... ...............................`......................................0#....... ..P....@.......................P....................................................... ..l............................text...e........................... ..`.rdata....... ....... ..............@..@.data........0.......0..............@....rsrc........@.......@..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\oggflt.sft

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):133632
    Entropy (8bit):6.765925507269903
    Encrypted:false
    SSDEEP:1536:ww+JHSmG5I1VKFMHU+lfGTFHKYPoPGTUBjnPabuxepe0eDSIiRaEUsXxTTUE7:A5G5iE6qTFHdoPGTUBOKxyfmMR0Ij7
    MD5:3C63EA4611008FBCF86435559E9DFFAB
    SHA1:FDC9C6302FCC427530B2DBFF63AAD1B6D204125A
    SHA-256:9EFB0B4CFF5BB033CF1E04BDEABC581DB7D787399C5238F4FB40A1E820AAC6B8
    SHA-512:938C6EBBD0A7248F32BC83D2548791B35764417A74728B8B861D2BD539C182CED6F5168A604679E20C150DC6741FD6868768E7D1FFCE224667546D3EA80787D3
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C0.-c.-c.-cp.#c..-c..'c..-c..)c.-c.,c.-c...c.-c...c..-c4.+c.-c..)c..-cRich.-c........PE..L......W...........!................1........ ...............................@......................................p(.......&..<.... .......................0..<.................................................... ..d............................text............................... ..`.rdata....... ......................@..@.data...P....0......................@....rsrc........ ......................@..@.reloc..n....0......................@..B........................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\parser.mfx

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):31232
    Entropy (8bit):6.1474865839262005
    Encrypted:false
    SSDEEP:384:PutrhbX7tlBV5x+k1t1Rw0yfymLBgkM74Mx8OATfICyKC4Jj/cSLt9:P01bXplBpz1RbiBHM71XCyKB90Yt9
    MD5:5903E2EFE098DAE179C07D670FF836B7
    SHA1:93A2CE92A28C646735790D2CC9FF8959CC6E0C11
    SHA-256:9813631F63F79FBAA741094786D4B13C34515EC4A33C0D4E88B75A20973C887C
    SHA-512:E39BB67DC8765558274F93953DE141E17DE18550912BF79A94A2CC998918D07631A0251551ABC080363EA52444C1511F15458232D0C656D8F62550D33756E740
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B+.#E..#E..#E..?I..#E..?K..#E..<O..#E..<A..#E..#D..#E..+...#E...t..#E.j%C..#E.R.A..#E.Rich.#E.................PE..L....Z=R...........!.....`...........Z.......p.......................................................................r..!....p..<....................................................................................p..x............................text...e_.......`.................. ..`.rdata.......p.......d..............@..@.data................l..............@....rsrc................r..............@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\mrt79E7.tmp\waveflt.sft

    Download File
    Process:C:\Users\user\Desktop\monkey-ascend.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):8192
    Entropy (8bit):4.717879947111864
    Encrypted:false
    SSDEEP:96:vwor1Jnr+4O1tLj+Ct2KTOGTrgHchhAfETVdnPstJgxl8V6b/8cKH+ewp:vf6Dj9t2ubTVdGJgOCGvw
    MD5:5230A9C12B9829C9FD333CD8B0620011
    SHA1:0BECF7512F498C18AF3B9943A4B2556A769CC8EB
    SHA-256:98134D326A09569BD5933FFCB026009575509A1BFC20384EF8EEBB762AABCD38
    SHA-512:1A6A5A72FED0458152CA830941B3D07E448BB588FC61A24C97561833B882E23A529A0A78036732CCA95013170A46CC5444A4D642BF05A4FA5A474D51D40789D5
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4~..4~..4~..(p..4~..+t..4~..+z..4~..4...4~...O..4~.V2x..4~.n.z..4~.Rich.4~.........................PE..L... ..W...........!......................... ...............................`.......,...............................!....... ..<....@.......................P....................................................... ..4............................text...e........................... ..`.rdata..G.... ......................@..@.data...X....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................

    Static File Info

    General

    File type:PE32 executable (GUI) Intel 80386, for MS Windows
    Entropy (8bit):7.724621205703003
    TrID:
    • Win32 Executable (generic) a (10002005/4) 99.96%
    • Generic Win/DOS Executable (2004/3) 0.02%
    • DOS Executable Generic (2002/1) 0.02%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:monkey-ascend.exe
    File size:5'448'455 bytes
    MD5:5b4b7dcfa65b11dfa1944348ffe17aa4
    SHA1:650c2982b09cb23d2be09b41488307af86e51542
    SHA256:aded581fa5347952fc4a051db9c4c43e52097ee93311a8b151d4a798f956eb4b
    SHA512:458c090292eb361972650f9e0f91646c9f284ddfaf7c52e936a8036dee52d1a3e6d594048693d2e28adeb61957e02c4608209e40bdc9fc481f67f272f0dc1a84
    SSDEEP:98304:nyIqCixF/DXwiv8A4lyonTw4IvMOjIK8XYjmyltQ2cyVMbo9EdNvqYlGC3:yIq7F/DXwiv8A48ATXIvzcFXYZlVcyVK
    TLSH:30460110B5818021D4E9113186BCFE362D6D5E534B3D49F393E02E9F7E68AD91B3B6B2
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0...0...0.......2....d.......d.......d......VL..5...9.N.?...0..._...VL..8...VL......VL..1...VL..1...Rich0...........PE..L..

    File Icon

    Icon Hash:c0d0f1d2d0f2ccc0

    Static PE Info

    General

    Entrypoint:0x471476
    Entrypoint Section:.text
    Digitally signed:false
    Imagebase:0x400000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Time Stamp:0x5A06CBBB [Sat Nov 11 10:06:51 2017 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:5
    OS Version Minor:1
    File Version Major:5
    File Version Minor:1
    Subsystem Version Major:5
    Subsystem Version Minor:1
    Import Hash:c1cae4bfd3e6429cf501f04bcf6bdc37
    Instruction
    call 00007F4918C044EEh
    jmp 00007F4918BF9125h
    push 00000014h
    push 004A9868h
    call 00007F4918BFABD9h
    call 00007F4918C00487h
    movzx esi, ax
    push 00000002h
    call 00007F4918C04481h
    pop ecx
    mov eax, 00005A4Dh
    cmp word ptr [00400000h], ax
    je 00007F4918BF9126h
    xor ebx, ebx
    jmp 00007F4918BF9155h
    mov eax, dword ptr [0040003Ch]
    cmp dword ptr [eax+00400000h], 00004550h
    jne 00007F4918BF910Dh
    mov ecx, 0000010Bh
    cmp word ptr [eax+00400018h], cx
    jne 00007F4918BF90FFh
    xor ebx, ebx
    cmp dword ptr [eax+00400074h], 0Eh
    jbe 00007F4918BF912Bh
    cmp dword ptr [eax+004000E8h], ebx
    setne bl
    mov dword ptr [ebp-1Ch], ebx
    call 00007F4918BFAA87h
    test eax, eax
    jne 00007F4918BF912Ah
    push 0000001Ch
    call 00007F4918BF9201h
    pop ecx
    call 00007F4918BFEFAFh
    test eax, eax
    jne 00007F4918BF912Ah
    push 00000010h
    call 00007F4918BF91F0h
    pop ecx
    call 00007F4918C044F8h
    and dword ptr [ebp-04h], 00000000h
    call 00007F4918C03E4Ch
    test eax, eax
    jns 00007F4918BF912Ah
    push 0000001Bh
    call 00007F4918BF91D6h
    pop ecx
    call dword ptr [0048B17Ch]
    mov dword ptr [004B4D68h], eax
    call 00007F4918C04513h
    mov dword ptr [004B2DB0h], eax
    call 00007F4918C040D4h
    test eax, eax
    jns 00007F4918BF912Ah
    Programming Language:
    • [ C ] VS2012 UPD4 build 61030
    • [IMP] VS2008 SP1 build 30729
    • [C++] VS2012 UPD4 build 61030
    • [RES] VS2012 UPD4 build 61030
    • [LNK] VS2012 UPD4 build 61030
    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0xaab400xa0.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0xb50000x4a0b0.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1000000x7d10.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa8fb00x40.rdata
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x8b0000x4a8.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xaa1400x40.rdata
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x89f5b0x8a000d8245db4175a219196f6a47f6cc7f6d4False0.48213527513586957COM executable for DOS6.554422605177448IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x8b0000x214720x21600c8446015fc2377771e1bf4bd50a048f0False0.5028236189138576data6.316031147826846IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0xad0000x7d6c0x5c00d94a9c089d67bdc5db655d8b8263b81bFalse0.3498641304347826data4.634722337583314IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .rsrc0xb50000x4a0b00x4a2003a9e06ebf2d891b8e5c7380cfecbb675False0.10229039312816189data3.2964904217655553IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .reloc0x1000000xcd1a0xce00ea97e95539f919174af06dee3c26672bFalse0.4206614077669903data4.94597905342376IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_ICON0xb62080x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.24878048780487805
    RT_ICON0xb68700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.34274193548387094
    RT_ICON0xb6b580x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.4864864864864865
    RT_ICON0xb6c800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.2945095948827292
    RT_ICON0xb7b280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.4056859205776173
    RT_ICON0xb83d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.5036127167630058
    RT_ICON0xb89380x42028Device independent bitmap graphic, 256 x 512 x 32, image size 0EnglishUnited States0.08218554901322603
    RT_ICON0xfa9600x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.1870331950207469
    RT_ICON0xfcf080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.23850844277673547
    RT_ICON0xfdfb00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.374113475177305
    RT_DIALOG0xb55200x72dataEnglishUnited States0.8508771929824561
    RT_DIALOG0xb55980x322dataEnglishUnited States0.39276807980049877
    RT_DIALOG0xb58c00x44dataEnglishUnited States0.8235294117647058
    RT_DIALOG0xb59080xa2dataEnglishUnited States0.7530864197530864
    RT_DIALOG0xb59b00x242dataEnglishUnited States0.4290657439446367
    RT_DIALOG0xb5bf80xc2dataEnglishUnited States0.6855670103092784
    RT_STRING0xfe9c00x1e2dataEnglishUnited States0.46680497925311204
    RT_STRING0xfe7480x278dataEnglishUnited States0.43354430379746833
    RT_STRING0xfeea00x144dataEnglishUnited States0.5462962962962963
    RT_STRING0xfefe80xc8dataEnglishUnited States0.635
    RT_STRING0xfeba80x2f2dataEnglishUnited States0.3209549071618037
    RT_GROUP_ICON0xfe4180x92dataEnglishUnited States0.6301369863013698
    RT_VERSION0xfe4b00x294OpenPGP Secret KeyEnglishUnited States0.48787878787878786
    RT_MANIFEST0xb5cc00x547XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.45077720207253885
    DLLImport
    COMCTL32.dll
    WINMM.dlltimeBeginPeriod, joyGetDevCapsW, joyGetPosEx, timeGetTime, timeEndPeriod
    KERNEL32.dllGetVersion, GetTempFileNameW, GlobalAddAtomW, GlobalDeleteAtom, GetModuleHandleW, lstrlenW, GetLocaleInfoA, LockResource, VirtualProtect, VirtualQuery, SetLastError, LoadResource, SizeofResource, FindResourceA, FindResourceW, IsBadReadPtr, IsBadWritePtr, LoadLibraryExW, GetConsoleMode, GetConsoleCP, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, GetModuleFileNameA, GetFileType, GetStartupInfoW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GlobalFree, GetStringTypeW, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, LeaveCriticalSection, EnterCriticalSection, GetOEMCP, IsValidCodePage, GetCPInfo, GetProcessHeap, GetStdHandle, GetModuleHandleExW, ExitProcess, RtlUnwind, GetCommandLineA, HeapSize, HeapCompact, SetEnvironmentVariableW, HeapReAlloc, DeleteFileW, IsProcessorFeaturePresent, IsDebuggerPresent, GetACP, InterlockedDecrement, InterlockedIncrement, DecodePointer, EncodePointer, HeapFree, HeapAlloc, LoadLibraryExA, InterlockedExchange, RaiseException, FileTimeToSystemTime, FileTimeToLocalFileTime, GetSystemTime, GetTempPathW, FindClose, FindNextFileW, FindFirstFileW, GetCurrentDirectoryW, SetErrorMode, WideCharToMultiByte, GlobalUnlock, GlobalLock, GlobalAlloc, GetExitCodeProcess, GetCommandLineW, Sleep, SetCurrentDirectoryW, CreateDirectoryW, CloseHandle, SetFilePointer, WriteFile, GetLastError, ReadFile, CreateFileW, GetCurrentThreadId, RemoveDirectoryW, GetVersionExW, GetModuleFileNameW, GetLocaleInfoW, MultiByteToWideChar, FreeLibrary, GetProcAddress, LoadLibraryW, OutputDebugStringW, SetFilePointerEx, SetStdHandle, WriteConsoleW, FlushFileBuffers, LCMapStringW
    USER32.dllDefMDIChildProcW, IsIconic, GetUpdateRect, FillRect, GetMenuItemID, GetMenuStringW, ModifyMenuW, GetTabbedTextExtentW, SystemParametersInfoW, DrawEdge, DrawTextW, PostQuitMessage, IntersectRect, SetRect, DrawFocusRect, InvertRect, CreateDialogParamA, CreateDialogParamW, CreateDialogIndirectParamA, CreateDialogIndirectParamW, DialogBoxParamA, DialogBoxIndirectParamA, DialogBoxIndirectParamW, LoadMenuA, LoadMenuW, LoadStringA, SetLastErrorEx, GetDlgItem, MapVirtualKeyW, GetInputState, GetDlgItemTextW, SendDlgItemMessageW, EndDialog, SetDlgItemTextW, DestroyMenu, GetMenuItemCount, SetWindowPlacement, GetWindowPlacement, GetFocus, CallWindowProcW, RemovePropW, SetPropW, GetPropW, UnionRect, DestroyWindow, SetScrollPos, SetScrollRange, CreateWindowExW, GetParent, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetFocus, GetSysColor, GetDesktopWindow, RedrawWindow, GetSystemMenu, UpdateWindow, SetWindowLongW, MessageBoxW, LoadStringW, DialogBoxParamW, RegisterClassW, RegisterClassExW, LoadImageW, LoadIconW, GetWindow, PtInRect, EndPaint, BeginPaint, DrawMenuBar, GetClassNameW, GetTopWindow, GetMonitorInfoW, MonitorFromWindow, GetSystemMetrics, OemToCharA, GetAsyncKeyState, GetActiveWindow, ShowCursor, SetCapture, ReleaseCapture, GetKeyState, GetWindowRect, MapWindowPoints, SetWindowPos, IsZoomed, GetWindowLongW, AdjustWindowRectEx, SendMessageW, LockWindowUpdate, IsWindowVisible, GetClientRect, SetWindowTextW, IsDialogMessageW, SetTimer, GetClipboardData, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, IsClipboardFormatAvailable, wsprintfW, ShowWindow, PostMessageW, CheckMenuItem, EnableMenuItem, GetMenu, InvalidateRect, SetCursorPos, ClientToScreen, ScreenToClient, GetCursorPos, GetKeyboardState, CopyRect, UnhookWindowsHookEx, KillTimer, SetWindowsHookExW, CallNextHookEx, DestroyIcon, GetKeyboardLayout, GetSubMenu, DeleteMenu, GetMenuState, ReleaseDC, CreateIconIndirect, GetDC, MsgWaitForMultipleObjects, DispatchMessageW, TranslateMessage, TranslateMDISysAccel, GetMessageW, PeekMessageW, LoadMenuIndirectW
    GDI32.dllCreatePalette, GetDeviceCaps, SelectPalette, RealizePalette, GetObjectW, CreateFontIndirectW, CreatePen, Rectangle, SelectObject, MoveToEx, LineTo, CreateSolidBrush, GetStockObject, SetTextColor, SetBkMode, DeleteObject, GetClipRgn, ExcludeClipRect, SelectClipRgn, GetTextExtentPointW, TextOutW, SetTextAlign, SetROP2, GetNearestPaletteIndex, SetPolyFillMode, DPtoLP, SetBkColor, Polygon, CreateHatchBrush, GetCharWidthW, LPtoDP, GetTextMetricsW, SetDIBits, CreateCompatibleBitmap, CreateRectRgn, CreateBitmap
    COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
    SHELL32.dllShellExecuteExW, DragQueryFileW, DragAcceptFiles
    DescriptionData
    CompanyNameClickteam
    FileDescriptionClickteam Fusion Stand Alone Application
    FileVersion3.0.290.4
    InternalNameStdRt.exe
    LegalCopyrightCopyright 1996-2017 Clickteam
    OriginalFilenameStdRt.exe
    Translation0x0409 0x04b0

    Possible Origin

    Language of compilation systemCountry where language is spokenMap
    EnglishUnited States

    Network Behavior

    No network behavior found

    Statistics

    CPU Usage

    050100s020406080100

    Click to jump to process

    Memory Usage

    050100s0.001020304050MB

    Click to jump to process

    High Level Behavior Distribution

    • File
    • Registry

    Click to dive into process behavior distribution

    System Behavior

    General

    Target ID:0
    Start time:18:34:12
    Start date:21/04/2025
    Path:C:\Users\user\Desktop\monkey-ascend.exe
    Wow64 process (32bit):true
    Commandline:"C:\Users\user\Desktop\monkey-ascend.exe"
    Imagebase:0xa80000
    File size:5'448'455 bytes
    MD5 hash:5B4B7DCFA65B11DFA1944348FFE17AA4
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false
    Show Windows behavior

    File Activities

    Show Windows behavior

    Section Activities

    Show Windows behavior

    Registry Activities

    Show Windows behavior

    Mutex Activities

    Show Windows behavior

    Process Activities

    Show Windows behavior

    Thread Activities

    Show Windows behavior

    Memory Activities

    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    Show Windows behavior

    Windows UI Activities

    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

    Disassembly

    No disassembly